So my home router, all my iot devices attached to it from printers to projectors, not to mention custom stacks like Lutron. BLE based locks, car key fobs.
All of these technically could have zero day vulnerabilities and people/companies who made it don't have the resources to buy 20000$ of tokens to go debug them... Maybe they don't care but if they do, what if they can't afford such models or get access in time.
I would like to know how can someone like me defend against them?
> don't have the resources to buy 20000$ of tokens to go debug them
$20,000 - how many developers do these hardware companies have that they need to spend that much? Claude Team Premium is US$125/mo for a seat and even cheaper if you buy annually...
I think AI bug scanning is a good thing, it will ensure almost all high severity get caught before entering prod. There can certainly be downsides but I am personally all for it.
Only if everyone runs it. The attacker just needs to find one vulnerable system; the defender must protect them all. Obviously given that the tool exists, the defender must run it, but it's not at all clear to me that the existence of the tool different all favours defence.
Strong agreement. I include https://roost.tools in this category of necessary efforts. A strong privacy law would be great, but a more political thing, though there is much we can do as technologists.
So my home router, all my iot devices attached to it from printers to projectors, not to mention custom stacks like Lutron. BLE based locks, car key fobs.
All of these technically could have zero day vulnerabilities and people/companies who made it don't have the resources to buy 20000$ of tokens to go debug them... Maybe they don't care but if they do, what if they can't afford such models or get access in time.
I would like to know how can someone like me defend against them?
That's the neat part, you can't.
> don't have the resources to buy 20000$ of tokens to go debug them
$20,000 - how many developers do these hardware companies have that they need to spend that much? Claude Team Premium is US$125/mo for a seat and even cheaper if you buy annually...
$20000 is what the Antropic report says they spent on scanning OpenBSD [1].
[1] "Across a thousand runs through our scaffold, the total cost was under $20,000 and found several dozen more findings.", https://red.anthropic.com/2026/mythos-preview/
I think AI bug scanning is a good thing, it will ensure almost all high severity get caught before entering prod. There can certainly be downsides but I am personally all for it.
Only if everyone runs it. The attacker just needs to find one vulnerable system; the defender must protect them all. Obviously given that the tool exists, the defender must run it, but it's not at all clear to me that the existence of the tool different all favours defence.
Discussion: https://news.ycombinator.com/item?id=47679121
and Related:
System Card: Claude Mythos Preview [pdf]
https://news.ycombinator.com/item?id=47679258
Assessing Claude Mythos Preview's cybersecurity capabilities
https://news.ycombinator.com/item?id=47679155)
Strong agreement. I include https://roost.tools in this category of necessary efforts. A strong privacy law would be great, but a more political thing, though there is much we can do as technologists.