Ari Herbert-Voss (아리 허버트-보스), chief executive of AI security startup RunSybil, argued that combining open-source models can deliver vulnerability detection performance comparable to Anthropic Mythos, The Register reported on April 24.

Herbert-Voss made the remarks in a presentation at the Black Hat Asia conference in Singapore.

He assessed Mythos as strong at detecting everything from easily found bugs to complex vulnerabilities. He said it was due to “supralinear scaling”.

Researchers assumed large language model capabilities would improve linearly, but in practice doubling data, computing and time is producing a quadrupling of capabilities, he said. He added that open-source alternatives are essential for many organisations because Mythos is expensive and unlikely to be released.

He stressed that a “scaffolding” approach that runs multiple open-source models at the same time can deliver performance comparable to Mythos. He added that because different models catch different flaws, it can also compensate for gaps in a single model.

Herbert-Voss also made clear that human experts are still needed to tune open-source models and assess AI-generated bug reports. He said AI bug detection, like fuzzing techniques that find bugs by injecting random data into software, has a problem of generating too many alerts, making human judgement still important.

He predicted that “security experts will still have plenty to do,” and said economic factors, including the need to secure GPU and data centre costs, will push security teams to adopt AI and lead to stronger defensive capabilities.