Its built-in resume mechanism didn't work after it crashed when running out of my 5 hour session limit, but Claude Code was easily able to resume it 5 hours later reading the session logs and https://openai.com/codex/security/scan.sh
Admittedly Opus 4.8 xhigh does a good job, but are my customers not entitled to have more security from a Fable/Mythos or GPT-5.5-Cyber audit over the codebase? Or I guess the inverse question: why aren't they allowed that audit?
(Fable/Mythos being unavailable notwithstanding.)
It seems OpenAI will at least let me do this narrowly, at greater cost, by using one of their partners. But I already pay them money!
https://projectzero.google/2021/12/a-deep-dive-into-nso-zero...
https://projectzero.google/2022/03/forcedentry-sandbox-escap...
exploiting vulnerabilities on hardened targets isn't just in a different league from finding them, it is a different sport altogether.
put simply, it's the difference between an integer overflow leading to a sandbox escaping RCE and one that leads to a crash.
Codex Security and 5.5/5.6 are still very good finding vulnerable code -- they will identify and fix unsafe behavior, but they will refuse to help you with exploitation -- they will actively prevent you from taking any steps to weaponize the unsafe behavior that are not required to remediate it. they will err conservative here, but for the most part they will still let you discover and address a wide range and depth of vulnerabilities. you can verify yourself to turn off the most basic safeguards and sign up through a more rigorous process for a spectrum of TAC options.
obviously there is a balance here -- openai wants to empower defenders while at the same time not exposing capabilities to the adversaries that would overwhelm defenders. there is no "right" answer. it is a work in progress. this is an intentional and deliberate decision to provide defenders with a (temporary, dwindling) advantage.
the example i chose was pretty extreme, but the underlying principle -- enable visibility discovery and remediation, but make it difficult to weaponize and defeat countermeasures makes sense given the bigger picture, IMO.
this calm before the storm is not going to last for very long, and defenders need every advantage they can get to get their houses in order before these capabilities are widely commoditized.
When the open weight models catch up, if they don't get lobbied and banned by OpenAi and Anthropic, then you'll be able to use them to properly secure your software.
Are there zero days that only a true genius can discover? Or can a smart-enough model, run over the codebase for enough time, discover them all?
Like as we get smarter and smarter models do we expect each new generation to keep finding vulnerabilities, or to plateaue?
Sometimes the summarised thoughts include stuff that makes no sense unless it’s got a workspace on the server. Stuff like “I am now writing x to file y”.
The only hope are Chinese models, as Chinese commies are playing a different game as long as they are behind the flagship models (but it will change soon, like with cheap Chinese cars) and maybe, finally, Europe will start working on their solutions, instead of regulations.
> Or I guess the inverse question: why aren't they allowed that audit?
There's undeniably a lot of unsecured software in the world.
Given that ID verification is hard and these companies are clearly new at it (or don't understand the implications of it, cough Worldcoin's eye-scanning orbs cough), which is worse:
(1) sufficiently good AI* is released to everyone: critical infrastructure and open source projects gets better hacking tools to white-hack their own code at exactly the same time as black hat hackers
(2) sufficiently good AI* is released to critical infrastructure and open source projects first: everyone else, the average paying customer has to wait but so too do the black hats
Because (2) is either the status quo or better depending on if you have access or not; and because (1) seems to me to lead to an acceleration of zero-days, I lean towards (1) being the worse.
* having no experience of pen-testing, I take no position on if this is "it" or not
Silly example: I pay Netflix for their most basic plan, so I get ads. Just because I already pay them money, doesn't mean I have a right to no ads! It also doesn't mean I have a right to 8k streaming; maybe Netflix reserves that for their internal cinema.
It certainly has nothing to do with openAI's co-founders donating to the current administrations election fund, are actively supporting the DoW war efforts of autonomous weapons and also otherwise being ideology tightly coupled with the current US government.
We don't know that it is Mythos level, it could very well be at Fable or below.
This is not a wide open distribution, this is only being provided to hand picked partners, similar to how Mythos was distributed (unlike Fable which had wider distribution)
The larger question, which I don't see an answer to in this post:
1) was this tested and validated by the US Government?
2) is the list of partners vetted by the US Government?
If This is "mythos-class" AND
OpenAI approves SK Telecom as a trusted partner ( https://www.wired.com/story/sk-telecom-anthropic-mythos-export-controls/ )
OpenAI did not get approval.
OpenAI, four months ago, started to require users to verify their identity if they flagged their activities on frontier models (gpt-5.3-codex and higher) as risky. Their filters were originally quite coarse and it resulted in a ton of normal tasks being flagged. There was a lot of drama about it at the time, but it seems like things have smoothed out.
KYC goes back to a year or two ago. API access to gpt-image-1 required it.
That makes sense if both openai and anthropic have export restrictions on their similar models. If they didn't then it seems like the comment you're replying to may be correct.
The problem is, though, given Anthropic have said all of that, they really have very little grounds for objecting to the US government's intervention here. Everything that the government would have to prove to justify their intervention has already been freely admitted by Anthropic, even though the "admission" was maybe more intended as a marketing ploy.
The whole "it's too dangerous to release!" is complete hogwash.
A person can take a hammer, walk out in the street, and we can count how many people he can kill with the hammer before he is stopped. My local hardware store still sells hammers, and I haven't seen the CEO of it claim that their hammers are much more dangerous and it's totally going to end the world if you allow any random person to have one!
I don't like this argument specifically with AI. Facial recognition everywhere you go is just a tool. Your job creating a detailed profile on exactly how you work, who you talk to, and about what is just a tool. The tools have become so good and easy to use we have to have serious discussions about them before things get out of hand.
The narrow gap between downloadable and frontier models is tangential to this. If you want to expand on the "hammer" metaphor, the downloadable models are a small construction/demolitions firm, and the frontier models are a big construction/demolitions firm.
In this analogy, there's no training school or certifications for the staff either of them hire, and society is still working out what public liability requirements and planning permission laws are even though both companies are being hired all over the place, because everything they do was only invented a few years ago.
Like, e.g. the USACE
I can go into stores that sell things that are much more dangerous than hammers (or frontier cyber models) and no one will give me a hard time about it.
1. Browse the internet
2. See what people hate about OpenAI
3. Adopt the worse version of it
4. Profit?
Sam Altman fearmongered about AI alignment - we fearmonger harder.
OpenAI is CloseAI now - we are even less open.
OpenAI is going to IPO - we IPO first.
Really?