La nouvelle IA de Claude vient de changer Internet pour toujours
AI Summary
Anthropic has unveiled a new model called Mythos, which is described as their most powerful creation to date, reaching a "stratospheric" level of capability. Mythos can find security vulnerabilities over 27 years old and crack systems that 5 million automated tests failed to compromise, making it an "insane" and "war machine" model. However, its use is restricted to a very small, hand-picked group of individuals, raising questions about whether this is a marketing tactic or a responsible decision by Anthropic concerning a powerful model. The speaker believes it's both, but that the real, unaddressed issue is something else.
This video will explore what Mythos truly does, an unmentioned announcement Anthropic made on the same day as Mythos, the questionable "Glasswing" project, the concrete implications for those in the AI or AI services industry, and the speaker’s personal reflections.
Mythos is not just a cybersecurity model, despite how it's often presented. It's a generalist model that became so proficient in coding that it learned to break its own code autonomously. This is likened to training the world's best locksmith; they weren't taught to burgle, but their deep understanding of locks and keys allows them to open almost anything. Benchmarks highlight Mythos's exceptional performance: on SWE Bench, a standard test for bug fixing, Opus achieves 80% accuracy, while Mythos reaches 93%. In a common cybersecurity benchmark, Opus scores 66%, whereas Mythos achieves 83%. These figures demonstrate Mythos's significant lead over other models in terms of performance, security, and vulnerability discovery.
Mythos's real-world capabilities, as documented by Anthropic, are remarkable. It found a 27-year-old bug in OpenBSD, an operating system renowned for its security, a flaw from 1999 that could crash any server remotely. It also discovered a vulnerability in FFmpeg, a background software used by platforms like YouTube, VLC, WhatsApp, and Netflix for video processing. This bug had eluded 5 million automated tests over 16 years. Another impressive feat was its ability to chain four vulnerabilities to gain total control of a browser or operating system. This "chaining" is compared to a burglar combining several small oversights—an open window, a loose lock, a miswired alarm, a forgotten badge—to completely take over a house's security system from the inside. These exploits demonstrate Mythos's superhuman power.
Furthermore, Mythos was launched in isolated containers without internet access, given only a software's source code. It analyzed the code to hypothesize vulnerabilities, then ran the software to test these hypotheses, adding debug code and using debuggers to confirm or reject them. It iterated this process until it found a vulnerability, then generated a comprehensive bug report with a functional exploit and reproduction steps. This mirrors the process of a human cybersecurity expert or hacker, but Mythos performs it in minutes, whereas humans take days, weeks, or even months. This speed is "absolutely insane" and all documented by Anthropic.
Beyond these exploits, the speaker is interested in Anthropic's unmentioned actions. Anthropic consistently follows a pattern: release impressive stats for a new model, highlight its frightening potential, and then claim it's "too dangerous" and needs help controlling. This creates fear and panic, allowing them to dictate their narrative, much like OpenAI did with GPT-2, which was initially deemed too dangerous to release but later proved harmless, suggesting a marketing strategy disguised as precaution.
With Mythos, the situation is "not quite" the same, making it intriguing. Anthropic is executing an exceptional marketing and positioning strategy. Suspiciously, the Mythos announcement coincided with their report of generating $30 billion in revenue this year, tripling in less than a year and surpassing OpenAI. They now have over 1000 enterprise clients paying more than $1 million annually, a number that doubled in two months. They also secured a compute deal with Google and Broadcom to enhance performance. Announcing "we're too responsible to release this model" on the same day they reveal generating "10 times more revenue than anyone else in the industry" is deemed a "masterclass in marketing and positioning."
However, this time, there is concrete evidence to back their claims: FFmpeg confirmed the bug patch, OpenBSD vulnerabilities are real, and technical performances are verified. While the claims aren't "all talk," the timing, announcement style, language, and packaging are meticulously calibrated from a marketing perspective, urging caution. Someone summarized it by saying Mythos was named because "no one will ever see it," suggesting a hidden agenda.
Anthropic faces a dilemma: Mythos could secure the entire internet but, in the wrong hands, could also break it globally. There's also the problem of proliferation; what Mythos does today, smaller open-source models will likely achieve in the coming months, meaning future models will be increasingly better at coding and hacking.
Amidst this hype, Anthropic announced Project Glasswing. This project dictates that Mythos will not be publicly released nor kept under wraps. Instead, it will be given to "defenders first." This "archi smart" move involves 12 launch partners: AWS, Apple, Google, Microsoft, Nvidia, Cisco, Crow Strike, JP Morgan, Palo Alto, Broadcom, and the Linux Foundation. They've committed $100 million in credits and $4 million in direct donations, and are in discussions with the US government. On paper, this is groundbreaking, marking the first time a major AI lab has stated, "We built something too powerful to release, but here's our plan."
The "unspoken" aspects are the timing—coinciding with massive revenue announcements—the partnerships, and the "desire for the forbidden." This is a masterclass in marketing, generating 18 million impressions for their announcement post. They've effectively communicated that the model is ultra-powerful, too dangerous for public release, but they have a plan to give it to tech giants to defend the internet. This strategy is described as "brilliant."
For individuals, the immediate impact is minimal. Software will likely become safer without users noticing, as companies like Apple and Google will integrate this technology. For those selling AI services, this confirms a fundamental shift: a model's value isn't just in public benchmarks or raw performance, but in its application within a specific context. Mythos wasn't trained for cybersecurity but for coding excellence, which translated into security capabilities. This mirrors the speaker's agency, Wolf, which specializes AI models for client-specific contexts—their data, processes, and industry—to deliver exceptional services. The thesis is that an extremely powerful model isn't always necessary; a good model, well-adapted and integrated into a business's environment, is key.
The speaker, Simon De Lima, with three years in AI and a background in insurance, emphasizes that expertise doesn't become obsolete but transforms into a filter for AI's output. While AI can generate content, human expertise is crucial for discerning accuracy, providing context, and guiding the AI. This means prioritizing business and expertise before technology ("Business first, AI does the rest"). Individuals should leverage their professional expertise (or that of family members if they're new to the workforce) to integrate AI into their fields, rather than being replaced by it. The speaker did this in insurance, using his industry knowledge to help insurers with AI, succeeding because he understood their specific context.
In conclusion, the advice is not to panic, but to position oneself to control AI rather than be controlled by it. Anthropic's move is deemed both ethical and strategic, an alignment that leads to impactful, long-term decisions rather than mere profit or altruism. Anthropic has set the rules of the game, being ethical yet strategic. The question remains whether others like Google, OpenAI, and Meta will follow suit when faced with similar dilemmas, as Mythos is a signal that future models will continuously improve, especially in hacking, regardless of developers' intentions. The curve of progress is not flattening, giving defenders a temporary advantage.