Hacker News new | past | comments | ask | show | jobs | submit
hootz | on: Claude Fable 5
My bet is that Mythos is still over-hyped and the cybersecurity fear and guardrails are mostly marketing to force company partnerships through Glasswing and get public attention.
miohtama | parent | next
Mythos is from the same guy who did "GPT-2 is too dangerous to release"

https://naokishibuya.github.io/blog/2022-12-30-gpt-2-2019/

oceansky | root | parent | next
He was kinda right.

Lawyers, doctors, students, teachers. Lots of people using GPT models carelessly in harmful ways.

alasano | root | parent | next
Obviously not what he meant at the time but hilarious(ly sad) in retrospect.
dmix | root | parent
Delaying a technology release is not going to stop that in the long term. Society, culture, and the support tooling just needs to adapt. Just like how AI coding is still in the early days.

The sooner people learn the risks and build the infrastructure to make it fail less the better.

uselessTA | root | parent | next
The claim I remember was that releasing it would start an arms race for AGI, which was absolutely true
notnullorvoid | root | parent
If it was truely an arm's race to AGI they would've stopped relying on the data/param scaling law BS ages ago.
killerstorm | root | parent | next
"Malicious use" means spam, propaganda bots, etc. It's nice to give people who work on spam filters some heads-up.
supern0va | root | parent
It's clear that the parent didn't bother to read the link they shared, which articulates exactly this. That's embarrassing.

From the link:

> They summarized their findings from the nine months:

> 1. Humans find GPT-2 outputs convincing.

> 2. GPT-2 can be fine-tuned for misuse.

> 3. Detection is challenging (detection rates of ~95% for detecting 1.5B GPT-2-generated text by RoBERTa).

> We’ve seen no strong evidence of misuse so far.

> We need standards for studying bias.

>

> All these points are valid, and OpenAI did a great job identifying potential risks, especially misuse and biases, at an early stage.

riknos314 | root | parent
> All these points are valid, and OpenAI did a great job identifying potential risks, especially misuse and biases, at an early stage.

Many of the OpenAI employees who were focused on these risks in GPT-2 later founded Anthropic, notably Dario [1]. Since the beginning and continuing through today Anthropic describes itself as an "AI safety and research company" [2]

I'm not sure if the OpenAI of today has the same focus on safety, or if they do the minimum to not look irresponsible given Anthropic's effort.

[1] https://en.wikipedia.org/wiki/Dario_Amodei

[2] https://www.anthropic.com/company

supern0va | root | parent
Just to be clear: that is quoted text from the source and not a statement I'm making, in case that's what you're suggesting here.
InsideOutSanta | root | parent | next
People quote the "GPT-2 is too dangerous to release" thing as if it were wrong, but given all the slop all over social media and how it's used to create division and attack social cohesion, he was clearly right.
1attice | root | parent
History is long and never over, so he could easily be right both times before this is through.
Flere-Imsaho | parent | next
The UK gov disagrees with you:

https://arstechnica.com/ai/2026/04/uk-govs-mythos-ai-tests-h...

https://www.aisi.gov.uk/blog/our-evaluation-of-claude-mythos...

ainch | root | parent | next
AISI did also say that GPT-5.5, which has been public for months, scores basically the same as Mythos on their cybersec evaluation. But there wasn't as much media about about that for some reason.

https://www.aisi.gov.uk/blog/our-evaluation-of-openais-gpt-5...

cxvrfr | root | parent
Government of the least mismanaged country in the world?
mhh__ | root | parent | next
AISI is basically the crown jewel of the British government at this point in that its actually pretty good.
HDBaseT | root | parent
You mean the most mismanaged country?
geerlingguy | parent | next
Bingo.

"We had to do extra work to make this safe because it's so advanced and dangerous..." how many times can they trot out that line before it loses its effect entirely?

copperx | root | parent | next
Only three times, if fables are right.
TaupeRanger | root | parent | next
The Startup Who Cried Unsafe, by AIsop
aesthesia | root | parent | next
I mean, they do actually describe what that extra work was, and people elsewhere in this thread are complaining about the effects of those safeguards. So it's not like this is purely empty rhetoric.
zem | root | parent
people are not questioning whether they did the work, they are questioning whether the work was really necessary (i.e. if mythos is really so good that it needs safeguards to prevent malicious actors from using it)
OtomotO | root | parent
With homo "sapiens" "sapiens"? A few decades at least.
bel8 | parent | next
It worked for OpenAI when GPT 3 was deemed too dangerous to be released. This is just a spin of that.
hootz | root | parent
I still remember it. "Open"AI going API-only because GPT-3 is really really dangerous, so forget the Open in our name and all of that, you can't download our models anymore and must request access to them because they pose a THREAT.

Fast forward to today and GPT-3 has laughable performance.

shoeb00m | root | parent
Even back then there were plenty of people who got fooled by AI generated articles. It's easier to spot AI writing now because we are so used to it. They were right to be concerned; not that it achieved much since oss models run laps around gpt-3 now.
hootz | root | parent
But it seems like that was not genuine concern, but instead a tactic to pivot to closed models and an API service with an excuse to do so, breaking the public's expectation that they would be a non-profit making open models, like their name implies.
CSSer | parent | next
Yes, and "in collaboration with the U.S. Government" feels like a very gross ploy at appeal to authority. You don't need Mythos or really any SotA frontier model to make malware or do extensive penetration testing/reconnaissance already. Sure, Mythos might be faster/more efficient, but the cat has been out of the bag for awhile. Even the terminology "infrastructure providers" practically screams "Enterprise leads".
whazor | parent | next
I think all models can find vulnerabilities if read the entire code base. Or intelligently combine parts of the codebase. Especially with test loops.
teaearlgraycold | parent | next
I know a security researcher at Google with access to Mythos. He says it's the "real deal" and that "there are career plans I had that are no longer viable".
zeroonetwothree | root | parent
“trust me bro”
teaearlgraycold | root | parent
He could be incredibly naive. We'll all find out with time.
toddmorey | parent | next
I fear it's a smokescreen to manage cost and capacity.
ls612 | parent
And to ensure that only USG-approved entities are allowed to secure their code.