the total cost was under $20,000 and found several dozen more findings. While the specific run that found the bug above cost under $50, that number only makes sense with full hindsight. Like any search process, we can't know in advance which run will succeed.
2万美元找到「几十个」高严重性漏洞(包括一个27年历史的OpenBSD内核崩溃漏洞)——这个成本效益比彻底颠覆了传统安全审计的经济学。顶级渗透测试公司的日费率通常在数千到数万美元之间,且不保证结果。Mythos将漏洞发现的边际成本压缩到了每个漏洞数百美元级别,这意味着大规模、持续性的自动化漏洞狩猎在经济上已经完全可行。
In many cases, we can automatically detect when a key is visible on the public web and shut down those keys automatically for security reasons
自动检测并关闭公开暴露的API密钥的能力展示了AI服务提供商在安全防护方面的进步,但这种自动化也引发了关于误报和合法使用场景的担忧,需要平衡安全性和可用性。
this is a serious problem because all they need to do is automate AI research 00:41:53 build super intelligence and any lead that the US had would vanish the power dynamics would shift immediately
for - AI - security risk - once automated AI research is known, bad actors can easily build superintelligence
AI - security risk - once automated AI research is known, bad actors can easily build superintelligence - Any lead that the US had would immediately vanish.