I have a strange fascination with cybersecurity. Not enough to, like, go into it as a profession, but enough to be healthily scared.
You know the drill: Not clicking on sketchy links. Deleting phishing texts. Checking the credit report periodically. Feeling smug when I’m not part of the latest public data-breach report. Etc.
Recently, though, I learned about Bugmageddon. I guess I missed the first round of headlines in April, but the upshot is that the new wave of AI models like Anthropic’s Mythos are so good and so fast at finding software bugs that everyone might as well put a “Welcome Hackers!” sign in their code right now, because the White Hats won’t be able to keep up with the Black Hats. What comes next is, therefore, rampant identity theft, ransomware attacks, institutional takedowns, and more.
New level of dread unlocked.
But first I needed to confirm this wasn’t FUD (Fear, Uncertainty, Doubt). If you’re not familiar with the term, it’s a means of scaring people into paying for things that are overkill for what they need. Who better to ask for the verdict than Claude?
Claude: Not FUD. This could really happen.
Me: <checks sources, sees they’re all from security companies trying to sell things>
Oh, Claude, you Silly Sillerson, buying into the FUD.
Then, two hours later, I got back-to-back emails — on the weekend — from two small businesses I patronize. Two of the nicest, most wholesome businesses you can imagine and a true pleasure to work with. And both had been victims of domain theft.
So, FUD or not, I did what any now-fully-paranoid person would do and went on a security spree, upping the protection (read: paying for it) on the personal systems I’d rather not get taken over or wiped. I’m still mulling over whether setting up automated cloud backups is in the cards, too, as an extra safety net. (No, OneDrive, I’m not talking about you. Stop nagging me!)
To all the experts out there: Yes, this is overkill for the average home user and the paid versions probably aren’t worth it. In theory, good Internet hygiene should be fine for most folks.
In theory.
Appetite for destruction
This is why Mythos hasn’t been released commercially, and why Anthropic launched Project Glasswing, where a small group of trusted partners are putting it through its paces with a Preview version.
The rest of us got Fable 5, stuffed chock full of guardrails to hinder the bad actors. Except … on June 12, the U.S. government issued a national security directive that made Anthropic take Fable 5 and its Glasswing parent Mythos 5 offline.
At the time I’m writing this, it’s hard to know whether the threat is real. Anthropic obviously believes it’s not. And, the government framing that this is to keep the models out of the hands of foreign nationals is kinda on brand for the current administration’s villainization of non-Americans.
But it adds another layer to the narrative of AI as a destructive force and scourge of humanity. The story thus far was already pretty damning:
- Killing the planet
- Taking everyone’s jobs
- Going Terminator on the battlefield
- Rotting young minds
- Decimating the creative arts
- Replacing critical thinking with slop
- Widening the gap between the haves and have nots
- And now… coming for all things digital plus your identity plus whatever else can be stolen from you
Hey, though, did you see the skill that makes a PowerPoint deck for you?
Caught unawares
Last week, I talked about how AI at the scale of having agents do all the work is cost-prohibitive for a lot of businesses, let alone hobbyists or solopreneurs. The extra security costs whenever a new Bugmageddon comes along make this worse, regardless of whether you try to DIY or pay for the professionals.
For hobbyists who are going the DIY route to save on LLM tokens — maybe, say, a small local model and basic interface wrapper — you’ve also got to become a network and cybersecurity expert on top of the AI skills your brain is already overloaded with. And probably some coding thrown in there, too, especially if you’re trying to do it on a Windows machine. (Ask me how I know.)
For folks at work who are being told to “experiment and figure it out” as part of the AI productivity push, you’ve got to become an expert in your company’s back-end systems while also relying on the kindness of more-technical colleagues and IT’s guardrails to keep you from making mistakes. Whose neck is on the line when a vibe-coded whatever does something Very Very Bad?
Certainly, learning new skills is important for career development, and AI literacy is key among them. But is all of *this* necessary for AI literacy?? It seems like a lot to ask from people and, frankly, rather unfair.
The lengthy list of things to worry about with AI is legitimate and alarming. But what it exposes more than anything is how unprepared we as a society are for this level of disruption. You’d think we’d have learned some things during Covid, but apparently not. In fact, we might have even regressed.
I don’t have a good answer on what to do about it. The backlash against slop is starting to address some of the cultural challenges, but we’re missing the safety nets and regulatory intervention that would address the structural ones. It also doesn’t help that a lot of leaders seem to think “experiment and figure it out” is the way to deploy AI, but this might turn out to be self-correcting when the inevitable Very Very Bad thing hurts their business.
AI is the most powerful technology we’ve seen, and it’s getting more powerful all the time. The possibilities it can unlock for humanity are staggeringly good and staggeringly bad. I’m optimistic enough to hope the good place wins out in the end. But the appetite to implement the institutions that would get us there quickly is being consumed by other distractions, and it will probably take a large catastrophe to change that.
Bugmageddon might end up being the thing, though I shudder to think of how much damage it could leave in its wake.
Now, if you’ll excuse me, I need to go troubleshoot a new hardware firewall.
All opinions here are my own. All text is my own, too, including the em dashes. I welcome constructive comments and discussion on LinkedIn and Bluesky.
Leave a Reply