US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell summoned Wall Street leaders to give them an urgent warning: an artificial intelligence tool from Anthropic PBC marks the beginning of a new era of cybersecurity.
The April 7 meeting in Washington was focused on Mythos, a new AI model that Anthropic says is so good at finding vulnerabilities in software and computer systems that it can only be released to a limited number of carefully-chosen parties. If tools like Mythos fall into the wrong hands, Anthropic says, it could provide attackers with a powerful new weapon to steal data or disrupt critical infrastructure.
For the last several years, cybersecurity companies have promised that artificial intelligence will speed up and automate some of the work of preventing digital breaches. But hackers and cyberspies have discovered the advantages of AI too. The advent of Mythos and models like it that can exploit well-hidden flaws in popular software without human supervision points to a faster-moving, less predictable phase of the cyber arms race.
What is Mythos?
Claude Mythos Preview is a general purpose AI model that Anthropic says significantly outperforms prior offerings on a range of benchmarks, including for coding and reasoning. The company says it’s so powerful that it has decided not to release it to the public. The company explained that some AI models have reached a level of coding capability that allows them to beat all but the most skilled humans at finding and exploiting software vulnerabilities.
According to Anthropic, Mythos Preview has already found thousands of “zero-day” vulnerabilities during testing, including in every major operating system and every major web browser. “Zero days” are flaws that were previously unknown to the software’s developers — the name implying they have zero days to come up with a patch to resolve the problem. These often represent a gold mine for hackers because they offer a window of free rein inside vulnerable systems.
Mythos was able to identify these with even less human intervention than past models, Anthropic said. “Mythos Preview demonstrates a leap in these cyber skills — the vulnerabilities it has spotted have in some cases survived decades of human review and millions of automated security tests,” the company said. In the hands of a ransomware gang or hostile governments, such a tool could lead to more devastating and frequent cyberattacks.
Researchers say they have not been given access to independently verify Anthropic’s claims about Mythos’s performance. Gang Wang, an associate professor of computer science at the University of Illinois, said it’s hard to assess the significance of Mythos Preview without more hands-on testing.
Who will have access to it?
Anthropic is calling its plan to grant access to a limited group of vetted partners Project Glasswing, after a type of butterfly with transparent wings that allow it to hide in plain sight. The participants include Amazon.com Inc., Apple Inc., Alphabet Inc.’s Google, Microsoft Corp., Nvidia Corp., Palo Alto Networks Inc., CrowdStrike Holdings Inc., Broadcom Inc., Cisco Systems Inc., JPMorganChase and the Linux Foundation, a nonprofit that supports open-source software projects. Anthropic described the project as “an urgent attempt to put these capabilities to work for defensive purposes.”
These organizations will use Mythos as part of their defensive security work, and Anthropic plans to share the findings of the project so others can benefit. Many companies already use so-called penetration exercises, in which they hire specialists to probe their systems for bugs so they can fix them before hackers get in. Mythos could allow companies to turbocharge that process, allowing them to find more flaws more quickly and narrow the opportunities for potential attacks.
Why does Anthropic consider the release of Mythos a “watershed moment”?
Anthropic described Mythos Preview as “a watershed moment for security.” By their nature, zero-day vulnerabilities are difficult to find, and a small and murky industry has been built around finding them and selling them to government intelligence agencies, often for millions of dollars. According to Anthropic, the vulnerabilities Mythos Preview found were often “subtle and difficult to detect” and included a 27-year-old flaw in OpenBSD, an operating system that Anthropic says has a reputation as one of the most security-hardened in the world.
Mythos was also allegedly able to turn vulnerabilities that are known but not widely patched into “exploits” that hackers could use to infiltrate computer networks. For instance, it found and chained together several flaws in the Linux kernel — the core of the operating system and software that runs most of the world’s internet servers — to allow an attacker to take complete control of the machine. Non-experts also asked Mythos Preview to find ways to remotely take control of computers overnight and came back the next morning to a complete, working exploit, Anthropic said.
Mythos is one of several new AI tools able to find zero days or build exploits. OpenAI’s Codex Security and Google’s “Big Sleep agent” have been developed to find vulnerabilities. OpenAI is also finalizing a product with advanced cybersecurity capabilities that it intends to release to select partners, Axios reported. Researchers at an Israeli cybersecurity startup called Buzz, meanwhile, say they have built an autonomous tool combining five AI agents that has a 98% success rate in exploiting known flaws.
What safeguards are in place?
The safeguards are a work in progress, according to Anthropic. “We have seen it reach unprecedented levels of reliability and alignment,” Anthropic wrote, meaning it aligns with what humans want. “However, on rare occasions when it does fail or act strangely, we have seen it take actions that we find quite concerning.”
In one instance, a researcher urged an early version of Mythos to try to escape a secured, isolated “sandbox” computer and then find a way to send a message to that person. The tool succeeded but then continued to take “additional, more concerning actions,” developing a multistep exploit to gain internet access.
Anthropic said it doesn’t plan to make Mythos Preview generally available, given its potential for misuse. Still, the company ultimately hopes to enable users to deploy “Mythos-class models” at scale for cybersecurity purposes and other uses. “To do so, we need to make progress in developing cybersecurity (and other) safeguards that detect and block the model’s most dangerous outputs,” it said.
For the highest severity bugs found by Mythos, humans are involved: Specialists validate those discoveries before sending the information on to the people who maintain the code, according to Anthropic. It’s a necessary but time-consuming process, but one that may eventually be eliminated as the model improves, the University of Illinois’ Wang said.
Does Mythos give cybersecurity defenders an advantage over hackers?
Maybe, but it might take a while. Anthropic’s process for disclosing flaws to the people who maintain the software or computer systems can be lengthy. So far, less than 1% of the potential vulnerabilities Mythos Preview has uncovered have been fully patched, the company said.
At the same time, hackers are using AI to dramatically speed up how quickly they find and exploit vulnerabilities once they are disclosed. (Vendors are encouraged, and in some cases required, to publicly disclose vulnerabilities once they are discovered, and ideally provide a fix.) This gives cyber professionals less and less time to patch their networks. In a March 30 blog post, Palo Alto Networks Chief Executive Officer Nikesh Arora warned that the barrier for sophisticated attacks will continue to diminish over the next six months. “A single bad actor will now be able to run campaigns that required entire teams,” he wrote.
Yair Saban, chief executive officer of Buzz and a veteran of Israel’s Unit 8200 cyber unit, said it took six engineers three weeks to build their AI-powered hacking tool. Others, including nation-state cyber spies and criminal hackers, can surely do the same, he said.
Anthropic maintains that Mythos Preview and other AI tools like it will ultimately favor defenders. “In the long run, we expect that defense capabilities will dominate: that the world will emerge more secure, with software better hardened — in large part by code written by these models,” the company’s Frontier Red Team said in an April 7 blog. “But the transitional period will be fraught.”
Disclaimer: This report is auto generated from the Bloomberg news service. ThePrint holds no responsibility for its content.