i stumbled upon this crazy stuff from anthropic's latest ai model called mythos- it can do full offensive security checks. yeah, i know right? one of their findings was a signed integer overflow issue that's been around since the year 1986! and they found another out-of-bounds heap write in ffmpeg from 2005 for under $50.
i mean [
signed int:overflow() {. }] is still an open door when ai can spot it? this tech feels like a game-changer. anyone else run into similar issues or feel unprepared now?
what's your take on mythos and its implications for web dev security?
➡️ do you think we should all start running these checks too, even if they're only 5 min long?
found this here:
https://dev.to/jeremiestrand/scan-your-codebase-for-mythos-class-vulnerabilities-in-5-minutes-47l