Original Title: How to stay digitally secure in the Age of Claude Mythos (using Karpathy's 15-step checklist)
Original Author: Ole Lehmann
Translated by: Peggy, BlockBeats

Editor's Note: As AI capabilities begin to approach the boundaries of "general tools," the meaning of cybersecurity is also changing. It is no longer just a defensive issue against hackers, viruses, or data breaches, but is evolving into a game of "asymmetric capabilities."

With Claude Mythos launched by Anthropic demonstrating near-expert-level vulnerability discovery capabilities, cyberattacks are entering a new phase that is more covert and automated, and personal security has transitioned from an "option" to a "necessity." On one hand, the barriers to attack are being lowered; on the other hand, the efficiency of attacks is increasing exponentially. This means that "passive security" will become increasingly unsustainable.

In this context, the "digital hygiene" checklist proposed by OpenAI co-founder Andrej Karpathy provides an actionable response path. In the age of AI, security is no longer "remedial after an incident," but a "part of daily behavior." Authentication, permission isolation, information minimization, and the reconstruction of habits. The seemingly trivial 15 steps are essentially a reconstruction of a security boundary that an ordinary user can control.

The real risk is not whether you become a target of attacks, but whether you are utterly unprepared when an attack occurs.

The following is the original text:

It is certain that in terms of cybersecurity, you no longer have any room for laziness.

The groundbreaking Mythos released by Anthropic yesterday marks an irreversible turning point.

This technology has not yet been made public, but once it falls into the hands of malicious actors (which is virtually inevitable)... what you will face is an extraordinarily advanced cyberattack, and most people will already be too late before realizing they have been compromised.

This is akin to the "coronavirus" in the software world.

Because of this, from now on, your cybersecurity must be impeccable.

Karpathy's Digital Hygiene Guide

Last year, Andrej Karpathy (@karpathy, co-founder of OpenAI) compiled a "Digital Hygiene Guide," systematically outlining the foundational methods to protect personal safety in the age of AI.

This is one of the best introductory guides I have ever seen.

Here are all the security measures you should take in this uncertain era:

1. Use a password manager (e.g., 1Password)

Generate a unique random password for each of your accounts. Once a service is breached, attackers often use these account credentials to "credential stuffing." A password manager can completely eliminate this risk and can even autofill, making it faster than reusing passwords.

2. Configure hardware security keys (e.g., YubiKey)

This is a physical device used as a second layer of verification for logging in. Attackers must "have the physical item" to log into your account. In contrast, mobile verification codes can easily be stolen through SIM swapping attacks (where someone impersonates you to contact the carrier and transfer your number to their device).

It is recommended to purchase 2–3 YubiKeys, store them separately to avoid being locked out of your account if one is lost.

3. Enable biometric authentication

Such as Face ID, fingerprint recognition, etc., enable these in password managers, banking apps, and important applications. This serves as the third verification layer: "yourself." No one can steal your face from a database.

4. Treat security questions like passwords

Questions like "What is your mother's maiden name?" can be found online in 10 seconds. You should generate random answers and store them in your password manager. Never fill in real information.

5. Enable disk encryption

On Mac, it's called FileVault; on Windows, it's called BitLocker. If your computer is stolen, encryption ensures that all the other person gets is a "brick," not all your data. It only takes 2 minutes to enable, and it runs automatically in the background.

6. Reduce smart home devices

Every "smart device" is essentially a connected computer, often with a microphone. They continuously collect data, frequently connect to the internet, and are often hacked. Your networked air quality monitor at home does not need to know your precise location. The fewer devices there are, the fewer attack vectors.

7. Use Signal for communication

Signal provides end-to-end encryption, making it impossible for anyone (including the platform itself, carriers, and eavesdroppers) to read the content. Regular SMS or even iMessage retains metadata (who, when, frequency of contacts). Enable "self-destructing messages" (e.g., every 90 days) to prevent the history from becoming a risk.

8. Use privacy-focused browsers (e.g., Brave)

Based on Chromium, compatible with Chrome extensions, offering nearly identical user experiences.

9. Switch the default search engine to Brave Search

It has an independent index (as opposed to the DuckDuckGo, which relies on Bing). If a search result is unsatisfactory, you can add "!g" to jump to Google. The paid version costs about $3 a month and is worth it—you become a customer, not "the product being sold."

10. Use virtual credit cards (e.g., Privacy.com)

Generate a unique card number for each merchant, setting spending limits. You can even fill in random names and addresses. If a merchant is breached, only a disposable card number is leaked, not your real financial identity.

11. Use a virtual mailing address

Services like Virtual Post Mail receive your physical mail, scan the contents, and allow you to view it online.

You can decide which to destroy and which to forward. This way, you don't have to provide your real home address to various unfamiliar merchants every time you check out online.

12. Do not click links in emails

Email addresses are extremely easy to spoof. With AI assistance, today's phishing emails are nearly indistinguishable from real emails. Instead of clicking links, manually type in the URL and log in to the corresponding site.

Additionally, disable automatic image loading in your email, as embedded images are often used to track whether you have opened the email.

13. Use VPN selectively (e.g., Mullvad)

A VPN (Virtual Private Network) can hide your IP address (a unique number identifying your device and location) from the services you access. You don't need to have it on all the time, but you must enable it when using public Wi-Fi or accessing untrusted services.

14. Set up DNS-level ad blocking (e.g., NextDNS)

DNS can be thought of as the phonebook used by your device to "look up websites." Blocking at this level means that ads and trackers are interrupted before they load.

Moreover, this applies to all applications and browsers on your device.

15. Install network monitoring tools (e.g., Little Snitch)

This tool can show which applications on your computer are connecting to the internet, how much data they are sending, and where that data is going. Any application with "abnormally high data reporting" should be treated with caution and may need to be uninstalled.

Currently, Mythos is still only in the hands of the defenders of Project Glasswing (such as Anthropic, Apple, Google, etc.). However, similar capability models will soon fall into the hands of malicious actors (possibly within 6 months, or even sooner).

This is why you must strengthen your security defenses as soon as possible. Spending 15 minutes now to complete these settings can help you avoid a series of serious problems in the future.

Stay safe, and wish you all the best.

[Original link]

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。