This makes me think a bit more about this CVE more too.
Anthropic lately has been really trying to burn any/every good will that they have it seems. Also a bit ironical about how the most dangerous model (Mythos) which can find CVE in other projects wasn't able to find this CVE within the claude-code project itself.
az226 12 hours ago [-]
And yet Mythos couldn’t find it. Whomp whomp
amluto 5 hours ago [-]
Mythos might be good at finding holes in an actual defined security boundary. But trying to audit Claude Code would be like trying to find the holes in Swiss cheese. Of course they’re there!
quinncom 4 hours ago [-]
Probably it did, but just thought, “I’m saving this one just for me”
philipwhiuk 5 hours ago [-]
Maybe if they'd submitted each file twice instead of only once /s
bredren 3 hours ago [-]
[dead]
Rendered at 18:57:07 GMT+0000 (Coordinated Universal Time) with Vercel.
Anthropic response to 1-click pwn: Shouldn't have clicked 'ok': https://news.ycombinator.com/item?id=48057836
This makes me think a bit more about this CVE more too.
Anthropic lately has been really trying to burn any/every good will that they have it seems. Also a bit ironical about how the most dangerous model (Mythos) which can find CVE in other projects wasn't able to find this CVE within the claude-code project itself.