Comment by hn_throwaway_99
9 hours ago
I feel like "this model is too powerful for the general public" was really just the equivalent of responsible disclosure, with the "too powerful" bit just a positive marketing spin like you say.
That is, Mythos will make it much easier to find lurking zero days, so just like responsible disclosure requires a security researcher to notify the software author first and give them some time to patch, giving critical infrastructure folks at least some time to analyze and patch systems seems reasonable to me.
That's how I'm reading this too. They've made a (much) better metasploit/shodan all in one.
If you make a better vulnerability scanner and find a bunch of vulnerabilites, you should try to get them fixed before making all the results public.