Anthropic announced that its yet-unpublished artificial intelligence (AI) model, called Claude Mythoshas demonstrated a significant ability to detect vulnerabilities in instrument.
Mythos has exposed thousands of bugs in commonly used applications for which there is not yet a patch or solution, leading the San Francisco-based AI startup to form an alliance with cybersecurity specialists to strengthen defenses against computer attacks. According to the company, the system has identified serious flaws even in widely used operating systems and browserssome of which had gone undetected for decades.
“We have a new model that we are explicitly not going to release to the public,” Mike Krieger of Anthropic Labs said at the HumanX AI conference in San Francisco.
An AI model that will not be public
Instead, Anthropic is allowing cybersecurity specialists and engineers from the open source community to work with Mythos to use the model as a defensive weapon“kind of putting them together in advance,” Krieger explained.
The advances in the capabilities of AI models have raised concerns about hackers using these tools to crack passwords or break encryption meant to protect data. This risk has set off alarms even in the US financial sector, which has been warning for years about the potential for large-scale cyberattacks.
The oldest of the vulnerabilities discovered by Mythos dates back 27 years, and none had apparently been detected by their creators before being identified by the AI model, according to Anthropic.
Mythos is the latest generation of Anthropic’s Claude AI familyand a recent leak of some of its code led the startup to publish a blog post warning that it posed unprecedented cybersecurity risks.
“AI models have reached a level of programmability that allows them to outperform all but the most specialized humans in finding and exploiting hardware vulnerabilities,” Anthropic noted on its blog.
“The consequences – for economies, public safety and national security – could be serious.”
The vulnerabilities exposed by Mythos were often subtle and difficult to detect without AI, according to Anthropic. As an example, the company indicated that Mythos found a previously unnoticed flaw in a video instrument that had been tested more than five million times by its creators.
Concern about these capabilities has already reached Washington. According to the Financial Instances and Bloombergthe Secretary of the Treasury of the United States, Scott Bessent, recently convened the heads of several of the largest banks in the country to address the cyber risks associated with the new model. Executives from Bank of America, Citigroup, Goldman Sachs, Morgan Stanley and Wells Fargo, as well as the president of the Federal Reserve, Jay Powell, participated in the meeting.
Although JPMorgan Whisk CEO Jamie Dimon was invited, he was unable to attend the meeting. In his annual letter to shareholders, Dimon has warned that Cyber threats continue to be one of the “biggest risks” to the financial system and that artificial intelligence “will almost certainly worsen this threat.”
Glasswing Project: an alliance for cybersecurity
As a precautionary measure, Anthropic has shared a version of Mythos with cybersecurity companies CrowdStrike and Palo Alto Networks, as well as Amazon, Apple and Microsoftin a project he called “Glasswing.” Restricted access is part of a deliberate strategy by the company so that a limited group of partners can identify and fix vulnerabilities before the system is made more widely available.
Networking giants Cisco and Broadcom are also involved in the project, along with the Linux Foundation, which promotes the free and open source Linux operating system.
“This work is too important and too urgent to do alone,” Anthony Grieco, Cisco’s chief security and trust officer, said in a joint statement on Glasswing.
“AI capabilities have crossed a threshold that fundamentally changes the urgency needed to protect critical infrastructure from cyber threats, and there is no turning back.”
It is said that approximately 40 organizations involved in the design, maintenance or operation of computer systems have joined Glasswing.
Project partners will share their findings with Mythos, according to Anthropic, which is contributing computing resources valued at about $100 million to the initiative.
What Mythos can change in digital defense
Initial work with AI models has shown that they can help find and fix instrument and hardware vulnerabilities at a pace and scale that was not possible before, according to Grieco.
“The window between the discovery of a vulnerability and its exploitation by an adversary has closed: what previously took months now happens in minutes with AI,” said Elia Zaitsev, CTO of CrowdStrike.
“Claude Mythos Preview demonstrates what is now possible for defenders at scale, and adversaries will inevitably seek to exploit the same capabilities.”
Anthropic said it has held talks with the US government about Mythos.despite a White House decree in February that ordered all contracts with the startup to be terminated.
That directive was suspended by a federal judge while the just appeal presented by Anthropic continues its course in court.
As far as is known, this is also the first time that the company has decided to limit initial access to one of its artificial intelligence modelsa sign of the extent to which its own capabilities have raised concerns within the technology industry and among authorities.
FEW (AFP, EFE)
