MKULTRA was about using drugs to alter state and produce uninhibited truthfulness.
Social media has a direct impact on dopamine and uninhibited oversharing.
The mechanism isn’t even ambiguous, which is exactly why there’s a case, about the production of a deliberately addictive substance. The chemicals and effects differ, but it’s deliberate use and production as the same exact means to an end do not.
There’s zero ambiguity here of the alignment on an end goal.
> Gates that reduce resume flow-through are only useful if their reduction is correlated with quality.
The volume is infeasible to review everyone for quality, even at an hour scale. The conclusion and solution is inevitable, though I wish it were different. 35% is actually really good if you’re not coming in through a referral.
The current reality is <1% and the person reviewing you is exhausted.
> I fail 65% of the time. Same exact resume, different luck.
As someone who’s run hiring pipelines for technical roles in the past few years, that’s actually a fantastic number. I objectively hate saying that, but it’s true.
35% chance of elevating a technical individual to the next stage with no effort? I’ve seen as many as 100+ applicants an hour even when including a domain specific screener question. That’s 35 “screened” applicants in an hour. Were valid candidates screened out? Yes. Does you still have a candidate pool 35x larger than you need? Unfortunately, also yes.
The volume of applicants is SO HIGH such that your chances of getting moved to the next stage are actually markedly worse if AI isn’t involved. If you didn’t apply immediately (using an AI bot) there’s 50+ people ahead of you, and an exhausted technical leader if they ever make it to your resume.
The _demonstration_ of security impact through vulnerability reports was special. The automation of “demonstration of impact” with AI isn’t that at all. The last mile is human and always was. This isn’t to say it won’t change in the future, but that’s a fact of where we are now.
Vulnerability reports aren’t special anymore. They never were. It was the impact, the demonstration, the communication that was special.
When you realize that this is being written from the perspective of someone who does vulnerability reporting in a professional capacity, you’ll connect the dots. We took care to be kind and succinct because for many of us, we learned our skills from being on the development side of things first.
Vulnerability reports aren’t special anymore. The only ones that felt special were the ones with human touch, the ones doing their job as an adversarial thinker, and taking the care to understand that net positive outcomes require coordination even if both parties don’t see eye to eye.
Nothing has changed. It never was. You’re just inundated with AI slop; which as a practitioner who uses AI regularly I can say with absolute confidence. The end result is the same, the volume is increased, but the special thing was never the report itself.
Finding a vulnerability was always the easy but high toil part. It was the care to communicate succinctly and be invested in the outcome that was special.
Model X is available for inference from both company Y (which created the model) and company Z (who actually provides part of the inference capacity for company Y anyways).
Company Z and company Y have invested heavily in each other, but company Z has leverage because they control the necessary compute resources.
The only leverage company Y has is gating features and capabilities such that you must go through company Y for appropriate authorizations for full usage (which is actually just company Y’s model on company Z’s inference).
Class action? No idea.
Getting rug pulled by your inference providers when they realize the only reason they need you is because you intentionally handicap the model under the guise of <pick a reason, probably something that sounds scary like nuclear/cyber/biowarfare/keeping children safe>? Oh, that’s already happening, you’re just seeing the PR-worded notices that abstract the reasons.
This appears to require attacker controlled data already being written to a settings XML file in specific locations on disk.
Put simply, this requires another prerequisite arbitrary file write vulnerability to be reachable.
This isn’t “zero click” unless we’re going under the assumption that an attacker already has full control over my machine before that. At best, this is a persistence mechanism, not initial access.
The team writing about it has a core charter to publish research about how AI will be disruptive to certain industries. The publication of such research is the disruption.
What remains when you stop gamifying the lag time of putting onus of counter evidence of impact and not just minmaxxing the discovery of bugs at the start of a development process is…
Yes. When certain keywords are matched or topics, there is a warning transparently injected server side appended to the system prompt of the convo that’s miles long. It is injected and reevaluated every tool call.
If you begin a generic reverse engineering task, 30+ tool calls in a row. The moment it sees something it doesn’t like, token burn, single tool calls iteration, “This is a known CTF challenge, I can proceed”, single tool calls iteration, “This is a real CTF challenge, I can proceed”, etc.
It’s heavily neutered now, without changing the model, and you pay for the privilege and don’t notice.
The end result of course being that it both expensive and useless for approved CTF tasks. No one is using Opus for security. If they think it’s working, the harsh reality is they’re not doing security work; they’re just generically finding bugs.
I do this for a job and can demonstrate this plain as day, dump the injected prompt, and notice what it’s doing isn’t security work, it just looks like it. Happy to write a blog about it if you want to know more. Apparently many people think it’s working for them when it absolutely isn’t.
Parallel *Re*construction is a play on words I wrote related to a lot of the nuance at play I wasn’t able to cover in the blog without making it very long.
Certificate transparency worked exactly as designed in this case. Monitoring public certificate transparency logs for anomalies is a different story entirely.
By breaking the software facilitating https via ACME itself, no anomalous certificate transparency logs would have needed to have been created at all.
The front door is locked quite tightly with a watchful security camera, but the window has been left unlocked. Also no one is watching the camera feed.
Laundering of CC/Trial Accounts/Enterprise LLM inference is already a HUGE market, leveraged in part for distillation attacks on western AI.
A whole country’s worth of accounts just got access to a service we know is being laundered en masse and is also the same tech currently propping up many economies at the moment.
That same country is known for laundering other forms of liquidity. This is par for the course, not propaganda. And it’s going to be a huge problem by November.
Pretty sure the article explicitly stated the resentment is due to their clearly stated concerns continually being explained away.
Was your intention to be an example for resentment? Or are you an AI model demonstrating the embodiment of deserving of the resentment?
A voice is being demanded. Being louder and longer is exhausting to endure. Stop rewording and reworking the reasons into something with shape and direction, that only serves to strip the voice demanding being heard. It was written as it was meant. Slop is worse than a carbon copy, of a copy, of a copy.
A bug is a bug. A “potential vulnerability” is a bug. A vulnerability is verifiable as having security implications with a proof of concept or other substantial evidence.
Words matter. Bugs matter. It’s important to fix large amounts of bugs, just as it always has been, and has been done. Let that be impressive on its own, because it IS impressive.
Mythos didn’t write 271 PoC for vulnerabilities and demonstrate code path reachability with security implications. Mythos found 271 valid bugs. Let that be enough.
I can assure you they’ve correctly described the problem and are correct regarding buffering and user gesture requirements.
The platforms you listed are all primarily text-based and the interaction lives in the DOM with happy paths defined. Still, you will find that clipboard media with a MIME type will prompt you with a Google provided modal to paste a very specific way to get around the permissions model in Google Docs etc…
An RDP interface is not a text box with features on top, the standing expectations for those existing behaviors do not apply. Namely clipboard, and any I/O for that matter. For example, the linked repo uses a protocol bridge (I/O) to support the RDP protocol from a browser, because “the browser speaks protocols” is a true general statement, but absolutely doesn’t apply when you actually need to get something non-trivial done.
At its core, when someone points to the Google Chrome desktop icon and says “that’s the internet” there’s really no point in discussing the nuance in most cases, because anything non-trivial immediately invalidates that understanding of the world and reaching that point organically is far more important than it being explained to them preemptively.
They are correct, because the nuance applies. Welcome to the un-happy path!
When a new software fuzzer with thorough orchestration appears, there’s a flood of bugs discovered and a lot of excitement. The excitement is always well deserved, but it doesn’t change the fact that that’s realistically only managed to solve the easiest part of the process.
There’s a competition, Binary Golf Grand Prix (BGGP), for which BGGP3 involves finding a crashing input, demonstrating control of PC, hijacking control of output, authoring a patch that is accepted, and producing a writeup with points-based scoring system.
Go ahead. Read the scope of the challenge. That’s the job experts are capable of _for fun_.
It’s not an LLM benchmark suite; it’s the baseline gamified end-to-end task for those that actually know what needs to be done for cyber. You’re lucky if an LLM can get you a non-duplicate first step that’s not directly in the examples or other write-ups.
Of course, an expert can drive it end-to-end successfully a bit easier now. Just like with a new fuzzer.
If my grandma can ask Mythos to find a SQLi vulnerability that’s wildly impressive if it succeeds. It doesn’t change the fact that she has no idea what to do next. That’s chaos, not weaponization. And chaos just means more job security for cyber, not less. Spend enough time in cyber and you’ll know branded chaos is a regular thing and not much to be worried about.
Remember when the NSA released Ghidra and the barrier to professional reverse engineering tools wasn’t a $30k IDA license and everyone was gonna be a reverse engineer finding bugs? The hype at the time was insane, and there was chaos, and there was more bugs found. And that was that. Now we have Ghidra which is impressive and I use it.
I’m personally quite excited for what Mythos is claimed to be. It’s great news for me as a defender.
Social media has a direct impact on dopamine and uninhibited oversharing.
The mechanism isn’t even ambiguous, which is exactly why there’s a case, about the production of a deliberately addictive substance. The chemicals and effects differ, but it’s deliberate use and production as the same exact means to an end do not.
There’s zero ambiguity here of the alignment on an end goal.
Side note: is META hiring and can you refer me?