The Bitcoin “value overflow incident” on August 15, 2010 is probably the closest thing and that didn't affect the price much (though one BTC was around 8c at the time)
This time you'll have hundreds of billions of BTC that will be hacked by someone who will probably instantly unload it. In that scenario it's hard to see the price of it not dropping >90%, so you'd have to think people would prefer a roll back.
That said, I don't know how you could even do a roll back, you're not rolling back to a 'safe' state since the keys aren't safe at that point.
However in terms of the hack, Bitcoin is slow - most exchanges require a few confirmations so it's 30+ minutes to land a deposit in Coinbase/Binance at minimum, and a transfer that huge would instantly set off alarms. Seems unlikely that they would be able to unload that much.
Coinbase would definitely go into buy-only mode during a major crash but that just means people would scream while they watch futures/perps go to zero.
"If you're first out the door, that's not called panicking."
Murmur BS aside - holy shit, they had to abandon two C-130 class planes because they got stuck in the mud? And lost an A-10 Warthog on top of the original F-15?
Software security heavily favors the defenders (ex. it's much easier to encrypt a file than break the encryption). Thus with better tools and ample time to reach steady-state, we would expect software to become more secure.
Software security heavily favours the attacker (ex. its much easier to find a single vulnerability than to patch every vulnerability). Thus with better tools and ample time to reach steady-state, we would expect software to remain insecure.
If we think in the context of LLMs, why is it easier to find a single vulnerability than to patch every vulnerability? If the defender and the attacker are using the same LLM, the defender will run "find a critical vulnerability in my software" until it comes up empty and then the attacker will find nothing.
Defenders are favored here too, especially for closed-source applications where the defender's LLM has access to all the source code while the attacker's LLM doesn't.
That generally makes sense to me, but I wonder if it's different when the attacker and defender are using the same tool (Mythos in this case)
Maybe you just spend more on tokens by some factor than the attackers do combined, and end up mostly okay. Put another way, if there's 20 vulnerabilities that Mythos is capable of finding, maybe it's reasonable to find all of them?
"Most security tooling has historically benefitted defenders more than attackers. When the first software fuzzers were deployed at large scale, there were concerns they might enable attackers to identify vulnerabilities at an increased rate. And they did. But modern fuzzers like AFL are now a critical component of the security ecosystem: projects like OSS-Fuzz dedicate significant resources to help secure key open source software.
We believe the same will hold true here too—eventually. Once the security landscape has reached a new equilibrium, we believe that powerful language models will benefit defenders more than attackers, increasing the overall security of the software ecosystem. The advantage will belong to the side that can get the most out of these tools. In the short term, this could be attackers, if frontier labs aren’t careful about how they release these models. In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships.
"
This is only true if your approach is security through correctness. This never works in practice. Try security through compartmentalization. Qubes OS provides it reasonably well.
I don't think this is broadly true and to the extent it's true for cryptographic software, it's only relatively recently become true; in the 2000s and 2010s, if I was tasked with assessing software that "encrypted a file" (or more likely some kind of "message"), my bet would be on finding a game-over flaw in that.
Pricing for Mythos Preview is $25/$125 per million input/output tokens. This makes it 5X more expensive than Opus but actually cheaper than GPT 5.4 Pro.
Garfield Minus Garfield is a site dedicated to removing Garfield from the Garfield comic strips in order to reveal the existential angst of a certain young Mr. Jon Arbuckle. It is a journey deep into the mind of an isolated young everyman as he fights a losing battle against loneliness and depression in a quiet American suburb.
So what happens if the author ignores this judgement? Surely arbitration can't send someone to prison. According to the web they still need a court to even confirm a monetary penalty.
reply