Anthropic's overhyped Mythos falling before scrutiny
A critical look at Anthropic’s Claude Mythos announcement, Project Glasswing, and the evidence behind claims that the model is too dangerous to release.
About
Kieren is a cybersecurity professional who originally served in the Royal Navy on nuclear submarines and minehunters. He then left to work with the Royal Norwegian Navy, where he served on operations for Standing NATO Maritime Group One. After that, he became Head of Computer Emergency Response for the University of Cambridge, the biggest digital private network in Europe.
He then Brexited Brexit by moving to the wonderful country of Estonia. He was a Supervisor and Lecturer for the Pembroke College International Programme, University of Cambridge, Tallinn University of Technology, a mentor at Startup Wise Guys for Cyber and SaaS, and Head of Information Security for Pipedrive.
Figure 1.1 - Kieren forgetting the memo at Tallinn University of Technology, Estonia, that you don't need to wear a suit for picture day
He now lives in Gibraltar and is the CISO at Pragmatic Solutions, and is still a supervisor and lecturer at the Pembroke College International Summer School.
Recent Posts
Read more →
When Lovable Denied the Obvious
Lovable's reported access control failure is bad enough on its own. What matters just as much is the response. Deny first, reframe second, then blame someone else. That pattern is becoming far too familiar across AI vendors, and it is doing real damage to trust.
The MCP won't let me be... Anthopic AI MCP security flaw
Security researchers at Ox Security have reported an architectural flaw in Anthropic's Model Context Protocol (MCP) that could place up to 200,000 servers at risk. The issue centres on STDIO-based server creation, which in practice can allow arbitrary operating-system commands to execute before an error is returned. Anthropic has classified the behaviour as expected, leaving developers responsible for input sanitisation and deployment hardening.
Writing a CMS Web Server for RISC OS that speaks Markdown and also Gopher
I have a RISC OS machine and a blog I actually want to write for. These two facts are not obviously compatible. The story of how I ended up with 7000 lines of Python that edits Markdown, serves HTTP, and mirrors the whole site as a Gopher capsule.
Web 3.0 is Dead, long live AI Platform Lock-In
Web 3.0 failed because it tried to decentralise an internet that had already committed itself to platforms, app stores, managed identities, and vendor lock-in. Artificial Intelligence does not resist that trajectory. It completes it. Instead of asking users to take more control, it offers to mediate more of the network on their behalf, turning search into synthesis, browsing into prompting, and the open web into a resource increasingly filtered through a handful of powerful intermediaries.