Is there an open source no-AI password manager out there?
Trying to bail on BitWarden… KeePassXC (with SyncThing) seems to come up as the most recommended, but they’ve been using copilot. Seems like they might still have the strongest anti-ai stance of the available options though, despite that.
#PasswordManager #NOAI @fuck_ai
Those are just the ones that Mythos has claimed so far. They stated that is only about 1% of all the vulnerabilities they discovered and were publicly announced. Firefox 150 had over 270 bug fixes, with 13 of them as high severity.
Mythos is also finding high severity vulnerabilities that have been in systems for over 20 years with no humans able to discover them during that time. Its patient, and can look at the entire repo and how it all works together.
The problem is that I do not believe a word that anthropic says. They say this is only 1%, but do they have any proof to back it up? I am also sceptical of the claim that it can “look at the entire repo and how it all works together”. It can produce an approximation which could give it an advantage over more traditional fuzzers, but most reported bugs are still very local(and/or non-existant) and easily ruled out if it could actually model the naur theory behind the code.
Nor should you.
They already explained how they have placed hashes inside all their bug reports for Project Glasswing and will reveal their report once there has been time for patches to be applied.
Mozilla, developer of one of the most active and heavily scrutinized open source repositories in existence today, blogged about it with their product known as Firefox. They agree with you that it doesn’t do anything better that what a human researcher could find, but its perk is that it can relentlessly play that role and keep looking, while human researchers have to sleep, eat, and enjoy other activities:
https://blog.mozilla.org/en/privacy-security/ai-security-zero-day-vulnerabilities/
I’ll see when these hashes materialise, until then I have to assume LLM companies are lying always about everything.
See, the problem is that I am not talking about human researchers, I am talking about other methods of automated fuzzing. I believe mozilla is overstating how useful the LLM has actually been. This has many reasons, one of them being that their main source of income is trying to become an LLM company. If that project fails said company might have to make some unfortunate cuts.
Im sure FreeBSD probably appreciates the bug reports as well, and I don’t believe they are tied to LLMs. They have totally revamped their processes recently to accommodate for the influx of reports coming in.