网络安全如今更像工作量证明Cybersecurity Looks Like Proof of Work Now
英国AI安全研究所评估Claude Mythos时发现其具备强大的网络攻击能力,促使业界重新思考AI在攻防中的角色。文章暗示当前网络安全体系正逼近‘工作量证明’模式——即防御方需投入巨大资源构建复杂系统以对抗自动化、高智能的攻击者,形成成本不对称的博弈格局。
Simon Willison
14th April 2026 - Link Blog
Cybersecurity Looks Like Proof of Work Now. The UK's AI Safety Institute recently published Our evaluation of Claude Mythos Preview’s cyber capabilities, their own independent analysis of Claude Mythos which backs up Anthropic's claims that it is exceptionally effective at identifying security vulnerabilities.
Drew Breunig notes that AISI's report shows that the more tokens (and hence money) they spent the better the result they got, which leads to a strong economic incentive to spend as much as possible on security reviews:
If Mythos continues to find exploits so long as you keep throwing money at it, security is reduced to a brutally simple equation: to harden a system you need to spend more tokens discovering exploits than attackers will spend exploiting them.
An interesting result of this is that open source libraries become more valuable, since the tokens spent securing them can be shared across all of their users. This directly counters the idea that the low cost of vibe-coding up a replacement for an open source library makes those open source projects less attractive.
需要完整排版与评论请前往来源站点阅读。