David

Might be the story of the year n cybersecurity. Apple spent 5 years and billions building MIE - the hardware memory safety system designed to kill the entire memory corruption bug class on M5 and A19. An AI broke it in 5 days. For $35K. Researchers at Calif, working with Anthropic's Mythos Preview, just published the first public macOS kernel memory corruption exploit on M5 silicon. Data-only local privilege escalation. Unprivileged user → root shell. Bare-metal M5. Kernel MIE enabled. The wild part: MIE worked exactly as designed. Mythos didn't break the mitigation - it found a different attack vector that sidesteps it entirely, by poisoning the data the M5 ingests. Same exploit class sells for $5–10M on the grey market. They did it for ~$35K in API time. When a billion-dollar defense falls to a five-figure offense in under a week, this stops being a compute story and starts being a national security one. 55-page technical report after Apple patches. https://t.co/RZcv5ejjya

I strongly believe there are entire companies right now under heavy AI psychosis and its impossible to have rational conversations about it with them. I can't name any specific people because they include personal friends I deeply respect, but I worry about how this plays out. I lived through the great MTBF vs MTTR (mean-time-between-failure vs. mean-time-to-recovery) reckoning of infrastructure during the transition to cloud and cloud automation. All those arguments are rearing their ugly heads again but now its... the whole software development industry (maybe the whole world, really). It's frightening, because the psychosis folks operate under an almost absolute "MTTR is all you need" mentality: "its fine to ship bugs because the agents will fix them so quickly and at a scale humans can't do!" We learned in infrastructure that MTTR is great but you can't yeet resilient systems entirely. The main issue is I don't even know how to bring this up to people I know personally, because bringing this topic up leads to immediately dismissals like "no no, it has full test coverage" or "bug reports are going down" or something, which just don't paint the whole picture. We already learned this lesson once in infrastructure: you can automate yourself into a very resilient catastrophe machine. Systems can appear healthy by local metrics while globally becoming incomprehensible. Bug reports can go down while latent risk explodes. Test coverage can rise while semantic understanding falls. Changes happens so fast that nobody notices the underlying architecture decaying. I worry.