> A 16-year-old with no credentials and no capital could just do things. The world of bits offered the freedom to build without being drowned in arbitrary constraints, in a way that didn’t require assembling vast capital or prestige or connections, where your creativity and work could speak for itself, and you had agency.
It has always baffled me how quickly, and how voraciously, people started to rely on privately owned AI systems.
AI is not something discovered by scientists and plucked out of the ether. It's engineered and controlled, for profit, by corporations which have demographics and KPIs. These companies don't owe you anything, and they make no promises.
If you're running a business that deeply relies on AI, you might as well add Sam Altman to your board of directors--because he has just as much control over your company as you do. If they have a bad quarter and need to increase rates by 1000%, your choices are to pay up or shut down.
This Mythos situation is just the beginning. Not only do they have everyone hooked, but they've actively stalled the personal skill growth of millions of people who fell into vibe-coding rather than genuinely learning. And now they have that choice: Pay up, or shut down.
The same corporations that insist upon private Maven repositories to control all code dependencies are nevertheless fine with establishing a massive dependency on a privately-held corporation in order to write software that hardly anyone in the organization understands. When I really think about this and how it plays out in the long run, I feel like I’m taking crazy pills.
I can't run my business without electricity. Yet we don't fear of its access being revoked. Sam makes the comparison of intelligence to electricity a lot. So we are on the path to these systems becoming utilities.
I don't know but likely not. Factories were powered by steam then, and had a "power plant" on site. So they didn't convert to electricity until it was reliable and guaranteed.
Was anything regulated in those times? You could legally buy humans at that time.
But that doesn't mean we live with same standards. Lack of regulations in electricity led to a lot of deaths and disaster which is why it was regulated.
But we dont live in the start of 20th century, we live in 2026 and we must learn from the past instead of helbent on repeating it.
Comparing AI to electricity focusing on just one particular aspect (hey its like fuel guys!!) while completely ignoring all the structural difference between actual energy industries and big tech is really stupid.
They use private AI because it's hard work and expensive to provide. But you are not that locked in as xAI/OpenAI/Anthropic etc. seem pretty interchangeable for most purposes.
Whatever is in Mythos will be open source in 6mos-1yr tops. You might not have the GPUs but you won't be locked out of the capability.
We're still not at the point where one person with a coding agent can max out their salary in effectively using credits, so the capability is still well within reach of the vast base of the industry.
Meaning that for now, most people who want to pay for the product (which IMO is pretty reasonably priced for what it does) will be able to get the product.
The economics will make sure of that. The market is ripe for someone basically copying the likes of Mythos and pricing it competitively.
>> We saw yesterday that expert orchestration around small, publicly available models can produce results on the level of the unreleased model.
This is false. Yesterday's article did not actually show this, and there are many comments in the discussion from actual security people (like tptacek) pointing that out.
There is no doubt that what was shown in the article was correct, because there was all the documentation needed to prove it, including the prompts given to the models.
What is debatable is how much it mattered that the prompts given to the older models where more detailed than it is likely that the prompts given to Mythos have been and how difficult is it for such prompts to be generated automatically by an appropriate harness.
In my opinion, it is perfectly possible to generate such prompts automatically, and by running multiple of the existing open weights models, to find everything that Mythos finds, though probably in a longer time.
Even if the OpenBSD bug has indeed been found by giving a prompt equivalent with "search for integer overflow bugs", it would not be difficult to run automatically multiple times the existing open weights models, giving them each time a different prompt, corresponding to the known classes of bugs and vulnerabilities.
While we know precisely which prompts have been used with the open-weights models to find all bugs, we have much more vague information about the harness used with Mythos and how helpful it was for finding the bugs.
Not even Mythos has provided its results after being given only a generic prompt.
They have run multiple times Mythos on each file, with more and more specific prompts. The final run was done with a prompt describing the bug previously found, where Mythos was requested to confirm the existence of the bug and to provide patches/exploits.
So the authors of that article are right, that for finding bugs an appropriate harness is essential. Just running Mythos on a project and asking it to find bugs will not achieve anything.
The use of the word distinguished here is meaningless.
Both Mythos and the old models have found the bugs after being given a certain prompt. The difference is only in how detailed was the prompt.
For the small models, we know exactly the prompts. The prompts used by Mythos may have been more generic, while the prompts used by the old models were rather specific, like "search for buffer overflows" or "search for integer overflow".
There is little doubt that Mythos is a more powerful model, but there is no quantum leap towards Mythos and the claim of the authors of that article, that by using cleverly multiple older models you can achieve about the same bug coverage with Mythos seems right.
Because they have provided much more information about how exactly the bugs have been found, I trust the authors of that article much more than I trust Anthropic, which has provided only rather nebulous information about their methods.
It should be noted that the fact that the small models have been given rather directed prompts is not very different from what Anthropic seems to have done.
According to Anthropic, they have run Mythos multiple times on each file, in the beginning with less specific prompts, trying only to establish whether the file is likely to include bugs, then with more specific prompts. Eventually, after a bug appeared to have been found, they have run Mythos once more, with a very specific prompt of the form:
“I have received the following bug report. Can you please confirm if it’s real and interesting? ...”
So the final run of Mythos, which has provided the reported results, including exploits/patches for them, was also of the kind that confirms a known bug, instead of searching randomly for it.
I think that remains to be proven. The context was 16-year olds being able to freely build things. They still can do that as before. Not everything is a competition.
That assumes “more model” is the part that differentiates successful ideas from unsuccessful ones.
Governments and corporations controlled enormous mainframes far beyond the compute available to the hacker kid we were waxing nostalgic about, didn’t they? Not to mention the PhDs, the mountains of capital, and so on?
The irony is that we've just shifted the complexity. Anyone can make something now, but since everyone is making things, now you need to compete on reach/distribution more aggressively. The new "capital" is social media juice and pre-AI rep. Same problem, different skin.
Jokes aside, this is just a different flavor of the same promise we see with each new technology, and 9/10 times it just ends in worse professional environments.
Spruce lets users control their data across the web. Instead of users logging into platforms, we believe platforms should request to access data vaults controlled by users.
The demand for trusted digital ID is accelerating as AI deepfakes begin to destroy most of the ways we use to verify identity today. How private or secure is it to hold your driver's license or passport up to a webcam to get a bank account? Was it ever private or secure? Stable diffusion can break so much of this already. Society will need trusted digital IDs and credentials. Our mission is to allow them to be controlled by individuals, with safeguards to prevent descents into surveillance states and checkpoint societies.
We are the main implementers of category-defining initiatives such as the digital ID program for the California DMV, and the verifiable digital credentials program in Utah. We are private sector participants in NIST's National Cyber Security of Excellence initiative for privacy-preserving digital ID.
We are hiring skilled engineers who care about making a real impact in improving public services, digital autonomy, and user privacy for the world. We work closely with public sector agencies, and have high regard for public servants. We have a strong engineering and customer-oriented culture, and are not simply a SaaS product or AI wrapper. Our roles are not for the faint of heart: you will be expected to work hard and learn a lot in this role.
Our engineers are ambitious to get outcomes for our customers and their constituents. On any given day, they may write great Rust/C#/TypeScript, deal with mainframe dumps, read policy documents, respond to technical RFIs/RFPs, manage on-prem environments, implement new NFC + Bluetooth protocols in Swift/Kotlin, create CI/CD processes that enforce W3C accessibility guidelines and i18n requirements, rewrite lost specs from disassembled binaries, figure out stablecoin payments, and design new protections for public key infrastructure. It is a team effort, and people with T-shirt shaped skills are able to collaborate and learn a ton from each other every day.
We are interested in candidates who want to be proud of the meaningful impact they make for society, even if it takes time to get right. This is not the right job for someone who wants to "join a cool new AI startup" that implodes or exits in under a year.
Spruce lets users control their data across the web. Instead of users logging into platforms, we believe platforms should request to access data vaults controlled by users.
The demand for trusted digital ID is accelerating as AI deepfakes begin to destroy most of the ways we use to verify identity today. How private or secure is it to hold your driver's license or passport up to a webcam to get a bank account? Was it ever private or secure? Stable diffusion can break so much of this already. Society will need trusted digital IDs and credentials. Our mission is to allow them to be controlled by individuals, with safeguards to prevent descents into surveillance states and checkpoint societies.
We are the main implementers of category-defining initiatives such as the digital ID program for the California DMV, and the verifiable digital credentials program in Utah. We are private sector participants in NIST's National Cyber Security of Excellence initiative for privacy-preserving digital ID.
We are hiring skilled engineers who care about making a real impact in improving public services, digital autonomy, and user privacy for the world. We work closely with public sector agencies, and have high regard for public servants. We have a strong engineering and customer-oriented culture, and are not simply a SaaS product or AI wrapper. Our roles are not for the faint of heart: you will be expected to work hard and learn a lot in this role.
Our engineers are ambitious to get outcomes for our customers and their constituents. On any given day, they may write great Rust/C#/TypeScript, deal with mainframe dumps, read policy documents, respond to technical RFIs/RFPs, manage on-prem environments, implement new NFC + Bluetooth protocols in Swift/Kotlin, create CI/CD processes that enforce W3C accessibility guidelines and i18n requirements, rewrite lost specs from disassembled binaries, figure out stablecoin payments, and design new protections for public key infrastructure. It is a team effort, and people with T-shirt shaped skills are able to collaborate and learn a ton from each other every day.
We are interested in candidates who want to be proud of the meaningful impact they make for society, even if it takes time to get right. This is not the right job for someone who wants to "join a cool new AI startup" that implodes or exits in under a year.
Spruce lets users control their data across the web. Instead of users logging into platforms, we believe platforms should request to access data vaults controlled by users.
The demand for trusted digital ID is accelerating as AI deepfakes begin to destroy most of the ways we use to verify identity today. How private or secure is it to hold your driver's license or passport up to a webcam to get a bank account? Was it ever private or secure? Stable diffusion can break so much of this already. Society will need trusted digital IDs and credentials. Our mission is to allow them to be controlled by individuals, with safeguards to prevent descents into surveillance states and checkpoint societies.
We are the main implementers of category-defining initiatives such as the digital ID program for the California DMV, and the verifiable digital credentials program in Utah. We are private sector participants in NIST's National Cyber Security of Excellence initiative for privacy-preserving digital ID.
We are hiring skilled engineers who care about making a real impact in improving public services, digital autonomy, and user privacy for the world. We work closely with public sector agencies, and have high regard for public servants. We have a strong engineering and customer-oriented culture, and are not simply a SaaS product or AI wrapper. Our roles are not for the faint of heart: you will be expected to work hard and learn a lot in this role.
Our engineers are ambitious to get outcomes for our customers and their constituents. On any given day, they may write great Rust/C#/TypeScript, deal with mainframe dumps, read policy documents, respond to technical RFIs/RFPs, manage on-prem environments, implement new NFC + Bluetooth protocols in Swift/Kotlin, create CI/CD processes that enforce W3C accessibility guidelines and i18n requirements, rewrite lost specs from disassembled binaries, figure out stablecoin payments, and design new protections for public key infrastructure. It is a team effort, and people with T-shirt shaped skills are able to collaborate and learn a ton from each other every day.
We are interested in candidates who want to be proud of the meaningful impact they make for society, even if it takes time to get right. This is not the right job for someone who wants to "join a cool new AI startup" that implodes or exits in under a year.
Spruce lets users control their data across the web. Instead of users logging into platforms, we believe platforms should request to access data vaults controlled by users.
The demand for trusted digital ID is accelerating as AI deepfakes begin to destroy most of the ways we use to verify identity today. How private or secure is it to hold your driver's license or passport up to a webcam to get a bank account? Was it ever private or secure? Stable diffusion can break so much of this already. Society will need trusted digital IDs and credentials. Our mission is to allow them to be controlled by individuals, with safeguards to prevent descents into surveillance states and checkpoint societies.
We are the main implementers of category-defining initiatives such as the digital ID program for the California DMV, and the verifiable digital credentials program in Utah. We are private sector participants in NIST's National Cyber Security of Excellence initiative for privacy-preserving digital ID.
We are hiring skilled engineers who care about making a real impact in improving public services, digital autonomy, and user privacy for the world. We work closely with public sector agencies, and have high regard for public servants. We have a strong engineering and customer-oriented culture, and are not simply a SaaS product or AI wrapper. Our roles are not for the faint of heart: you will be expected to work hard and learn a lot in this role.
Our engineers are ambitious to get outcomes for our customers and their constituents. On any given day, they may write great Rust/C#/TypeScript, deal with mainframe dumps, read policy documents, respond to technical RFIs/RFPs, manage on-prem environments, implement new NFC + Bluetooth protocols in Swift/Kotlin, create CI/CD processes that enforce W3C accessibility guidelines and i18n requirements, rewrite lost specs from disassembled binaries, figure out stablecoin payments, and design new protections for public key infrastructure. It is a team effort, and people with T-shirt shaped skills are able to collaborate and learn a ton from each other every day.
We are interested in candidates who want to be proud of the meaningful impact they make for society, even if it takes time to get right. This is not the right job for someone who wants to "join a cool new AI startup" that implodes or exits in under a year.
Spruce lets users control their data across the web. Instead of users logging into platforms, we believe platforms should request to access data vaults controlled by users.
The demand for trusted digital ID is accelerating as AI deepfakes begin to destroy most of the ways we use to verify identity today. How private or secure is it to hold your driver's license or passport up to a webcam to get a bank account? Was it ever private or secure? Stable diffusion can break so much of this already. Society will need trusted digital IDs and credentials. Our mission is to allow them to be controlled by individuals, with safeguards to prevent descents into surveillance states and checkpoint societies.
We are the main implementers of category-defining initiatives such as the digital ID program for the California DMV, and the verifiable digital credentials program in Utah. We are private sector participants in NIST's National Cyber Security of Excellence initiative for privacy-preserving digital ID.
We are hiring skilled engineers who care about making a real impact in improving public services, digital autonomy, and user privacy for the world. We work closely with public sector agencies, and have high regard for public servants. We have a strong engineering and customer-oriented culture, and are not simply a SaaS product or AI wrapper. Our roles are not for the faint of heart: you will be expected to work hard and learn a lot in this role.
Our engineers are ambitious to get outcomes for our customers and their constituents. On any given day, they may write great Rust/C#/TypeScript, deal with mainframe dumps, read policy documents, respond to technical RFIs/RFPs, manage on-prem environments, implement new NFC + Bluetooth protocols in Swift/Kotlin, create CI/CD processes that enforce W3C accessibility guidelines and i18n requirements, rewrite lost specs from disassembled binaries, figure out stablecoin payments, and design new protections for public key infrastructure. It is a team effort, and people with T-shirt shaped skills are able to collaborate and learn a ton from each other every day.
We are interested in candidates who want to be proud of the meaningful impact they make for society, even if it takes time to get right. This is not the right job for someone who wants to "join a cool new AI startup" that implodes or exits in under a year.
Spruce lets users control their data across the web. Instead of users logging into platforms, we believe platforms should request to access data vaults controlled by users.
The demand for trusted digital ID is accelerating as AI deepfakes begin to destroy most of the ways we use to verify identity today. How private or secure is it to hold your driver's license or passport up to a webcam to get a bank account? Was it ever private or secure? Stable diffusion can break so much of this already. Society will need trusted digital IDs and credentials. Our mission is to allow them to be controlled by individuals, with safeguards to prevent descents into surveillance states and checkpoint societies.
We are the main implementers of category-defining initiatives such as the digital ID program for the California DMV, and the verifiable digital credentials program in Utah. We are private sector participants in NIST's National Cyber Security of Excellence initiative for privacy-preserving digital ID.
Today, we are hiring highly capable engineers who care about making a real impact in improving public services, digital autonomy, and user privacy for the world. We work closely with public sector agencies, and everyone on our team has a high regard for those in the public service. We have a strong engineering culture. We are not a SaaS product or AI wrapper, and our roles are not for the faint of heart. You will be expected to work hard and learn a lot in this role.
Our engineers are incredibly ambitious. On any given day, they may write great Rust/C#/TypeScript, deal with mainframe dumps, read policy documents, respond to technical RFIs/RFPs, manage on-prem environments, implement new NFC + Bluetooth protocols in Swift/Kotlin, create CI/CD processes that enforce W3C accessibility guidelines and i18n requirements, rewrite lost specs from disassembled binaries, figure out stablecoin payments, and design new protections for public key infrastructure. It is a team effort, and people with T-shirt shaped skills are able to collaborate and learn a ton from each other every day.
The potential impact of this work cannot be understated, and this is not the right job for you if you want to "join a cool new AI startup" and make a fast exit. However, if you care about our mission, then you will have the opportunity to make meaningful outcomes for society that will make you feel proud.
Spruce lets users control their data across the web. Instead of users logging into platforms, we believe platforms should request to access data vaults controlled by users.
The demand for trusted digital ID is accelerating as AI deepfakes begin to destroy most of the ways we use to verify identity today. How private or secure is it to hold your driver's license or passport up to a webcam to get a bank account? Was it ever private or secure? Stable diffusion can break so much of this already. Society will need trusted digital IDs, and our mission is to allow them to be controlled by individuals, with safeguards to prevent descents into surveillance states and checkpoint societies.
We are the main implementers of category-defining initiatives such as the digital ID program for the California DMV, and the verifiable digital credentials program in Utah. We are private sector participants in NIST's National Cyber Security of Excellence initiative for privacy-preserving digital ID.
Today, we are hiring highly capable engineers who care about making a real impact in improving public services, digital autonomy, and user privacy for the world. We work closely with public sector agencies, and everyone on our team has a high regard for those in the public service. We have a strong engineering culture. We are not a SaaS or AI company, and our roles are not for the faint of heart. You will be expected to work hard and learn a lot in this role.
Our engineers are incredibly ambitious. On any given day, they may write great Rust/C#/TypeScript, deal with mainframe dumps, read policy documents, respond to technical RFIs/RFPs, manage on-prem environments, implement new NFC + Bluetooth protocols in Swift/Kotlin, create CI/CD processes that enforce W3C accessibility guidelines and i18n requirements, rewrite lost specs from disassembled binaries, and design new protections for public key infrastructure. It is a team effort, and people with T-shirt shaped skills are able to collaborate and learn a ton from each other every day.
The potential impact of this work cannot be understated, and this is not the right job for you if you want to "join a cool AI startup" and make a fast exit. However, if you care about our mission, then you will have the opportunity to make meaningful outcomes for society that will make you feel proud.
Spruce lets users control their data across the web. We are creating the world’s best open source software for user-centric digital identity. Instead of users logging into platforms, we think platforms should request to access data vaults controlled by users.
We hire programmers who love technology and are committed to intellectual honesty, user privacy, and innovation. Our products are composed from a combination of industry-trusted frameworks, applied cryptography, new interoperable identity standards (W3C, ISO/IEC, IETF, and OpenID), and custom backend libraries.
Select roles:
Senior Technical Product Manager: Help drive the growth of a new product family which empowers government agencies and enterprises to manage the entire lifecycle of digital credentials for a wide range of use cases. This role will be responsible for collaborating on product vision, roadmap, user stories, timelines, and implementation strategy.
Software Engineer, Android: Build software prototypes and product features from start to finish for Android, embedding our Rust core.
It seems like HN posts that use Lever or Greenhouse have a notably worse response rate - I'm wondering if they let the HR-types filter out and ignore a lot of resumes easily. I've taken to mostly ignoring listings that use these due to the black hole behavior of them.
Spruce lets users control their data across the web. We are creating the world’s best open source software for user-centric digital identity. Instead of users logging into platforms, we think platforms should request to access data vaults controlled by users.
We hire programmers who love technology and are committed to intellectual honesty, user privacy, and innovation. Our products are composed from a combination of industry-trusted frameworks, applied cryptography, new interoperable identity standards (W3C, ISO/IEC, IETF, and OpenID), and custom backend libraries.
Select roles:
Senior Product Manager: Help drive the growth of a new product family which empowers government agencies and enterprises to manage the entire lifecycle of digital credentials for a wide range of use cases. This role will be responsible for developing product vision, roadmap, user stories, timelines, and implementation strategy.
Software Engineer, Android: Build software prototypes and product features from start to finish for Android and iOS, embedding our Rust core.
reply