I take a very different lesson from Glasswing. Is your business willing to make the brutal decisions needed if 30 zero days drop at once? Saving your infrastructure from Mythos is pointless if the business isn’t going to shut down the product because you haven’t fixed the actual problem.
Are you readying capacity to deal for this? Are you building the right systems to free up engineering? Those are the questions you should be asking and not how to isolate a mythos level agent if you ever get to run one.
The latter is an intellectual exercise, the former is getting ready for the escalation in cybersecurity that’s coming.
That’s a great way to frame it. Glasswing feels like a containment response, but the real pressure is operational. If multiple zero days hit at once, it becomes a business decision, not just a security one.
Very interesting, concerning, and frightening all at the same time. But something I see happening is organisations forgetting about proper Systems Thinking and Architecture designs when jumping into AI. They are just trying to plug it in and expecting it to work without thinking through the consequences.
Does it surprise me this found security issues in old code - not really. Back in my early engineering development days I would be regularly finding and fixing issues in commercial software. Where we have legacy industries like FS&I there will be latent issues not found - the issue isn’t that these kind of models can find them - it’s that criminals can more easily find zero day exploits.
Completely agree. The bigger issue isn’t that models can find these vulnerabilities, it’s that they compress the time it takes to discover and exploit them. What used to take skilled humans days now happens in minutes.
And like you said, legacy systems were already fragile. AI just makes that fragility visible and exploitable
I take a very different lesson from Glasswing. Is your business willing to make the brutal decisions needed if 30 zero days drop at once? Saving your infrastructure from Mythos is pointless if the business isn’t going to shut down the product because you haven’t fixed the actual problem.
Are you readying capacity to deal for this? Are you building the right systems to free up engineering? Those are the questions you should be asking and not how to isolate a mythos level agent if you ever get to run one.
The latter is an intellectual exercise, the former is getting ready for the escalation in cybersecurity that’s coming.
That’s a great way to frame it. Glasswing feels like a containment response, but the real pressure is operational. If multiple zero days hit at once, it becomes a business decision, not just a security one.
Very interesting, concerning, and frightening all at the same time. But something I see happening is organisations forgetting about proper Systems Thinking and Architecture designs when jumping into AI. They are just trying to plug it in and expecting it to work without thinking through the consequences.
Does it surprise me this found security issues in old code - not really. Back in my early engineering development days I would be regularly finding and fixing issues in commercial software. Where we have legacy industries like FS&I there will be latent issues not found - the issue isn’t that these kind of models can find them - it’s that criminals can more easily find zero day exploits.
Completely agree. The bigger issue isn’t that models can find these vulnerabilities, it’s that they compress the time it takes to discover and exploit them. What used to take skilled humans days now happens in minutes.
And like you said, legacy systems were already fragile. AI just makes that fragility visible and exploitable