HomeVideos

He’s always wrong

Now Playing

He’s always wrong

Transcript

340 segments

0:00

All right, we're going to do this again.

0:01

I hope I hope you're ready for this,

0:03

okay? Because since June 12th, we've

0:06

been working closely with the US

0:07

government to restore access to Claude

0:09

Mythos 5 and Fable 5. Gee, I can't

0:11

believe Anthropic lost it. I wonder I

0:13

wonder what caused that. Today, the

0:16

government has notified us that mythos

0:18

5, our strongest cyber security model,

0:20

can be redeployed to a set of US

0:22

organizations that operate and defend

0:24

critical infrastructure. Now, you're

0:26

probably thinking, well, wait a sec.

0:28

organizations that do critical

0:29

infrastructure. Haven't we seen this

0:31

before? Wasn't there something about

0:33

mythos and only going out to select

0:35

organizations? Yes, there was. It was

0:36

called Project Glass Wing. This was just

0:38

a couple months ago when Anthropic said

0:40

Mythos was in fact too dangerous and

0:42

then they released it to everybody and

0:43

then they pulled it back because of the

0:44

US government was told how dangerous it

0:46

was. Well, we're just replaying this

0:48

entire record again. We're back to

0:50

Project Glass Wing. There is the set of

0:52

the good guys, which apparently is Jeff

0:54

Bezos and Sundar and Mark Zuckerberg.

0:57

They're the good guys. They get access

0:59

again and the rest of us, we don't get

1:01

access. Now, I'm going to talk a lot

1:03

about safety, okay? Cuz here's the deal.

1:05

I think this is all fake. I think not

1:06

only is it fake, I think it's actually

1:08

hurting people. I actually have the

1:10

opposite opinion of Daario. Surprise,

1:13

surprise. Me with the opposite opinion.

1:15

Me with the opposite opinion of this guy

1:18

right here. Okay. We don't actually see

1:20

eye to eye. By the way, this is Daario

1:22

in 2023. Oh, we're going to play this

1:24

clip of him talking to the old

1:26

government. just really scaring them up.

1:28

Of course, before we begin, I'd like to

1:30

say thank you to the sponsors. One of

1:31

the more terrifying things you can do as

1:33

a company is to contract out software.

1:35

And I know a lot of companies are

1:36

contracting out their mobile

1:38

applications. The thing that makes this

1:40

so dangerous is that it's a blackbox

1:42

experience. You hope you get back

1:44

software that is complete, that is going

1:46

to be well tested, that ultimately will

1:48

be extensible as future needs require.

1:50

The last thing I want someone else to

1:51

say to Claude, "Hey, mobile app, no

1:53

mistakes." It does make mistakes. This

1:56

is why I trust the guys over at Infinite

1:58

Red. I have had many along talks with

2:00

the CEO about software quality and the

2:02

way to really build robust and good

2:04

systems and I love everything he has to

2:06

say and everything that I have seen with

2:08

my own eyes. The quality of software

2:10

that they build is very very good. All

2:12

right, so the safety argument is

2:14

actually pretty dang ridiculous that

2:16

we're having right now. This whole kind

2:17

of gated access to claw mythos. But I

2:20

just wanted to kind of add one more

2:22

quick point. If you don't know, right

2:25

now Chad GPT 5.6 is also in a limited

2:28

preview and the reason being for now at

2:30

the request of the US government, we're

2:32

starting with a limited preview among a

2:34

small group of trusted partners in

2:36

Codeex and the API. Sam finally has a

2:39

model that's also too dangerous. He's

2:41

not allowed to release it either. We got

2:43

to make sure we slowly roll the thing

2:46

out. And we're entering into an era in

2:48

which the government is now going to

2:50

have a larger and larger impact into

2:52

what is exactly happening. And this was

2:54

always Daario's goal. His goal was

2:56

always to have the government step in

2:59

and make regulation. He's been just

3:00

saying this non-stop. If you read his

3:02

writings, if you listen to his talks,

3:04

and his urging that we all need to slow

3:06

down. Well, here we are. It's finally

3:08

happening. His dream has been realized.

3:10

The frontier studios are all being

3:13

slowed down. But that's not really

3:15

actually making anything safer because

3:17

here's the deal. Have you heard of the

3:18

old model GLM? Well, GLM 5.2 apparently

3:22

beats Claude in some cyber security

3:24

benchmarks. At least in this article,

3:26

the security that's being ran is

3:28

insecure direct object reference. If you

3:30

don't know what that is, that's simply,

3:32

let's just pretend you have an endpoint

3:33

on your website that goes and grabs user

3:35

information. If I were to pass in any

3:37

user ID, you should probably go, hey,

3:39

are you that user? Oh, you're not? Hey,

3:41

you're not allowed to look at I'm sorry.

3:42

Hey, brother. Sorry. This is not you.

3:44

404 don't know who this is. Well, it

3:46

turns out that the fourth most common

3:49

bug on hacker one top vulnerability list

3:52

is in fact these right here. These oopsy

3:54

poopsies insecure direct object

3:56

references where people can just go onto

3:58

websites and get data if they just

4:00

simply have an ID. So Sam Gre went off

4:02

and developed a benchmark against these

4:04

type of vulnerabilities. And it turns

4:06

out things like Claude Code, Opus 46 and

4:09

48 did about a 28% to 37%. Jippidity

4:12

Codeex did about a 20% and GLM with no

4:16

harness, just the model itself did 39%

4:19

did better than both Claude Code and

4:21

their latest models and Jeypity 55. Now,

4:24

if you don't know, a harness makes a big

4:26

difference. A harness is a lot of the

4:27

reasons why you think coding with an LLM

4:30

has gotten so good. It's actually the

4:31

harness, the ability for the model to

4:33

use and abuse the system to gather

4:35

information and make smarter decisions.

4:37

A harness is going to be the thing that

4:39

gives the model access to tools in which

4:41

it can then go and make much more

4:43

informed decisions. So that means GLM

4:46

with no harness outperformed Opus 48 by

4:50

practically 10%, Jeopardy 55 by

4:53

practically 20%. And those both have

4:55

harnesses. And the thing about GLM that

4:57

you may not realize is that it's an

4:59

openweight model. I can go to hugging

5:01

face right now and download the model.

5:04

The thing is it's very very large. For

5:06

me to be able to run it with any level

5:09

of effectiveness, it could cost me about

5:11

$73 an hour. Now, if I was a bad actor,

5:15

you could see me actually doing that

5:17

because I could potentially make a lot

5:19

more than $73 an hour by scamming

5:22

people. And of course, it would be a

5:24

completely offline model for me to just

5:26

have. I wouldn't have to go and fork

5:28

over millions of dollars to be able to

5:29

have an onremise machine that could run

5:31

this. Instead, I could just run it from

5:33

the safety of my computer. Just doing a

5:34

quick little SSH up, bada bing, bada

5:37

boom, and just see the thing run. Not

5:39

only that, but Hermes agents, one of

5:40

these many agents, one of these many

5:42

harnesses that run models, has something

5:44

called a mixture of agents, meaning it

5:46

uses both 55 from Jippidy and also uses

5:48

four opus 48. And by combining those

5:51

both, it's doing better on benchmarks.

5:53

In other words, it's performing better.

5:55

I don't like honestly when someone says

5:57

it's 11% better, I have no idea what

5:59

that actually means cuz I don't know how

6:01

to quantify programming in that kind of

6:04

sense. I don't know how to be like it's

6:05

4% better. Like I don't know what that

6:07

means. But it's just saying, hey, it's

6:10

scoring higher on whatever these tests

6:12

are, which once again means that the

6:14

ability to do, you know, security

6:16

research and all this is actually kind

6:18

of generally available. the bugs that

6:20

Mythos has found, people are able to

6:22

find them. Also, with 48, you're going

6:24

to be able to find them with the mixture

6:25

of agents. GLM is going to be able to go

6:28

off and find these as well. As harnesses

6:30

improve, the ability to do this is going

6:33

to go way up. Microsoft also has a kind

6:35

of this like mixture of agents approach

6:37

in which they even score higher than

6:39

Mythos. So, it's all actually available.

6:41

It's just available to those with money.

6:43

If you have money and time and you can

6:45

set up your own harness, bada bing, bada

6:47

boom, you're going to have yourself a

6:49

hacking machine, which is ultimately

6:51

what Daario has been warning everybody

6:53

about. The scaling of of of open-source

6:56

models, I think it's going down a very

6:58

dangerous path. And if the if again, if

7:01

the path continues, I think we could get

7:03

to a very dangerous place. I think it's

7:05

worth saying some things on open source

7:07

models that are are clear to all the

7:09

experts but I want to make sure is is

7:11

understood by by this

7:13

>> clear to all the experts they uniformly

7:15

agree which is crazy because you know

7:16

classic experts I mean you can't even

7:18

get dentists to agree on the toothpaste

7:20

and he's over here getting experts to

7:22

agree to outcomes of stuff we haven't

7:24

measured yet kind of wild

7:25

>> committee which is when when you control

7:28

a model and you're deploying it you have

7:29

the ability to monitor it usage

7:31

>> it's really all you need to know you'd

7:32

like to monitor the usage and this is

7:34

the whole argument. This is the entire

7:36

safety argument which is just completely

7:38

broken. There's open source models in

7:41

which are doing absolutely excellent.

7:43

There's people that have money and

7:45

motivation to scam. They have access to

7:47

it. There's a whole bunch of people that

7:49

maintain a bunch of software that just

7:51

simply don't have access to these

7:53

models. They don't have access to these

7:55

open source frameworks cuz they're not

7:56

going to go spend, you know, $5,000 over

7:58

a weekend to maintain their little open-

8:00

source project that nobody actually

8:02

cares about in which the entire world

8:04

uses and everybody actually cares about.

8:06

They just don't realize they care about

8:07

it. And this is the whole problem of the

8:09

safety argument is that it's

8:11

fundamentally unsafe. The tools and the

8:14

harnesses are there. The mythos complete

8:17

hacking craze has already been

8:19

reproduced by plenty of other models and

8:21

people talking about it all the time on

8:23

the internet. There's already better

8:24

harnesses that are scoring higher,

8:26

whatever that means, on the same

8:28

benchmarks than Mythos. At the end of

8:30

the day, I think Michael, creator of

8:32

Effects TS, says it best. Going to need

8:34

to get something off my chest. The

8:36

discord on cyersc and mythos/ US

8:38

approach is stupid beyond imagination.

8:40

There should be no guardrails and the

8:42

most powerful models should be

8:43

immediately available to everyone. Want

8:45

to make sure the world is safer? Give

8:47

free usage to maintainers of core

8:48

infrastructure. If access is restricted,

8:50

be sure offensive teams will find their

8:52

way in. Somebody with insider access to

8:55

anthropic or open AI will be offered a

8:57

deal they can't refuse and leak the

8:58

model to malicious actors or a malicious

9:00

actor will end up developing an equally

9:02

capable model. Look at GLM. It's near

9:05

the same level of capability. Yeah,

9:07

maybe it's not mythos levels, but it's

9:09

not far off. Yes, not only the good

9:12

folks have money, but also the bad ones.

9:14

Exactly correct. The only thing you

9:16

achieve by restricting access is

9:18

unsafety

9:21

100%. Because that's the thing is right

9:23

now you could have an entire world that

9:26

exists in which people could be

9:28

preparing their piece of the world their

9:31

little corner of software making it more

9:33

secure if that's the true delivery of

9:35

these models to begin with. If that's

9:37

the case wouldn't you want the whole

9:39

world to walk in lock step? Why would

9:42

you want a select group of bad guys who

9:44

happen to have a couple million or the

9:46

ability to rent out enough Blackwell

9:48

Ultra GPUs from Nvidia to be able to

9:50

take advantage of everybody else while

9:52

we the plebs wait for the ability to

9:54

secure our own systems? Like the

9:55

fundamental premise of this all doesn't

9:58

make any sense. Like if Daario actually

10:00

wanted safety, he would go for

10:02

federation. It's the only way to make

10:04

the world safe is to have a lot of

10:06

people work on it at the same time. The

10:08

only way to make it unsafe is to allow

10:10

people to lag far behind what the bad

10:12

guys have access to. Ridiculous.

10:15

Absolutely ridiculous. And that's

10:17

because at the end of the day, anthropic

10:20

Daario over here, what they really want

10:22

is control. He says it right there

10:24

inside the little interview. If I can

10:26

just control the inputs, well, then I

10:28

can control the outputs. If I don't let

10:30

you say certain things, well, then you

10:32

can't say it to the model. I can protect

10:33

you from you. And ultimately, that's why

10:36

I call him Daddy Dario. He is the one

10:39

that's going to keep you safe from all

10:41

the bad guys or good guys, but you're

10:44

going to be safe because honestly, he

10:46

has your best interest in heart, which

10:47

is just control. I mean, sorry, safety.

10:49

Safety. He has your best interest in

10:50

heart. It's safety. That's what he

10:51

wants. Anyway, so there you go. That's

10:53

my whole opinion on safety in this

10:54

entire talk. I think it's all

10:56

ridiculous. I think this entire gated

10:58

access and everything is really not

10:59

doing anything good. I think at the end

11:01

of the day, the bad actors are still

11:03

going to be bad. The ability for Opus 48

11:05

to be able to hack at a near level as

11:07

mythos has already been cited a hundred

11:10

times all over these different studies.

11:11

It's not like we're actually really

11:13

having security. We're just having

11:15

security theater. And ultimately, it's a

11:18

play for control or it's a play for

11:19

Daario to be able to regulate his

11:21

opponents out of business. I'm not

11:22

actually really sure which one it is.

11:24

Probably both is my guess. Anyways, I

11:26

can't wait for Fable to come back out

11:27

again. That would be great, huh? I'd

11:29

love I'd love to have a little bit I'd

11:30

love to have a little bit of Fable.

11:31

Wouldn't you? Yeah, that'd be fantastic.

11:33

I' I'd use it again. Yeah. Fa fable.

Interactive Summary

This video critiques Anthropic's 'safety' approach regarding restricted access to their advanced models, such as Claude Mythos. The presenter argues that this policy of gating access to a select few organizations—under the guise of preventing misuse—is ineffective and counterproductive. By highlighting the availability of powerful open-weights models like GLM, the presenter suggests that malicious actors already have access to sophisticated tools, making current restrictions essentially 'security theater.' The video concludes that these measures are less about genuine safety and more about centralizing control and lobbying for government regulation to stifle competition.

Suggested questions

3 ready-made prompts