Agreed. I am getting tired of half the HN posts being about politics. I come here to get away from that stuff, but it is becoming a greater portion of the content.
Look at the number of responses on each article to see why that happens. Also, most articles aren't about politics. But the ones with lots of responses and discussion usually are. Network effect sucks sometimes...
I would mind far less if the political comments were only the political posts. I just avoid clicking into those.
It's when I click into an interesting topic, and it's steered into being an offtopic retread of every other thread about US politics. The upvote/downvote system simply no longer works to squelch it as it once did, because there are enough people here who believe "everything is political" and therefore it's always "on-topic".
That is their prerogative, but it has dramatically lessened my enjoyment and engagement on this platform in the last 5 years. And it's gone into overdrive in the last 6 months.
That was my thought exactly. If small models can find these same vulnerabilities, and your company is trying to find vulnerabilities, why didn’t you find them?
I speculatively fired Claude Opus 4.6 at some code I knew very well yesterday as I was pondering the question. This code has been professionally reviewed about a year ago and came up fairly clean, with just a minor issue in it.
Opus "found" 8 issues. Two of them looked like they were probably realistic but not really that big a deal in the context it operates in. It labelled one of them as minor, but the other as major, and I'm pretty sure it's wrong about it being "major" even if is correct. Four of them I'm quite confident were just wrong. 2 of them would require substantial further investigation to verify whether or not they were right or wrong. I think they're wrong, but I admit I couldn't prove it on the spot.
It tried to provide exploit code for some of them, none of the exploits would have worked without some substantial additional work, even if what they were exploits for was correct.
In practice, this isn't a huge change from the status quo. There's all kinds of ways to get lots of "things that may be vulnerabilities". The assessment is a bigger bottleneck than the suspicions. AI providing "things that may be an issue" is not useless by any means but it doesn't necessarily create a phase change in the situation.
An AI that could automatically do all that, write the exploits, and then successfully test the exploits, refine them, and turn the whole process into basically "push button, get exploit" is a total phase change in the industry. If it in fact can do that. However based on the current state-of-the-art in the AI world I don't find it very hard to believe.
It is a frequent talking point that "security by obscurity" isn't really security, but in reality, yeah, it really is. An unknown but presumably staggering number of security bugs of every shape and size are out there in the world, protected solely by the fact that no human attacker has time to look at the code. And this has worked up until this point, because the attackers have been bottlenecked on their own attention time. It's kind of just been "something everyone knows" that any nation-state level actor could get into pretty much anything they wanted if they just tried hard enough, but "nation-state level" actor attention, despite how much is spent on it, has been quite limited relative to the torrent of software coming out in the world.
Unblocking the attackers by letting them simply purchase "nation-state level actor"-levels of attention in bulk is huge. For what such money gets them, it's cheap already today and if tokens were to, say, get an order of magnitude cheaper, it would be effectively negligible for a lot of organizations.
In the long run this will probably lead to much more secure software. The transition period from this world to that is going to be total chaos.
... again, assuming their assessment of its capabilities is accurate. I haven't used it. I can't attest to that. But if it's even half as good as what they say, yes, it's a huge huge huge deal and anyone who is even remotely worried about security needs to pay attention.
Maybe they did use small models but you couldn't make the front page of HN with something like this until Anthropic made a big fuss out of it. Or perhaps it is just a question of compute. Not everyone has 20k$ or the GPU arsenal to task models to find vulnerabilities which may/may not be correct?
Unless Anthropic makes it known exactly what model + harness/scaffolding + prompt + other engineering they did, these comparisons are pointless. Given the AI labs' general rate of doomsday predictions, who really knows?
papers are always coming out saying smaller models can do these amazing and terrifying things if you give them highly constrained problems and tailored instructions to bias them toward a known solution. most of these don't make the front page because people are rightfully unimpressed
What would change is the government would need to greatly increase their debt. In 2025 the government got about $5.23 trillion in tax revenue and spent about $7 trillion. So most of the government spending is financed by taxes. Remove that and the rate of debt quadruples (and by extension inflation).
Fact is US is able to run up 39 trillion and counting in debt because it prints the god damn monopoly money. No one would offer a loan to someone with that financial history. Shit really went off the rails after Bretton-Woods, huh?
That seems like a terrible idea. A good tax accountant will help you find ways to lower tax burden and save money. The IRS has no such incentive, and will probably just tax you at the standard rates for your gross income.
reply