NSA director: 'Mythos "broke into almost all of our classified systems in hours"

ggm

I made a point about this in relation to anthropic last week: nobody inside the strategic information spaces is worried about AGI they're worried about core strategic information leaking out. Either it's in the model, or the model exposes pathways to finding it in the core strategic systems. Those "tapes" DOGE took away? Nothing on them can be considered private any more. That's how brute force risk happens. Mythos' risks are showing doorways to exfiltration surely? Why bother when you can walk out the door with a data dump? The NSA is just a highly specific subclass of the problem. Their traditional publicly stated approach to security is "nothing electronic which enters our domain leaves" and yet somehow they have assessed these systems as capable of breaching their walls? That's super bad. I suspect they ran an analogue/instance inside their protection rings. I doubt they ran a test outside in the global internet. If they have actually lost control of their boundary, that's a bigger story (which I doubt) and contextually he could have been referring to information systems in NSAs duty of care, not things inside Ft Meade.

ggm

https://archive.is/aA1dB

MaxPock

What happens when open source models achieve Mythos level capabilities in six months' time?

bel8

HN post title does not match link title > NSA director: 'Mythos "broke into almost all of our classified systems in hours" > Donald Trump’s blocking of Anthropic is capricious and chaotic

vsgherzi

This is really making me raise an eyebrow. I’m sure mythos is an improvement for sure. I don’t think the framing of it hacked the entire NSA is fully truthful. I’d like a more in depth understanding of what actually happened. Excited to be proved wrong tho!

ionwake

Not being funny but does most of HN subscribe to the economist? I dont think ive ever paid for an online newspaper ( and Im not trying to be edgy )

mirekrusin

If mythos can break into almost all of their classified systems in hours then other models including opus, gpt, gemini and large open weight models can do so as well, maybe you'll have to double hours or it may become days, but they also will, there is no "maybe" in here. State sponsored, non-public penetration fine tunes (of possibly public ones) likely can do it even faster. Unsupervised penetration RL loop is ideal setup similar to optimization one – it's relatively easy to gain function on it.

instagib

https://archive.ph/dXddV “Donald Trump’s blocking of Anthropic is capricious and chaotic” - current title I don’t understand the posted title quote and assume it’s missing a lot of context or was misinterpreted as it’s a secondary attribution. “Mythos broke into almost all of our classified systems in hours”. When you put it on those networks already and gave it compute?

ricksunny

flagged because reasons. @dang

Simulacra

Actual title "Donald Trump’s blocking of Anthropic is capricious and chaotic"

Jamesbeam

Have to give it to Cyber Command. This is cheap and effective propAIganda. Of course, America is now the only nation on the planet with advanced weaponised AI models that are so good they beat billions of dollars and decades of IT security experience with some of the brightest minds in their fields within hours. If this were true, you’d see the president yapping and bragging about it on Truth before the NSA director even gets a chance to publicly talk about it. Probably doing a live stream about how he personally prompts his way into an unconditional Iranian surrender. You know it, I know it. Nice try, William, but unless I see the Senate Intelligence Committee freaking out with you sweating black goo like Giuliani, I ain’t believing it. This is the same kind of bullshit that was showing a gun on TV that could apparently give people heart attacks with some frozen, untraceable darts. If the US really was in possession of a technology that could hack into the most secure environments on the planet autonomously within hours, you would see all their partners pulling their access from shared IT systems and blocking all traffic coming from the US immediately. Especially considering they have been caught spying on allies before: https://www.spiegel.de/international/germany/cover-story-how... You know what they say in intelligence circles. Fool us once, shame on you. Fool us twice, it's open windows season. None of the partners or adversaries seem to give a fuck about Mythos, so there is a good chance this is just another lying NSA director as usual. Come on, people. You don’t run the NSA if you’re an honest man. It’s a spy agency.

scotty79

If I were to guess, internally they have as sloppy security as any other corp/organization. And those were the things Mythos effortlessly poked holes in. Other models would probably as well, but Antropic hyping gave NSA the idea to try. The shell around those internal systems is probably as (im)penetrable as ever because it's just some flavor of hardened and bare bones linux.

mrandish

This quote from TFA is highly likely to be a conflation, exaggeration or extrapolation of what actually happened: > "On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”" Why: 1. It's a paraphrase of a 2nd hand conversation and (at least) the last two 'telephone game' recipients are a U.S. Senator and a general, not security domain or IT experts. 2. Motivated communication: The Senator claimed this to justify the necessity of unprecedented restrictions that he agrees with. 3. The original testimony to the Intelligence Committee was almost certainly detailed, nuanced and highly classified, making this an extreme paraphrase. In saying this, I'm not claiming Mythos may not be a security issue or that something directionally like this wasn't reported. But given the indirect, circuitous path, it's quite easy to imagine the original testimony was more like "Mythos identified a potential vulnerability we rated "Severe" in a critical system and we believe it could find similar vulnerabilities in any of our systems."

rajsuper123

what is the use of Submitting this news/report here if it's behind a paywall/login

CobaltFire

Not a surprise. I got in a LOT of trouble for identifying and outlining a trivial privilege escalation attack that worked on both NIPR and SIPR. In the end I got to help write up the issue but to my knowledge they never patched it as it would have caused major issues with maintenance by closing off access needed for some legacy software patches.

AngryData

Not surprised, our security systems are 95% security through obscurity these days. Mythos didn't find new ways to break security, it just went down the list of common security exploits and exposed them for being common even among government agencies.

protocolture

>On June 11th Mark Warner, the vice-chair of the Senate Intelligence Committee, said that General Joshua Rudd, who leads the National Security Agency and the Pentagon’s Cyber Command, had told him that Mythos “broke into almost all of our classified systems, not in weeks, but in hours”. From outside? Or did you have a shit ton of unpatched systems that only internal users could access?

georgehotz

lol so how long have the Chinese had access for? this doesn't make Mythos look good, it makes the NSA look bad

mikewarot

It's sad that they did the research[1] and solved computer security about 40 years ago[2], and then proceeded to lose that hard won knowledge over time. [1] https://csrc.nist.rip/publications/history/index_1.html [2] https://en.wikipedia.org/wiki/KeyKOS

infinite_spin

It's important to point out that it's not necessarily the underlying model, but also the harness, which is the real wagon in this race