上述要素协同作用，可发现软件漏洞、识别利用方式并构建补丁。收益与风险均源于这一组合方案，而非任一单一模型。这一点至关重要，因为其他方亦可构建类似系统。嵌入于具备深厚安全专业知识系统的较小规模模型，或能以更低成本实现相近效果，这对防御尤为有利。人工智能网络安全能力呈‘锯齿状’：其能力并不随模型规模或通用基准测试性能的提升而平滑增长。

Together, these ingredients can uncover software vulnerabilities, find exploits, and build patches. It’s in this recipe — not in any one model — that both the benefits and the risks come in. This matters because others can build comparable systems. Smaller models embedded in systems built with deep security expertise could potentially produce similar outcomes more cheaply, which is particularly promising for defense. AI cybersecurity capability is jagged: It doesn’t scale smoothly with model size or general benchmark performance.

综上所述，这些要素可共同用于发现软件漏洞、寻找利用方法并构建补丁。真正的优势与风险均源于这一整套组合方案——而非任何单一模型。这一点至关重要，因为其他方亦可构建出功能相当的系统。嵌入具备深厚安全专业知识系统的较小规模模型，或能以更低成本实现类似效果，这对防御领域尤为可期。人工智能网络安全能力呈现“锯齿状”特征：其能力并不随模型尺寸或通用基准测试表现而平滑提升；模型所嵌入的系统本身影响巨大。因此，Mythos 所展示的是：构建一套能够自主发现并修复软件漏洞的人工智能系统是可行的。我们早已知晓这种可能性，相关研究亦日益增多；但针对“具身智能体 AI”（agentic AI）——即能够快速、自主采取行动的系统——其深层意涵，我们才刚刚开始探索。 一种主张采用更封闭系统的常见论点是“专有模糊性”（proprietary obscurity），即系统底层代码不可访问。遗憾的是，这种做法所提供的防护效力已大不如前。人工智能系统正日益增强对剥离符号信息的二进制文件（stripped binaries）进行逆向工程的辅助能力；这尤为关键，因为绝大多数遗留固件及嵌入式代码均为闭源、仅提供二进制形式，且早已停止维护。此类代码构成了巨大的攻击面；而随着人工智能工具持续进步，其可读性与可访问性正不断提升。 贯穿上述所有现象的根本问题，在于攻击者与防御者之间存在能力不对称。开源模型与开源工具可有效缩小这一差距，使防御者得以获得与攻击者同等水平的能力——否则，此类能力将仅集中于少数资源雄厚的实体手中。 半自主化方法的有效性，取决于人类是否真正理解人工智能智能体所执行的操作及其决策依据。当系统基于开放组件构建时（例如开放的智能体框架、开放的规则引擎，以及可供审计的决策日志与执行轨迹），这种理解才更有可能实现；相较之下，若系统为黑箱，则几乎无法达成。所谓“人在环路中”（human in the loop），唯有当人类切实“看见环路内部”时，才具有实质意义。 攻击者必将开发出专门利用各类漏洞的模型。应对这一挑战的关键部分，在于积极采纳透明实践：开展公开安全审查、发布威胁模型、共建共享漏洞数据库，以及推广可供任何团队采用的开源工具。反之，若各组织仅依赖专有工具、各自为政地开展独立防护，则难以应对攻击者在其自有社区内协调行动、共享技术的现实威胁。 人工智能网络安全的未来，将更多由围绕模型构建的生态系统所塑造，而非由任一单个模型所决定。开放性为防御者提供了可见性、可控性、协作社区以及共享基础设施，从而助其持续保持领先。

Together, these ingredients can uncover software vulnerabilities, find exploits, and build patches. It’s in this recipe — not in any one model — that both the benefits and the risks come in. This matters because others can build comparable systems. Smaller models embedded in systems built with deep security expertise could potentially produce similar outcomes more cheaply, which is particularly promising for defense. AI cybersecurity capability is jagged: It doesn’t scale smoothly with model size or general benchmark performance. The system the model is embedded within matters a lot. So what Mythos has demonstrated is that it’s possible to build an AI system that finds and addresses software vulnerabilities. We already knew this was possible and there has been increasing work on this, but we’re just beginning to explore what it means in the context of agentic AI: Systems that can rapidly and autonomously take action. A common argument for more closed systems is proprietary obscurity, where the code underlying a system is inaccessible. Unfortunately, this provides less protection than it used to. AI systems are increasingly able to assist with reverse engineering of stripped binaries, which matters because most legacy firmware and embedded code is closed, binary-only, and no longer maintained. That code represents a huge attack surface, and it’s becoming more legible and accessible as AI tools improve. Underlying all of this is capability asymmetry between attackers and defenders. Open models and open tooling narrow that gap by giving defenders access to the same class of capabilities attackers can reach for — capabilities that would otherwise be concentrated within a small number of well-resourced entities. The semi-autonomous approach depends on humans being able to actually understand what an AI agent did and why. That’s much more possible when the system is built on open components, such as open agent scaffolding, open rule engines, and auditable decision logs and traces, than when it’s a black box. The “human in the loop” is only meaningful if the human can see into the loop. Attackers will develop models that take advantage of vulnerabilities. A significant part of the answer is leaning into transparent practices: open security reviews, published threat models, shared vulnerability databases, and open tooling that any team can adopt. The alternative of each organization trying to secure itself in isolation with proprietary tools doesn’t scale against attackers who are coordinating and sharing techniques in their own communities. The future of AI cybersecurity will be shaped less by any single model and more by the ecosystems that surround them. Openness provides defenders with the visibility, the control, the community, and the shared infrastructure to stay ahead.