With all the FUD I've seen around Mythos, agents, and vulns in general, I decided to make a repo I've been working on public. Apple released M5 MacBooks and the A18 Pro chip Neo. I bought both day 1 and set them up, and let a variety of different agents do attack surface mapping and vulnerability discovery. Some real findings have impact, but a lot will be written in an almost breathless, excited tone by agents that are software bugs and could be considered vulns they are really exploitable vulns. I used the same agents to assess a pre-February Firefox with runtime analysis and RE, and found many of the same bug types. Sure, there are some real ones, but the majority were the agent getting excited that it found something, that an hour later, the agent had to document no luck was made in validating the agent described “game changer” or a “game over vuln”, then would revise documentation to lower the critical rating to Medium DoS, Low info leak, or Informational.
The hype over an agent finding, wasted tokens trying to make it more than it was, and the acceptance of failure made me decide to make this repo available so people could get an up-close look at the agent work that produced similar Firefox results.
With all the FUD I've seen around Mythos, agents, and vulns in general, I decided to make a repo I've been working on public. Apple released M5 MacBooks and the A18 Pro chip Neo. I bought both day 1 and set them up, and let a variety of different agents do attack surface mapping and vulnerability discovery. Some real findings have impact, but a lot will be written in an almost breathless, excited tone by agents that are software bugs and could be considered vulns they are really exploitable vulns. I used the same agents to assess a pre-February Firefox with runtime analysis and RE, and found many of the same bug types. Sure, there are some real ones, but the majority were the agent getting excited that it found something, that an hour later, the agent had to document no luck was made in validating the agent described “game changer” or a “game over vuln”, then would revise documentation to lower the critical rating to Medium DoS, Low info leak, or Informational. The hype over an agent finding, wasted tokens trying to make it more than it was, and the acceptance of failure made me decide to make this repo available so people could get an up-close look at the agent work that produced similar Firefox results.