In this case, I see a pretty strong case that this will significantly change computer security. They provide plenty of evidence that the models can create exploits autonomously, meaning that the cost of finding valuable security breaches will plummet once they're widely available.
Don't get me wrong, I do know the reality has changed. Even Greg K-H, the Linux stable maintainer, did recently note[1] that it's not funny any more:
"Months ago, we were getting what we called 'AI slop,' AI-generated security reports that were obviously wrong or low quality," he said. "It was kind of funny. It didn't really worry us."
... "Something happened a month ago, and the world switched. Now we have real reports." It's not just Linux, he continued. "All open source projects have real reports that are made with AI, but they're good, and they're real." Security teams across major open source projects talk informally and frequently, he noted, and everyone is seeing the same shift. "All open source security teams are hitting this right now."
---
I agree that an antidote to the obnoxious hype is to pay attention to the actual capabilities and data. But let's not get too carried away.
[1] https://www.theregister.com/2026/03/26/greg_kroahhartman_ai_...
As it stands this is just a marketing programme for all involved.
For Anthropic it's "we own the big scary models, the AI security space, but it's ok we're responsible"
For the partners it's "we're the Big Boys here and will look after your enterprise needs"
None of it needs any more than anecdata and some nice, pre-approved, quotes.
Every organisation does it.
Do they have a record of lying to you? No.
Go read the system card. It's a lot more tame than you think, peoples are taking pieces out of this and hyping it. Doesn't mean it's not valid.
I mean I’m sitting on $10k worth of bug payouts right now partially because that was already a thing.
> With one run on each of roughly 7000 entry points into these repositories, Sonnet 4.6 and Opus 4.6 reached tier 1 in between 150 and 175 cases, and tier 2 about 100 times, but each achieved only a single crash at tier 3. In contrast, Mythos Preview achieved 595 crashes at tiers 1 and 2, added a handful of crashes at tiers 3 and 4, and achieved full control flow hijack on ten separate, fully patched targets (tier 5).
Edit: Wait, you wrote "As someone in cybersecurity for 10+ years" elsewhere in this thread. You wrote "a small prompt" using e.g. Opus 4.6 and it found critical vulnerabilities of the magnitude they're describing, presumably without your prompt having anything beyond what a non-expert could write? I feel like you might want to tell Anthropic since clearly they're not comfortable with that level of power being publicly available.
