Obviously Antropic has no incentive to keep the token counts low. My understanding of their strategy is that they are betting on models getting better faster than what would justify the effort needed to squeeze more value per dollar out of them. Obviously I have no data to contradict them, but I would be surprised if that’s the case in the long term and for everyone.

My guess is that the costs can be reduced substantially, but that’s only going to happen once these tools get into the hands of your average security researcher.

I have no inside knowledge on this particular work, but their previous work on the OSS-fuzz targets and on Firefox were all excellent quality bug reports.

Seriously. Look them up.

They were all reproducible ways to trigger faults in ASan builds. That’s by definition memory corruption. We can argue about whether all of them are exploitable, but a) they need to get fixed regardless b) we know that even tiny memory corruptions can often be leveraged into a compromise given enough effort.

I know it’s cool to be blasé about AI stuff, but if there’s an area where the hype is warranted it’s computer security research.

I don’t want to look at AI “art” or read an AI generated “book”, but the exploits derived from an AI-enabled process work just as well as the organic version. And you don’t need a warehouse full of Eastern European zoomers and junk food to get them.

I’m worried about the tons of barely maintained software run by your average company. Most commercial software is made by relatively small outfits and is drowning technical debt. The only thing saving their customers is the effort of picking through it.

But now any loser with a decompiler and a $100 Claude sub can ruin a whole lot of people’s day.

Things will get better, but the near term is pretty fucked.

For ranting like a punctuation deprived madman

Get help.

“Fuck you, make me”

Because usually it doesn’t help. You get a lot of questions about what you were wearing and what your make up is like, your love life is scrutinized, you get to retell the most traumatic moment of your entire existence over and over and over again to people.

And then nothing happens. The perpetrator walks free.

So you just try to put it behind you. Move on. Even though you are severely traumatized, you put in a smile and pretend that if you pretend everything is alright, it somehow will be.

Why do you feel personally attacked?

And good too. She’s an evil whiny bitch. Lae’zel is where it’s at. And Astarion of course.

NATO is likely to muddle on until we have a genuine article five situation, and then we’ll see where we are. I’m not putting any money on it.