""The V8 [out of bounds error] we used was from Chrome 146, the same version Anthropic's own Claude Desktop is running. A week of back and forth, 2.3 billion tokens, $2,283 in API costs, and about ~20 hours of me unsticking it from dead ends. It popped calc.""
""Popped calc" is a reference to opening the calculator app - an event commonly used in proof-of-concept exploit code to indicate that an attack compromised the target system."
""Even if you added several dollars thousand for Pedhapati's time tending the model, that's still significantly less the theoretical reward (~$15,000) one might get from Google's and Discord's vulnerability reward programs.""
""Opus 4.7 is roughly similar to Opus 4.6 in cyber capabilities. But it's apparently less capable than Mythos Preview and comes with safeguards that automatically detect and block requests that indicate prohibited or high-risk cybersecurity uses.""
Anthropic decided not to release its Mythos bug-finding model due to fears of exploitation. The Opus 4.6 model, however, was used to develop a full exploit chain for the V8 JavaScript engine in Chrome. The process involved significant costs and time but was still cheaper than developing an exploit independently. Opus 4.7, while similar in capabilities, includes safeguards against high-risk cybersecurity uses. The potential rewards for exploiting vulnerabilities remain high, raising concerns about accessibility for malicious actors.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]