Linkdump

• Anthropic Mythos: security superpowers?
• Threat model scope matters
• Anyone ready for quantum break in 2029?
• Trains with 5G windows and noise-cancelling cabins: only in Japan
• The NAND gate of continuous mathematics: all elementary functions from one operator

Anthropic holding back Mythos because they claim it has extraordinary powers to discover security flaws (whether the claims hold up or not) was a master marketing/PR move. It instantly made a big splash, generated great demand, and as a side effect it at least made the software security community wonder, “what if it’s true?” Naturally, there are all kinds of opinions, rebuttals, and reactions.

• Google security methodology compendium
• Threat modeling
• Are attacks the only threat?
• Why is threat modeling ignored?
• Miscellaneous
• e16n next Stage 4

Google is sharing a lot of their impressive security methodology in a recent collection of articles: How Google Does It: An inside look at cybersecurity. Of special interest to me: Threat modeling, from basics to AI.

• On “the end of security bugs”
• STRIPPED
• Incident response threat modeling?
• Using CSS and PDF as emulators running code

Claude Code Security has people predicting the end of security bugs as we know them I can’t imagine anything in the forseeable future doing that because all software has bugs, and vulnerabilities are by definition a subset of all the bugs (in a properly designed system). Bug-free code seems computationally infeasible for large systems, if only for the amount of testing required to confirm there are no bugs. What am I missing, or is it AI hype?

• on “Bitlocker, the FBI, and Risk”
• threat models to address hacklore
• software bloat
• software update release quality