581
"my product is the next atomic bomb bro, I'm so scared at how much it's gonna change the world, you gotta invest bro" (thelemmy.club)
submitted 2 weeks ago by not_IO@lemmy.blahaj.zone to c/microblogmemes@lemmy.world
28 comments fedilink hide all child comments

https://cosocial.ca/@mhoye/116370957848655523

context https://tech-insider.org/anthropic-claude-code-source-code-leak-npm-2026/

https://www.securityweek.com/anthropic-unveils-claude-mythos-a-cybersecurity-breakthrough-that-could-also-supercharge-attacks/

top 28 comments
sorted by: hot top new old
[-] morrowind@lemmy.ml 71 points 2 weeks ago

In a weird sort of way it does. Consider all of the following

  1. big companies are often incompetent and inefficient in a lot of ways
  2. The mozilla foundation has confirmed the security issues that Anthropic found were real
  3. Generally over the past few years, anthropic has some of the best, most reliable models
  4. Claude code has been kinda bad for a while
  5. Claude code has been mainly bot-written for a while as well. This can lead to functional, decent code that's still terrible in many ways as seen from the leak. Also it's entirely possible that bots are worse at detecting issues in bot written code. You could argue if they were good at it, they would be less likely to write those security issues in the first place?
  6. Anthropic could have very skilled ml engineers but mediocre software developers
[-] dfyx@lemmy.helios42.de 41 points 2 weeks ago

On the other hand: if their new tool is so great, why haven't they used it to fix Claude's security issues?

[-] Croquette@sh.itjust.works 37 points 2 weeks ago

I've seen Claude prompts. They specifically asked it to create secure code.

[-] AnUnusualRelic@lemmy.world 19 points 2 weeks ago* (last edited 2 weeks ago)

Oh, that's fine then. I'm glad they've solved the problem.
Good thing they had their top people working on it.

[-] criss_cross@lemmy.world 15 points 2 weeks ago

I also add “don’t hallucinate” to all of my prompts. Works like magic!

[-] bort@sopuli.xyz 15 points 2 weeks ago

sorry for the snark, but

big companies are often incompetent and inefficient in a lot of ways

[-] Passerby6497@lemmy.world 3 points 2 weeks ago

They're usually stupid enough to footgun their own brand too

[-] kkj@lemmy.dbzer0.com 5 points 2 weeks ago

They don't claim that it fixes issues, only that it finds them. Maybe they know about all the issues but can't wade through the spaghetti well enough to do anything about them.

[-] eru@mouse.chitanda.moe 0 points 2 weeks ago

because their new tool is new and the leaked code for claude's frontend was written before mythos was considered mature enough to throw at your codebase?

[-] CheeseNoodle@lemmy.world 32 points 2 weeks ago

Guy on TV this morning saying they've 'created a new species' and I'm like yeh, you've created a group of humans so dumb that no other human would be willing to have kids with them.

[-] Elting@piefed.social 11 points 2 weeks ago

Time for the Anthropic Apologists. I’ve noticed a lot of them recently.

[-] turtlesareneat@piefed.ca 7 points 2 weeks ago

The company's shoddy opsec doesn't directly equate to the model's cabapilities. I am not one to believe anyone's hype, but I am not one to believe the AI anti-hype that goes on throughout Lemmy. A year ago, according to Lemmy, LLMs could never produce working code at scale. 6 months ago, according to Lemmy, LLMs could never produce working code that was secure enough to use in production. Now, Lemmy believes LLM can't be disruptive to cybersecurity as a whole.

In 6 months I wonder what Lemmy will claim LLMs aren't capable of.

[-] CultLeader4Hire@lemmy.world 4 points 2 weeks ago

Yeah this is very linear. Just because something sucks in someways doesn’t make in wholly incapable of other things.

[-] Omodi@lemmy.world 3 points 2 weeks ago

I still have not seen evidence that LLMs can make it easier for engineers to produce working code at scale.

[-] Zos_Kia@jlai.lu 1 points 2 weeks ago

It's not evidence, but anecdotally i have two clients who have been working fully agentic for a good 6 months and they're smashing it. Even looking at it critically they haven't been able to find any obvious negative impact on code quality, product stability or performance or security.

I think the secret sauce is that they weren't born with AI, they just integrated it into technical cultures that were already solid. In this context it does speed things up a bunch. Not a 100x multiplier or whatever dumb stuff they're pushing on Twitter, but you do get high velocity without burning out your team or sacrificing quality.

And those 2 companies i just happen to know but they're nothing special. You take any boring software company from Paris or Berlin and i'm pretty sure you'll get the evidence you seek.

[-] ParadoxSeahorse@lemmy.world 1 points 2 weeks ago

Straw men

[-] Fmstrat@lemmy.world 6 points 2 weeks ago

Billions of dollars could have paid for a lot of security engineers. Wonder how many issues they could have found and fixed.

[-] qevlarr@lemmy.world 5 points 2 weeks ago

Scam Altman hallucinates more than his AI

[-] SkaveRat@discuss.tchncs.de 6 points 2 weeks ago

Different ai company, but yeah

[-] Matty_r@programming.dev 4 points 2 weeks ago

Anthropic legitimately believes they've created a living being. Its fuckin weird.

[-] fruitycoder@sh.itjust.works 3 points 2 weeks ago

I do enjoy telling people that OpenAI was literally a cult that believed they are/were building God. Musk, and Anthropic also believe that. Facebook and Google have mixed opinions on the subject. Microsoft is content just getting the bag. Oracle is also more down to earth only hoping to build a ubiquous survelice and secret policing system.

Though a mixture of academic groups, a Chinese hedge fund, and a lot of volunteering motivated by Weird Sciencing themselves a girlfriend/daughter have also contributed a lot to the field.

[-] ideonek@piefed.social 3 points 2 weeks ago

What is the 'instruction to mislead' referring to?

[-] dwemthy@lemmy.world 13 points 2 weeks ago

Likely the directive in the source code for users internal to Anthropic that the LLM should not make any reference to being an LLM or mention model names etc in commit messages or comments. So when they contribute code to external repos it's not immediately identifiable as LLM generated

[-] CultLeader4Hire@lemmy.world 4 points 2 weeks ago

The poison pills that are there to mislead you if you try to reverse engineer it

[-] x0x7@lemmy.world 2 points 2 weeks ago

Well clearly people could use it to find security holes in their backend, since those def exist.

[-] redsand@infosec.pub 2 points 2 weeks ago

How time and cost effective is this? Like I can dump 80k in tokens into finding an exploit or spend 80k to hire a guy who will probably take longer but not give me false positives.

[-] Franconian_Nomad@feddit.org 2 points 2 weeks ago

Current models are getting decent at some things, while still being kinda shitty at other things. So this is not as contradicting as it sounds.

this post was submitted on 09 Apr 2026
581 points (99.0% liked)

Microblog Memes

11380 readers
3168 users here now

A place to share screenshots of Microblog posts, whether from Mastodon, tumblr, ~~Twitter~~ X, KBin, Threads or elsewhere.

Created as an evolution of White People Twitter and other tweet-capture subreddits.

RULES:

  1. Your post must be a screen capture of a microblog-type post that includes the UI of the site it came from, preferably also including the avatar and username of the original poster. Including relevant comments made to the original post is encouraged.
  2. Your post, included comments, or your title/comment should include some kind of commentary or remark on the subject of the screen capture. Your title must include at least one word relevant to your post.
  3. You are encouraged to provide a link back to the source of your screen capture in the body of your post.
  4. Current politics and news are allowed, but discouraged. There MUST be some kind of human commentary/reaction included (either by the original poster or you). Just news articles or headlines will be deleted.
  5. Doctored posts/images and AI are allowed, but discouraged. You MUST indicate this in your post (even if you didn't originally know). If an image is found to be fabricated or edited in any way and it is not properly labeled, it will be deleted.
  6. Absolutely no NSFL content.
  7. Be nice. Don't take anything personally. Take political debates to the appropriate communities. Take personal disagreements & arguments to private messages.
  8. No advertising, brand promotion, or guerrilla marketing.

RELATED COMMUNITIES:

founded 2 years ago
MODERATORS
ReadyUser31@lemmy.world
aeronmelon@lemmy.world
needanke@feddit.org