Schneier: Cheap GPT-5.5 Matches Mythos at Finding Security Holes
What Happened
Schneier's blog notes the UK's AI Security Institute found OpenAI's publicly available GPT-5.5 performs comparably to Claude Mythos at vulnerability detection, with smaller, cheaper models achieving similar results when properly prompted. Schneier argues advanced AI vuln-finding is dual-edged — helping defenders patch faster while arming attackers — and extends the concern to regulatory systems like tax law, where AI could surface unknown loopholes.
My Take
This quietly demolishes the comforting narrative around the Mythos FSB briefing. If a model anyone can buy already matches the "dangerous, unreleased" one, then withholding Mythos buys almost no safety — the capability is already loose. Schneier's deeper point is the one to internalize: AI doesn't just find software bugs, it finds *system* bugs — in tax codes, contracts, regulations. Any complex rule set you rely on is now machine-auditable for exploits by both sides. Defenders should start adversarially testing their own rules before someone else does.
Read Original Source