I’m an enterprise customer, and still waiting for a human to respond for over 2 weeks, and there’s a special form for enterprise expedited support. I understand growing pains but this borders incompetence. If Comcast gives better customer service, you have a problem. (I would recommend to stay on the teams plan or personal plan if you can, by the way, unless you really have to)
Not to mention their 1 9s availability (I am not joking, check for yourself).
That's a really good question, my sarcastic mind thinks that Anthropic rushed the Mythos announcement of fears of Meta stealing their thunder... (I guess someone leaked that, a LOT of anthropic folks are ex meta... so, you know)
Just a speculation, I have no real knowledge about it.
Sarcasm aside, tried it (with instant mode), it's an impressive model.
It nailed all the ChatGPT meme gotchas (walk to the carwash, Alice 50 brothers, upside down cup, R's in strawberry, which number is bigger, 9.11 or 9.9?)
I guess all that money poaching OpenAI / Anthropic talent went somewhere...
Now, would I use "Meta Muse Code" or "Muse CoWork" if I have to have a facebook account to all of my developers? Maybe not.
Would I use it via an API key? I might, depends on the pricing!
So this is why Anthropic rushed the weirdest "pre-responsible-disclosure-totally-not-for-marketing" announcement yesterday? To make sure Spark doesn't steal their thunder? (Spark beats Opus 4.6 on some benchmarks...). Or did I become a bitter cynical old man.
Anthropic had their mythos post (and model) basically ready a few weeks ago, as evidenced by the blog content leaks. Also I highly doubt they just threw together a 250-page PDF model card in a "rush."
tl;dr Austin (posting with his permission) is a CMU grad, who just got fired from Coinbase for having to choose between abandoning a side project he worked on for 5 years (And they knew about when hiring him) because they were afraid he'll "compete" with them. Not for performance, not for any other reason, just forced him to abandon things he worked on on his personal time, using his personal equipment, after agreeing to it when he was first hired. This is not ok.
They knew about it when hiring him, then they decided to build a competing product, so they fired him, as if his side project really risks them in any means... sounds fair... the big guys just want things so they take it and we should say thank you, right?
Doesn't matter, a contract was signed. Want that to change, get the laws changed such that these non-compete cannot be in the contract. Even so, it won't matter because the US is mostly "at will" employment and they can fire you for no reason.
Why didn't your friend work on the new product? There is more to this story than you are sharing.
Getting a viral post on HN has a higher power (and likelihood) than changing the laws ;) (we've seen this before...)
But yes, you are technically right.
For your last question, I don't know, I didn't ask, but he's responsive on social media / LinkedIn, feel free to ask. I'm just posting it because it seems when he posted it it got flagged as spam... don't kill the messenger :)
It feels to me full with marketing in the guise of trying to save the world from their own making. "we have a model so strong we can't release it, here are all the details of why it's so good, but don't ask for access, you can't get it, it's too risky for your own good"
Something smells really really weird:
1. Per the blog post[0]: "This was the most critical vulnerability we discovered in OpenBSD with Mythos Preview after a thousand runs through our scaffold. Across a thousand runs through our scaffold, the total cost was under $20,000 and found several dozen more findings"
Since they said it was patched, I tried to find the CVE, it looks like Mythos indeed found a 27 years old OpenBSD bug (fantastic), but it didn’t get a CVE and OpenBSD patched it and marked it as a reliability fix, am I missing something? [1]
2. From the same post, Anthropic red team decided to do a preview of their future responsible disclosure (is this a common practice?): "As we discuss below, we’re limited in what we can report here. Over 99% of the vulnerabilities we’ve found have not yet been patched" [0] So this is great, can't wait to see the actual CVEs, exploitability, likelihood, peer review, reproducibility, the kind of things the appsec community has been doing for at least the last 27 years since the CVE concept was introduced [2]
3. On the same day, an actual responsible disclosure, actual RCEs, actual CVEs, in Claude Code, that got discovered mostly because of the source code leak, I don't see anyone talking about it (you probably should upgrade your Claude Code though).
1. Per the blog post[0]: "This was the most critical vulnerability we discovered in OpenBSD with Mythos Preview after a thousand runs through our scaffold. Across a thousand runs through our scaffold, the total cost was under $20,000 and found several dozen more findings"
Since they said it was patched, I tried to find the CVE, it looks like Mythos indeed found a 27 years old OpenBSD bug (fantastic), but it didn’t get a CVE and OpenBSD patched it and marked it as a reliability fix, am I missing something? [1]
2. From the same post, Anthropic red team decided to do a preview of their future responsible disclosure (is this a common practice?): "As we discuss below, we’re limited in what we can report here. Over 99% of the vulnerabilities we’ve found have not yet been patched" [0]
So this is great, can't wait to see the actual CVEs, exploitability, likelihood, peer review, reproducibility, the kind of things the appsec community has been doing for at least the last 27 years since the CVE concept was introduced [2]
3. On the same day, an actual responsible disclosure, actual RCEs, actual CVEs, in Claude Code, that got discovered mostly because of the source code leak, I don't see anyone talking about it (you probably should upgrade your Claude Code though).
Edit: if it was not obvious, these CVEs on Claude Code were found by an independent security researcher (Phoenix security) and not by Anthropic / Mythos.
Now we have to wonder if they ran Mythos on their Calude source and it missed it or why they chose not to run it.
I do agree and wonder why that's not marked as security. In their security page [0] it says:
> Since exploitability is not proven for many of the fixes we make, do not expect the relevant commit message to say "SECURITY FIX!".
Does that mean they considered it not to be exploitable?
I really don't know, all I know is that usually when you find a critical vulnerability, and it's patched, it comes with a CVE, even a low one, that's the process for the past 27 years when the CVE program started (as old as the vulnerability itself it seems..) but maybe with AI-native, CVEs don't matter because everyone will just rewrite their clean room open source alternative (I wish this was a joke...)
Basically set it up like a developer local env, then it just runs like an "openclaw" - with full control over its own env, with a browser, a shell, access to the local DB (e.g. install a local postgres). You basically get a video of the feature, screenshots, and it can also actually test itself, like a developer, clicking in the browser to test the feature. Game changer.
Computer use in the cloud is the main reason I use them. It's a game changer. It has its own dev env with a browser / shell and can test what it wrote (a bit of a hassle to set it up, but when it's working, wow)
Not to mention their 1 9s availability (I am not joking, check for yourself).
Insert victims of their own success cliche here.
reply