The time horizon is unknown sometimes. One example event, "what will happen before GTA VI?" with markets like "China invades Taiwan" and "Jesus Christ returns." The NO for the second one is only 52c rn. Maybe that resolves if GTA VI is permanently canceled?
Yeah, those sorts of bets seem clearly bad unless there is an explicit time limit on them. Factoring in how long your capital is locked up in the bet and the opportunity cost of it being locked up has to be accounted for in determining your expected gains.
It doesn't matter if a vast majority of people are not rational economic actors. It only takes 1 rational actor with enough capital to take the other side of all the bad bets, and the market will be priced correctly even if the other 99 people are irrational.
'Enough' [capital] is doing a lot of work in that sentence. In the limit of a one-sided irrational market, the 'rational actor' would need to take the other side of every open transaction.
What makes you say it is a bad business decision? It seems to be a fine decision to make for things like AWS, since when it goes down, a ton of websites go down and no one blames the site.
There is no way to know whether it is a good or bad business decision just because they can go down when a third party goes down. For example, if you save $50 million a year by firing half your employees and replacing them with AI, but you lose $10 million a year because your site goes down when Claude goes down, then you made a great business decision.
Oddly, I do not think you are wrong. In a pure money calculus exercise, this seems like a no brainer. Naturally, the math gets iffy the moment we are trying to capture something less tangible like 'customer may get sufficiently annoyed to drop us altogether' or 'we are no longer a respected company' or what MBAs would call 'unexpected goodwill extraction'.
I honestly don't care nearly as much as I used to, because I used to be more upset over this. Now, I simply wait to see how much is enough to rile up average Joe and Jenna.
On the other hand a competitor site that is up (or bricks and mortar competitors) might get a lot of business when AWS goes down. If you depend on AWS for operations it might be a lot more expensive than that.
Mostly I think its that management does not blame the person who picks AWS. Its another iteration of "no one got fired for buying IBM/Microsoft".
It is also an issue at other levels: if all a county's businesses rely on AWS (let alone its government) then that gives the US huge leverage over you (sanctions would shut down your economy).
This is exactly my point, though. I was simply stating that you can't be sure it is a bad business decision just because it goes down sometimes. It isn't immediately obvious from that single fact whether the business decision is good or bad, it is simply one factor to consider. Occasional downtime isn't an immediate business killer for every business.
That would require AWS to actually be down a lot, and it’s not. Betting your business on AWS being flakier than whatever alternative provider you use is probably not a good idea.
No it would not require that. Suppose you are one of 10 competitors. The others all use AWS.
Your system is down as often as AWS. When you are down your lost sales are shared between 10 of them. When AWS is down you get all their lost sales.
Obviously very simplified, but you get the point. There might be a huge gain in being up when others are down.
> Betting your business on AWS being flakier than whatever alternative provider you use is probably not a good idea.
You are not betting your business on it. You are betting the consequences of downtime only.
AWS does not seem to be all that high reliability out of the box. You can use multiple availability zones etc. but you can do the equivalent elsewhere.
hundreds (thousands?) of companies who based their business on capabilities built around someone else's API. Companies that had important features stop working because a company's API terms and conditions changed. Were you not around for this?
It looks like it shouldn’t be an issue… it is just a wrapper around CLI calls to the official Claude code. It would be indistinguishable from the Anthropic side, and it isn’t even doing anything hacky or impersonating the official client.
This is my interpretation as well, Anthropic wants to be in full control of the connection between the client and their servers, and that's compatible with what
I'm trying to do.
Probably not. "This model is too powerful for the public" can also be interpreted another way, which they've also strongly hinted at - the cost/benefit ratio of the upgrade is negative for the vast majority of all users. Finding vulnerabilities is one of the few cases where it makes sense to use it.
Their writing about the model so far does say this is an issue where, for instance, you can't really use Mythos for interactive coding because it's so slow. You have to give it some work, go home, sleep, come in the next day and then maybe it'll have something for you.
All the AI labs and startups are still losing money hand over fist. Launching Mythos would require it to be priced well above current models, for a much slower product. Would the majority of customers notice the difference in intelligence given the tasks they're setting? If the answer is no, it's not economic to launch.
Really, I'm surprised they've done Mythos. Maybe they just wanted to exploit access to larger contiguous training datacenters than OpenAI, but what these labs need isn't smarter models, it's smaller and cheaper models that users will accept as good enough substitutes (or more advanced model routing, dynamic thinking, etc).
We've had such models before. GPT Pro, Gemini DeepThink. Mostly targeting science advancements as opposed to security research, but still, in a way Mythos is just more of the same.
Bug bounties don't reflect the market impact of the vulnerability though, just the amount needed to incentivize white hats to do research they wouldn't otherwise (or that they would target to other platforms that pay higher bounties). You need to look at market prices for zero days on the black market to get closer.
Bug bounties reflect what companies are willing to pay to find bugs. Mythos would have to be more expensive than that (probably considerably so) to not be worth its cost. If you are saying that finding bugs has significantly more value than reflected by bug bounties, then that strengthens my point.
This happened before with GPT-2 being touted as "too dangerous to release"[0] at the time by OpenAI. I don't think that means every model will be safe to release in the future, but nothing I've read about Mythos seems like it's going to be different this time.
It's going to be a slightly better Opus. Every model released by any provider since 4o has been a modest improvement but over-hyped. Opus 4.6 included.
I believe they are starting to split hairs and the primary lever left is adding compute.
Yeah the only thing that will be left is to scale up compute and pray it creates escape velocity. Which frankly has been Sam’s whole thesis in raising money.
Their main motivation of the model being too dangerous is predicated on their discoveries in its ability to find exploits in commonly used software. The idea is that if this were served on a public API, it would massively increase the scale and scope of what malicious actors could do.
I think it's a reasonable choice to make given that Mythos actually does have cyber capabilities on that level. We already have evidence that large-scale scams are being perpetuated using AI models (such as AI video being passed as real, people deepfaking themselves in job interviews).
If you've noticed your new model can be trivially pointed at some open-source codebase with a prompt and harness that amounts to "find as many exploits as possible" and your results are non-trivially substantial and beyond what existing models can do given the same initial parameters, then a gated rollout seems the most reasonable option.
If it would be as simple as using the prompt "find as many exploits as possible", then Mythos could be said to be dangerous, because its use would require much less skill than is needed when using the older models for the same purpose.
However, this claim is not true.
Anthropic has not given many details about the methods used, but nonetheless they have admitted using a very elaborate harness for finding bugs, which runs Mythos many times on each file of a project, with increasingly specific prompts.
Eventually, after a bug seems to be clearly identified, they do a final run of Mythos on that file, with a very specific prompt of the form:
“I have received the following bug report. Can you please confirm if it’s real and interesting? ...”
So the final results, including any exploits or patches, are produced when analyzing a known bug, not by searching randomly for bugs.
Thus the actual way to use Mythos is very far from "find as many exploits as possible". Any unskilled person would also need the complete bug-searching harness used by Anthropic, not only the bare model.
I feel like "this model is too powerful for the general public" was really just the equivalent of responsible disclosure, with the "too powerful" bit just a positive marketing spin like you say.
That is, Mythos will make it much easier to find lurking zero days, so just like responsible disclosure requires a security researcher to notify the software author first and give them some time to patch, giving critical infrastructure folks at least some time to analyze and patch systems seems reasonable to me.
Yup, this whole thing is quite typical for my generations attempts at activism: they always end up as marketing pawns for the very thing they set out to stop.
This whole "this model is too dangerous" ploy originated from (in my opinion severely misguided) activists who wanted to stop or slow AI development down as much as possible, spreading outlandish Doomsday scenarios wherever they could.
These online-first activists have always been a key driver of the success of the very thing they fight. They share the offending thing among themselves, making it go viral in process, and soon baiting these groups is the best marketing imaginable.
There were some rather interesting studies made on the subject around 2011, I particularly remember one made by Swedish jeans brand cheap Monday, but i can't find it now.
> online-first activists have always been a key driver of the success
Eh, pressing X to doubt that. Maybe way back in the early GPT days, but once we got to GPT-4 these people could have completely disappeared and wouldn't have changed the trajectory we're on.
> This feels really premature. The announcement was a week ago. The “this model is too powerful for the general public” sounds like marketing to me.
Anthropic was born out of the idea that they feel paternity over humanity. They believe by limiting access they are performing a necessary pillar of security in multiple facets.
I think it's up to the public, and articles like this are part of the public's voice, whether this belief is serious or not and secondarily whether it's okay to even posture this kind of belief since it inherently results in marginalizing the many and rewards an already very successful few.
For me, the seeming majority optimism and acceptance of “mythos’” as yet untold capabilities is betrayed as not real by the fact that one can’t react to it with the same reverence while framing it as a downside without being told “it’s not even out yet”.
“It’s not even out yet” should apply to both situations or neither.
Anthropic marketing is working very well. They are strongly incentivized to say their model is too powerful to release even if it’s not. It’s almost standard practice these days.
> The “this model is too powerful for the general public” sounds like marketing to me
I tend to agree here. Anthropic has built a reputation and now they are in a position where they can claim to have a model way more powerful than it might actually be, and by limiting its access, there won't be an independent way to test it. I'm not denying that it's not smarter than Opus, but probably it's somewhat exaggerated.
There’s a drain clog clearer sold in a jug like all the rest. But they wrap the jug in a thick clear bag. The implication is clear - this stuff is so powerful it’s extra dangerous.
No. That stuff is sulfuric acid and it needs secondary containment during shipping, which the ordinary drain cleaners (usually diluted sodium hydroxide) generally do not.
This is correct. That stuff is also horrible for cast iron pipes which are code mandatory in many cities such as NYC. Doesn't stop stores from selling it or stupid people from using it in their cast iron pipes.
OK that is true and I didn't mean to imply it was happening everywhere. Sorry to offend. At the same time, my point that "it's not always just bureaucracy" is sadly still quite true too.
I don't know. When I was laid off, I had no questions about my identity or self worth. I knew it wasn't any fault of mine, the company was just failing because the business plan was bad.
My worry was how I was going to manage my budget, how long my savings would last, etc. It was 100% practical concerns. I didn't worry about my identity, I worried about my mortgage. I knew I had savings to last many months, but not savings to last many years.
My concerns could not be helped by taking time for hobbies or my kids. That wasn't going to pay my bills.
It seems strange to me that this article seems to imply that once you come to terms with being unemployed, your life will be fine. This is completely counter to my own, and I think most people's reality.
Following along with this, I find the real hits to self-worth post layoff are in the process of finding that next job. Even when you have a job, a serious job search can be exhausting and, depending on the feed back you're getting, really whittle away at self confidence.
But when you can feel the financial timer ticking, you continually start to question yourself and, dangerously, drop your standards. Desperation is a serious trap that can easily lead you to a situation where you are less likely to succeed (despite believing that dropping standards will increase you chances), leading to even further anxiety and insecurity. It's one thing to get rejected from a dream job, but getting rejected from something you internally think is beneath you really stings. Ironically I've found it's in desperate times that confidence and self respect is the most valuable. Clearly, this is much easier said then done.
For people with some financial buffer, you can afford the time to clear your head, and focus on finding something that will lead you to success. Without it, it's possible to have someone who could otherwise end up working for a place like Anthropic getting rejected from a small town startup offering half their previous pay (being a bit hyperbolic here, but I've seen situations like this narrowly avoided).
Being unexpectedly unemployed also starts a virtual timer of sorts not on your terms. Regardless of how you feel about the event, the longer it persists is universally seen as a negative signal to those that would hire you for your next role. It gets exponentially worse as time goes on making it even harder to find a job, because of the increased time you don't have a job.
You are lucky. Some people, when laid off, struggle with all of the stress of not knowing how to pay bills that you do and on top of that struggle with a sense of lost self worth and other psychological pain.
I feel like a good chunk of that loss of self worth is caused by the struggle to pay bills? In other words, the psychological pain is a symptom of the economic pain.
I don’t think you can make much progress against the psychological pain unless you deal with the economic pain, and once you deal with the economic pain, the rest will go away.
I've heard plenty of anecdotes of people well off financially getting psychologically distressed after a layoff so I don't think it's purely financial.
Sure, I am certain there are some people who feel that way.
The person I was directly responding to was talking about people who faced both money worries and identity struggles. I think a good portion of those people are likely mostly being affected by the financial worries, and won't feel better until that is resolved.
I would add, that in addition to the immediate need for income, there's an identity component of just being gainfully employed, marching along in life and providing for others. Hitting the brakes on that does psychological harm.
I've been a professional software developer for over 30 years. I've been laid off multiple times in that timespan. None of those layoffs phased me in the slightest, all of them were at least semi-expected because there were signs that the company I worked for was in financial trouble prior to the layoffs. It didn't feel the least bit personal, didn't damage my sense of self-worth and I always just found a new job, usually in a matter of days, so I also never felt the practical financial pinch.
But... I am less sure of that outcome repeating if I were to be laid off today given the combination of my age and the stagnant job market in tech.
If I got laid off tomorrow, it wouldn't impact my ego or self-worth just like prior layoffs didn't, but assuming the general extended-"Open to Work"-linkedin vibe of the past year or so is accurate I'd be a lot more concerned about the practical economic impacts than I ever was previously. I'm not living paycheck to paycheck, but as someone who has always enjoyed working at smaller companies rather than FAANG-type places I'm also not retire-whenever-I-want well off.
You suggested that if you don’t attack any other country, then you don’t have to worry about getting attacked.
Ukraine didn’t attack anyone, but that did not keep them safe from being attacked. Clearly not attacking anyone doesn’t mean you don’t have to worry about being attacked.
reply