Codex scraped the ICM website and discovered 2026 Fields Medal winner list

144 points by zaikunzhang 9 hours ago on hackernews | 102 comments

ashu1461 | 8 hours ago

Someone used Codex to scrape the ICM website schedule and discovered that the winners list was simply hidden in the front-end code with a "hidden" tag

This is on the devs and feels like a very basic leak which could have exploited in the non LLM world as well.

Yeah that happens all the time. Anyone/thing with popular public releases has fans/journeys scraping the website looking for unreleased material or scoops.

In the early days one of the high profile soaps in the UK published their "catch up" summaries for the week ahead which you could get just by editing the date in the URL. But back then not so many people were looking, so they were doing it for months...

st_goliath | 8 hours ago

Well, the angle is kind of important here. The company gets their name in the news, they have a reasonable explanation why they were scraping around, and we end up with a story about innovative tech company whiz-kids who made a funny discovery, while it was the webdevs on the other side that goofed up.

Imagine a private individual just scraped the website (or simply clicked 'view source') for no reason in particular and then told people about it... They'd be labeled an uber-haxxor, face a civil lawsuit asking for ridiculous damages while being threatened with a prison sentence over CFAA violations. Hell, that might even drive some people to suicide.

brookst | 7 hours ago

The fact that an egregious case happened once, decades ago, is probably not sufficient grounding to act like every bit of equally trivial “hacking” always results in massively disproportionate law enforcement response.

Sucks it happened. But we all know that is not the typical scenario.

pixl97 | 6 hours ago

>But we all know that is not the typical scenario.

Eh, it's typical enough that most cyber security researchers are cautious. The laws around 'hacking' can be rather stupidly written while judges and juries aren't the smartest bunch.

st_goliath | 6 hours ago

> But we all know that is not the typical scenario.

Back in the day, you could read a stories on Slashdot practically every other week that usually went something like this: Company/institution does something stupid, somebody finds out, tries to be a good citizen and tells them. The organization then throws a tamper tantrum in the media, fires the legal department on all cylinders, screaming "hacker!" and throwing the book at them. The most egregious cases usually happened in the US, the CFAA happens to be a particularly strong book to throw.

People eventually got the hint and either talked to the press instead, or organizations like the CCC (at least in this part of the world) and let them deal with the organization and not talk to them directly.

At least in my perception/memory, it started improving over the 2010s, but stories like this are now starting to pop up again in recent years. I guess we have a new crop of computer enthusiasts who need to learn the same lessons again.

Of the top of my head, the CTF group in Malta comes to mind who gave a talk at (last years?) CCCongress. A badly worded E-mail asking about a bug bounty resulted in several arrests, house searches and ultimately a presidential pardon (https://timesofmalta.com/article/pardon-issued-students-lect...).

Cycl0ps | 5 hours ago

Unfortunately we don't have to imagine

"In early October, Renaud discovered that Social Security numbers for teachers, administrators and counselors were visible in the HTML code of a publicly accessible site operated by the state education department..."

"Yet despite the fact that officials within the Missouri Department of Elementary and Secondary Education initially wanted to thank Renaud for uncovering the flaw... [Governer] Parson labeled the reporter a hacker and called for criminal prosecution."

https://missouriindependent.com/2022/02/11/prosecutor-isnt-p...

sigmar | 7 hours ago

Most of what an LLM does "could have" been done by a human if you throw enough human hours at it. But the reality in this circumstance is that a new tool helped find this leak. Saying this could have happened in a "non LLM world" is analogous to "someone else could have discovered special relativity, let's not mention Einstein"

dghlsakjg | 7 hours ago

This not only could have happened pre-llm, it did: https://krebsonsecurity.com/2022/02/report-missouri-governor...

ashu1461 | 6 hours ago

My point is about the emphasis of Codex in the title. That emphasis makes more sense when Codex is credited with finding something that would have been difficult or impractical to discover without substantial human effort.

rurban | 8 hours ago

It's Wang Hong, my god. Cannot they still don't write proper Chinese names?

bananaflag | 8 hours ago

Wikipedia says Hong Wang while acknowledging that the native form is Wang Hong and that they are using the Western name order.

grommz | 8 hours ago

Nobody says Jinping Xi or Zedong Mao.

bromuro | 7 hours ago

Is Elton John or Jhon Elton?

rurban | 7 hours ago

Is Elton John east Asian? He isn't
I think GP might be referencing to Rowan Atkinson interviewing Elton John: https://www.youtube.com/watch?v=Nl0HqlbX7dc

inigyou | 7 hours ago

Can we not just agree that transliteration is tricky business with no single canon?

Some Indian restaurants near me sell Aloo Saag, others sell Alu Sag.

rurban | 7 hours ago

No, there is a single canon. Proper media is able to use proper names. This was not on.

Esp. in this case with Wang having a special meaning in China.

treetalker | 7 hours ago

Well, some do say Jinping the Eleventh …

bananaflag | 7 hours ago

And Kim Jong the Second, which was confusing since he was actually the second Kim.

malfist | 7 hours ago

> Cannot they still don't write

Amusing to see someone complaining about not using their definition of "proper language" when they themselves are not using proper language.

jryle70 | 7 hours ago

https://en.wikipedia.org/wiki/Hong_Wang

Such as waste of energy to argue on

opjjf | 6 hours ago

I think she herself can decide, this is her site: https://sites.google.com/view/hongwang/home > Hello! I'm Hong Wang.

bananaflag | 8 hours ago

This is sad, almost as sad as the Deathly Hallows pre-release leak.

[OP] zaikunzhang | 8 hours ago

picafrost | 8 hours ago

> Hong Wang will become the third female mathematician in history to receive the Fields Medal

Interestingly, if true, it will also be the first time an MIT PhD graduate has won the Fields Medal.

edoceo | 8 hours ago

I've been working on a site. It's new, domain is only a few weeks old. It's got SSL, so all the bots know it exists. It's never had any sub-pages exposed, just the placeholder lander, no links.

Somehow in Google search one of the unguessable pages is indexed. We have used Claude and Gemini to assist with some design aspects.

I'm thinking some aggressive data ingestion/indexing is happening by all the bots in the quest for frontier models.

resonious | 8 hours ago

I've also seen Google indexing pages with random values in the path that don't get linked to statically (server asks for the URL then redirects to it immediately). I'm pretty sure they index straight out of the Chrome address bar.

foobarbecue | 8 hours ago

Holy crap I hope that's not true. I've also had unguessable pages indexed, though, and don't have an explanation.

nicce | 8 hours ago

Something worth inspecting further. We know that Chrome stores and sends the browsing history but this is an interesting vector.

DANmode | 7 hours ago

I’d be more surprised if they weren’t capturing this information.

Especially if you have autocomplete-while-searching type of features on.

EGreg | 7 hours ago

Why don’t they also capture information you enter into forms on Chrome?

They control the entire browser surface, technically they can know everything, even TLS and E2E encrypted data, that they silently phone home…

If you think this is silly, consider that Microsoft Recall had been observing everything on people’s entire SCREENS and phoning home much of it. That is how a guy was caught recently: https://x.com/t3chfalcon/status/2074134314145489195

And it is actually much worse than even that:

https://community.qbix.com/t/increasing-state-of-surveillanc...

pixl97 | 6 hours ago

>Why don’t they also capture information you enter into forms on Chrome?

For some reason people are downvoting you, but yea, one day we'll likely see a lawsuit where they do exactly that.

inigyou | 7 hours ago

There's no reason to think it isn't true. It matches every pattern of behavior observed from every tech company.

EGreg | 7 hours ago

Why don’t they also read your gmail and get your bank passwords?

And maybe have access to EVERY site actually, with “forgot password” type stuff in addition to providing oauth tokens…

applfanboysbgon | 7 hours ago

> Why don’t they also read your gmail

Boy do I have news for you.

saghm | 6 hours ago

Yeah, I thought it was pretty obvious that is literally the whole reason that Gmail even exists
" Microsoft is scanning the inside of password-protected zip files for malware"

https://arstechnica.com/information-technology/2023/05/micro...

pjc50 | 6 hours ago

The tools in gmail in some sense "read" all your mail in order to classify spam and do things like calendar integration. The extent to which they do other things with the information is .. unclear.

inigyou | 6 hours ago

Because your bank doesn't send your password to your Gmail because if they did they know Google would read it.

FabCH | 7 hours ago

It’s absolutely true. It is a documented fact. It was discovered and entered into public record during the DOJ antitrust investigation into Google Chrome.

They call the signal „popularity“ and it is a successor of the Google Toolbar signal.

https://www.justice.gov/opa/pr/department-justice-wins-signi...

NuclearPM | 6 hours ago

> „popularity“

Why are you using weird quotes?

evilduck | 6 hours ago

I'll take a wild guess and assume they are of a German or Polish language background. Wait 'til you encounter a French person who accidentally uses guillemets if you want one even «weirder».

robin_reala | 6 hours ago

Or the Nordics ”like this” or the UK ‘like this’ or Japan 「like this」. Basically every country has their own standard: https://en.wikipedia.org/wiki/Quotation_mark#Summary_table

FabCH | 4 hours ago

Correct. Swiss German keyboard.

NuclearPM | 3 hours ago

Thanks!

chasd00 | 6 hours ago

This is why Chrome begs you to login constantly and will do it automatically when you login to Gmail through Chrome. Everything you do in the browser (bookmarks, settings, address bar) is data about you sent to Adsense. No need for cookies when you control the browser and know who is using it.

Edit: also private browsing isn’t exactly private when you’re logged in to the browser.

jacekm | 6 hours ago

Chrome sends home the urls you visit together with the page performance data (and probably more). That's how they build Chrome User Experience Report (CrUX) for the most popular sites: https://developer.chrome.com/docs/crux

st_goliath | 8 hours ago

Yep. I remember a similar story as GP described from a friend back in 2008. The site he was working on that wasn't linked to yet was suddenly indexed after he checked out what it looked like in the fancy new "Chrome" browser that Google had just released, causing some moderate panic on his end.

morpheuskafka | 7 hours ago

This may have been part of this issue I found a few months back, as no other explanation for how UUID URLs got indexed was found: https://news.ycombinator.com/item?id=47769796

edoceo | 5 hours ago

What the heck! That is terrible!

Vvector | 6 hours ago

This is why i use Firefox

dreambigwrkhard | 8 hours ago

Depending on the CMS, if it's wordpress (15% chance, ha) there is a sitemap function built-in out of the box. The bots don't need to guess.

edoceo | 5 hours ago

No CMS, no sitemap, no robots.txt either.

cynerx | 7 hours ago

Are you using Cloudflare by any chance? I think the Crawler Hints setting [1] exposed some of my "secret" pages in the past.

[1] https://developers.cloudflare.com/cache/advanced-configurati...

edoceo | 5 hours ago

I'm not using cloudflare.

pohuing | 7 hours ago

There's a couple avenues besides just stealing what's in your URL bar.

If you don't use wildcard certs all of your subdomains can be scraped from the certificate transparency logs. Additionally, any domain+cert using HSTS with preload enabled end up in a big list at Google to speed up the initial connection from browser to site.

fragmede | 7 hours ago

CT logs just explain how they found the domain. T doesn't explain how they could have found unlinked content on the domain itself. If I put up secret-example.com/asdf-1234567.html, how does that page get found if there are no public links to it?

Lomlioto | 6 hours ago

Don't underestimate people not knowing were they share stuff by accident.

Creating Sitemaps, sharing it somewere public, putting the url in some 3th party service, server logs, some indirect path in javascript.

But if you never mention that url, it will not be found if not leaked by your server.

saghm | 5 hours ago

> But if you never mention that url, it will not be found if not leaked by your server

That sounds like a claim that security through obscurity is infallible, which is dubious. Don't get me wrong, it can be a reasonable part of defense-in-depth strategy, but like, brute force attacks are kinda a well known thing, especially if your URLs aren't truly random...

pohuing | 4 hours ago

True. I just assumed imprecise phrasing.

Google misusing chrome browser history as a hitlist for indexing sounds wild to me, so I tried to see if there's another way.

It also felt unlikely because there's multiple subdomains of mine that aren't indexed, and wildcards+no preload are the only precautions I've made myself for my private sites.

This might also be an EU vs rest of World thing, or my stuff isn't interesting enough to index(in retrospect the most likely reason I suppose)

brookst | 7 hours ago

For hosts, but not pages on the site.

But I think the other explanations take care of pages: cloudflare hints, chrome reporting addresses visited, etc.

basilikum | 6 hours ago

> HSTS with preload enabled end up in a big list at Google to speed up the initial connection from browser to site.

HSTS preload is not for speed. It's to protect against SSL stripping on first connection. Modern browsers already try port 443 first or in parallel with 80.

f311a | 7 hours ago

Google Chrome used to report visited pages back to Google, not sure if this still the case. Also, Google Analytics can see visited pages and Google uses it.

Finding domains is easy, everybody uses CTL to find them.

VladVladikoff | 7 hours ago

Google uses data from chrome. If you visited it with chrome, google knows it exists.

phoghed | 7 hours ago

You ISP also collects and sells data to companies like Moz, and possibly to Google too.

soblemprolver | 7 hours ago

URL paths over https wouldn't be transparent to the ISP though, would they?

throw10920 | 7 hours ago

They would not - GP was probably bringing up something not directly relevant, but still related. (they should have clarified though)

edoceo | 5 hours ago

What can I add? I know the domain could be found. But how did Google index a page that is example.com/$MD5.html - guessing 128bit numbers is hard.

I have visited that page from a signed-in Chrome profile.

throw10920 | 5 hours ago

Erm sorry when I said GP I meant of my comment - that is, phoghed's irrelevant comment about ISPs collecting data.

The information you mentioned is relevant. Unfortunately, it could be either Google/Chrome, or the LLM service you're using for development is misusing your data.

mirekrusin | 7 hours ago

Isn't leaking browser extension used by one of people on the team (doesn't need to be developer, could be qa or anybody with whom the access was shared) more plausible?
Nothing you enter into an LLM not hosted by you, or put onto the web is safe from being collected and exploited by these "AI" companies and their LLM's voracious appetite.

brador | 7 hours ago

Chat programs catch links you send.

Also that browser setting to check urls are safe sends them out “sometimes“.

malwrar | 7 hours ago

They log all DNS requests made to their public resolver in a searchable internal database, at least when I worked there a decade or so ago. I wonder if they seed their crawler with it?

Analemma_ | 7 hours ago

DNS servers never see subpaths you request, only the domain itself, so that wouldn’t help with a hidden path. But there are lots of other ways to get it: caches/CDNs can leak paths, Chrome presumably sends Google a bunch of request details, and so on.

It’s a different story if it’s a subdomain though, OP wasn’t clear.

dataviz1000 | 6 hours ago

The tin hat guess. Did you include Google analytics embedded in the pages? Do you navigate to pages and Google analytics sends that data home? 10 years ago I discovered that Google analytics would send the equivalent amount as organic users; meaning if we sent an email newsletter with links to articles, Google would send almost 1:1 ratio the same number of people from search results. They are tracking everything and using it for more than just reporting.

Do you use a CMS or other tools that auto generate sitemap.xml? Perhaps you unknowingly told Google about those sub-pages.

edoceo | 5 hours ago

No GA, no external assets, no Google fonts. I really thought I was being careful.

stavros | 6 hours ago

It's indexed some unlisted draft blog posts of mine that were never touched by AI or published anywhere. I use a static site generator so there's no earthly way they ever found the pages by scraping, at most I visited the pages once or twice from my browser.

animex | 6 hours ago

I've always wondered if Chrome leaks these URLs too.

NDlurker | 6 hours ago

Hmm. Seems like this could be used for an ARG

DonHopkins | 5 hours ago

I've gotten unguessable hits in the logs because somebody who was authorized to use them had a virus that exfilterated their browser history.

Might have been an evil chrome extension, but ever since Google went IOK2BE ("It's OK to be Evil"), maybe it's just Chrome itself.

yread | 5 hours ago

I have about 50 subdomains. One was used by a colleague who cant do his shoelaces without claude. That subdomain gets 10 times more spam and hacking attempts.

micromacrofoot | 8 hours ago

ai bots will have more privacy than we do

efficax | 8 hours ago

twist: codex also wrote the code that placed the winners list in a hidden element

tw1984 | 7 hours ago

too bad that those winners can no longer bet themselves on polymarket as the winner and make big money.

crypttales | 5 hours ago

The winners have known for a while; their families need visas to be at the ceremony, afterall

sixtyj | 7 hours ago

> The leak occurred when four Fields Medal laureate lecture fields, marked "HIDDEN," were discovered in the front-end code of the ICM 2026 official schedule.

So it was easier than I thought. Bot just scraped public page with hidden fields, not a secret page or to-be-published page from database.

bronson | 6 hours ago

I'm tired of the framing in the media these days.

"Mythos will end the world!!"

"How?"

"By finding a bunch of wide open security holes that have existed for years."

Oookay. Is this a Mythos problem? Or a lazy/greedy/uncaring people problem?

toomuchtodo | 5 hours ago

People want simple answers to complex problems. When you find out most of society is held together with duct tape, promises, and trust, and then you have tool accelerant come along like GenAI, expectations violently meet reality. GenAI simply democratized the ability to evidence, inexpensively and at scale, in a wide variety of contexts, that "The Emperor has no clothes."

Arainach | 5 hours ago

On the one hand, news coverage is overblown.

But scale and accessibility are absolutely a new class of problem.

In the 1960s you could pay thousands of people to watch hundreds of cameras and listen to hundreds of phone lines to monitor people, but the cost was so enormous that unless you were in East Germany or Moscow it wasn't a realistic threat model.

Now with computers we can cheaply have thousands of cameras with cheap storage that's retained forever and automatic image processing that means everyone is exposed to that kind of surveillance, which is a brand new problem.

intrasight | 5 hours ago

Storage is less cheap right now

I've often shared my prediction that future historians will study us all and that every living human will be the subject of someone's PhD thesis. I'm updating that prediction to be that those future someone's will be silicon based.

afarah1 | 5 hours ago

Yes but also as always a people problem. People put the cameras and monitoring systems in place and operate them, to govern other people who ultimately yield to be governed, as the alternative is made too costly / dangerous by the governors.

ben_w | 5 hours ago

> as the alternative is made too costly / dangerous by the governors.

There's nothing government (corporate or political) has made "costly" or "dangerous" about not having them, society did that all by itself: people will actively pay more to have these things because they see the benefit more than the risk, video calls with friends and family, not a hacker being able to duplicate their keys from one photo.

There's 6 cameras on my desk right now, attached to internet-capable devices. Two phones, two laptops. I've got covers over all of them, which is easy, and sometimes mandatory e.g. when visiting the headquarters of certain big-tech firms.

I'd never buy a smart camera. Don't trust them not to spy on me. But I do have a Raspberry pi upstairs, with a NoIR camera module, and an AI-coded bit of webcam software. Might consider it for seeing what animal gets into the garden at night.

afavour | 5 hours ago

It’s still a problem we wouldn’t have without LLMs like Mythos existing. Yes, the solutions are different when you know the full context but “it’s just bad code” doesn’t mean there isn’t a problem.

ben_w | 5 hours ago

> Oookay. Is this a Mythos problem? Or a lazy/greedy/uncaring people problem?

¿Porque no los dos?

All AI risk can be described with a narrative that ends in "some human were lazy and didn't care enough", it's just which humans and how much caring was enough.

joshspankit | 5 hours ago

It’s systematic

“6-12 mo to shaky profitability + ability to quickly iterate” is a business that has a good chance of surviving while “However long it takes to be fully secure” is a business that is not only rigid but needs massive up-front capital to get there and even then there’s no guarantee that the market fit is right

And after that is something we could call the “Pareto spiral”: if a company find market fit and builds an excellent product, competitors can survive at 80% of that quality. If the “100%” fails for any reason, the competitors become the new ceiling and now their competitors can survive at 80% of that (now 64%)

And only one round in, how secure could that 64% company be?

dgellow | 3 hours ago

The AI labs are 100% responsible for that framing

ApolloFortyNine | an hour ago

Heartbleed, one of the worst bugs in terms of exploitability and reach, was a bug that many engineers would be able to spot, if they were explicitly looking for it.

That's the risk of tools like Mythos/Fable/any LLM. While a human's eyes would glaze over what looks like a standard memcpy, an LLM with the right context might instantly realize the payload length was never actually verified.

And since Heartbleed existed for years, despite the full bug existing in pretty much one file, in one of the most important libraries out there, it's right to be afraid of what other obvious bugs exist and are just waiting to be found.

netvarun | 7 hours ago

First of all congrats to the winners.

Second, fitting that codex enters the picture.

The last time the fields medals were announced llms were still very nascent :)

And I am convinced this is the last time pure human fields medalists will be announced.

The next batch’s winners are all going to have llms as coauthors.

whalesalad | 6 hours ago

This is like when a news site throws up a paywall and hides half the article. Open inspector. Select the body, delete the overflow/scroll capture styles, delete the masks... and boom there is the entire article. Only some sites are smart enough to actually truncate the content server-side.

contact9879 | 6 hours ago

much more info on wechat

google translate link:

https://mp-weixin-qq-com.translate.goog/s/DPsMKToa_sbi_Nx3X1...

logicallee | 6 hours ago

really tacky of the finders to disclose the names.