> As I've written before, this is not the correct response to the purported threat by Mythos. Neither the AI Safety Institute nor the NCSC recommend this action. While there may be some increase in risk from AI security scanners, to shutter everything would be a gross overreaction.
> Even if we ignore the impracticality of closing all the code - it is too late! All that code has already been slurped up. If Mythos really is the ultimate hacker, hiding the code now does nothing. It has likely already retained copies of the repositories.
> And if it were both practical and effective to hide source code - that doesn't matter. These AI tools are just as effective against closed-source. They can analyse binaries and probe websites with ease.
> There are tens of thousands of NHS website pages which refer to their GitHub repos - will they all need to be updated? What's the cost of that?
All true, and it shows how everything is solely done for optics, and any flimsy excuse is used to instantly claw back at any kind of transparency/openness the very second it arises. Non-technical people making this decision because they believe there's even a 0.1% chance that they'll be blamed that they "didn't do enough" when they didn't go closed source and a vuln is found. And 2026's extreme greed and selfishness (and yes, average greed level does change over time, as with every single cultural trait) means they gladly make that decision at the cost of the common good.
Do always keep in mind that the private sector isn't any better on these things.
rvz•44m ago
The only exception is if there were significant changes to the code after it was closed given that won't be read by the attackers or the LLMs, if you are using them locally.
They can use LLMs internally to find bugs privately without revealing the source code, a step ahead of the attackers.
We have just seen the Copy.fail disclosure disaster that was discovered by someone using a LLM and released a zero day without a clear fix and descended the community into confusion / panic.
Given that powerful LLMs exist both open and closed weight models, open sourcing everything for the sake of it makes less sense and there has to be a balance especially when it is used by hospitals.
deaux•1h ago
> Even if we ignore the impracticality of closing all the code - it is too late! All that code has already been slurped up. If Mythos really is the ultimate hacker, hiding the code now does nothing. It has likely already retained copies of the repositories.
> And if it were both practical and effective to hide source code - that doesn't matter. These AI tools are just as effective against closed-source. They can analyse binaries and probe websites with ease.
> There are tens of thousands of NHS website pages which refer to their GitHub repos - will they all need to be updated? What's the cost of that?
All true, and it shows how everything is solely done for optics, and any flimsy excuse is used to instantly claw back at any kind of transparency/openness the very second it arises. Non-technical people making this decision because they believe there's even a 0.1% chance that they'll be blamed that they "didn't do enough" when they didn't go closed source and a vuln is found. And 2026's extreme greed and selfishness (and yes, average greed level does change over time, as with every single cultural trait) means they gladly make that decision at the cost of the common good.
Do always keep in mind that the private sector isn't any better on these things.
rvz•44m ago
They can use LLMs internally to find bugs privately without revealing the source code, a step ahead of the attackers.
We have just seen the Copy.fail disclosure disaster that was discovered by someone using a LLM and released a zero day without a clear fix and descended the community into confusion / panic.
Given that powerful LLMs exist both open and closed weight models, open sourcing everything for the sake of it makes less sense and there has to be a balance especially when it is used by hospitals.