推文对比了AI智能体在安全领域的应用。Anthropic的Mythos智能体在真实curl代码库中发现了1个漏洞。而来自中国的360安全团队的漏洞挖掘智能体,在更广泛的OpenClaw生态中独立发现了23个漏洞,包括严重的远程代码执行漏洞和大规模的提示词注入绕过。推文指出,真正的安全问题并非模型能否找漏洞,而在于智能体的运行时行为——代码、提示词、工具、本地服务与权限在系统执行文件操作、网络连接或命令运行前发生的复杂交互。
In the agents era, AI security story right now is not whether models can find bugs.
Anthropic's "dangerously good" Mythos found 1 real bug in real curl codebase.
But 360's (a security team from China) vulnerability mining agent independently found 23 flaws across the broader OpenClaw ecosystem, including critical remote code execution bugs and large-scale prompt-injection bypasses.
The real agent-security problem is runtime behavior: code, prompts, tools, local services, and permissions interacting before the system touches files, opens ports, or runs commands.
If you are building agents, this thread deserves a saved spot. 🧵↓