im late to the loops discourse but from what i'm seeing it's mostly about creating a loop from your asshole back into your own mouth?

What's your solution for rapidly increasing supply chain attacks on packages?

"Urgent Security Notice re: Your Sentry Organization" Someone tried to hack Sentry-using apps that use coding agents by 1. Sending a fake bug alert to their project (all you need is the app's public Data Source Name) 2. The fake bug tried tricking a coding agent trying to fix it into installing some a compromised NPM package 3. The compromised package would send the env contents of the machine to advisory-tracker[.]com/api/v1/telemetry This highlights a crucial thing for using agents in an automated way:

We asked @ZackKorman which threats he think are underrated in the era of fast-advancing AI capabilities. " I basically consider some cybersecurity vendors, like, equivalent to threat actors."  "That will lead to more problems than any of the vulnerability apocalypse discoveries that AI is causing. That is a handleable problem, whereas the information asymmetry problem is, like, not... Like... I have no answer."

"Agentic harness" and "backend" are the same thing.

Warden is already at $25k in cost this month using almost exclusively Sonnet. We're still a couple orders of magnitude off from where costs need to be for this level of capabilities. Or we need capabilities to jump several orders of magnitude (which seems less likely).

A lot of people have been wondering about Mythos, Glasswing, and the vulns we / our partners are fixing. Today, I’m excited for us to start sharing more. (For context, I lead Glasswing @AnthropicAI.) Two independent evaluations this week—from XBOW and the UK AISI—confirm what we've been seeing internally: Claude Mythos Preview is a step change in autonomous cybersecurity capabilities. We need to start preparing fast for a world of models with this level of capabilities. The UK AI Security Institute tested the model we shipped at the launch of Project Glasswing and found Mythos Preview is the first model to solve both of their end-to-end cyber ranges, including one (Cooling Tower) which no model had ever cleared. But attackers (and defenders) have sophistication & cost constraints – Mythos is also the only model that clears every one of their tasks estimated over 8 hours under their deliberately low 2.5M-token cap. XBOW tested it on their offensive security benchmarks, finding "token-for-token, unprecedented precision." It's the only model to succeed at subtle V8 sandbox work. Other Glasswing partners shared similar stories. In a few weeks of testing, Mythos Preview has helped them find many thousands of (estimated) high critical severity vulnerabilities, sometimes double what they'd normally find in a year. I don't share this to boost Mythos. In fact, this is not about Mythos. It’s about preparing for the coming world of models being better, faster, cheaper, and more creative than some of the best human experts at dual use capabilities. Clearly, we need them supporting defenders as widely as can be done safely – and especially the least resourced ones. Within a year, Mythos will probably look quite dumb (relative to other new models). And others may release openly available or unguardrailed models of Mythos-level capabilities. We started Project Glasswing because capabilities like Mythos Preview's won't stay rare, or stay in careful hands. We are bringing it to defenders as fast as we responsibly can, while working to figure out, for example, the right safeguards and patching & disclosure processes. Also, to be clear, compute has never been a limiter in our rollout. Expect a fuller update on our Glasswing work in the coming days. XBOW report: xbow.com/blog/mythos-offensi… UK AISI report: aisi.gov.uk/blog/how-fast-is…