Bloomberg: Why officials are so worried about Mythos, Anthropic’s new AI

Pic.: BBC

US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell summoned Wall Street leaders to give them an urgent warning: an artificial intelligence tool from Anthropic PBC marks the beginning of a new era of cybersecurity, Bloomberg reports.

The April 7 meeting in Washington was focused on Mythos, a new AI model that Anthropic says is so good at finding vulnerabilities in software and computer systems that it can only be released to a limited number of carefully-chosen parties. If tools like Mythos fall into the wrong hands, Anthropic says, it could provide attackers with a powerful new weapon to steal data or disrupt critical infrastructure.

For the last several years, cybersecurity companies have promised that artificial intelligence will speed up and automate some of the work of preventing digital breaches. But hackers and cyberspies have discovered the advantages of AI too. The advent of Mythos and models like it that can exploit well-hidden flaws in popular software without human supervision points to a faster-moving, less predictable phase of the cyber arms race.

What is Mythos?

Claude Mythos Preview is a general purpose AI model that Anthropic says significantly outperforms prior offerings on a range of benchmarks, including for coding and reasoning. The company says it’s so powerful that it has decided not to release it to the public. The company explained that some AI models have reached a level of coding capability that allows them to beat all but the most skilled humans at finding and exploiting software vulnerabilities.

According to Anthropic, Mythos Preview has already found thousands of “zero-day” vulnerabilities during testing, including in every major operating system and every major web browser. “Zero days” are flaws that were previously unknown to the software’s developers — the name implying they have zero days to come up with a patch to resolve the problem. These often represent a gold mine for hackers because they offer a window of free rein inside vulnerable systems.

Mythos was able to identify these with even less human intervention than past models, Anthropic said. “Mythos Preview demonstrates a leap in these cyber skills — the vulnerabilities it has spotted have in some cases survived decades of human review and millions of automated security tests,” the company said. In the hands of a ransomware gang or hostile governments, such a tool could lead to more devastating and frequent cyberattacks.

Who will have access to it?

Anthropic is calling its plan to grant access to a limited group of vetted partners Project Glasswing, after a type of butterfly with transparent wings that allow it to hide in plain sight. The participants include Amazon.com Inc., Apple Inc., Alphabet Inc.’s Google, Microsoft Corp., Nvidia Corp., Palo Alto Networks Inc., CrowdStrike Holdings Inc., Broadcom Inc., Cisco Systems Inc., JPMorganChase and the Linux Foundation, a nonprofit that supports open-source software projects. Anthropic described the project as “an urgent attempt to put these capabilities to work for defensive purposes.”

These organizations will use Mythos as part of their defensive security work, and Anthropic plans to share the findings of the project so others can benefit. Many companies already use so-called penetration exercises, in which they hire specialists to probe their systems for bugs so they can fix them before hackers get in. Mythos could allow companies to turbocharge that process, allowing them to find more flaws more quickly and narrow the opportunities for potential attacks.

Anthropic said it doesn’t plan to make Mythos Preview generally available, given its potential for misuse. Still, the company ultimately hopes to enable users to deploy “Mythos-class models” at scale for cybersecurity purposes and other uses. “To do so, we need to make progress in developing cybersecurity (and other) safeguards that detect and block the model’s most dangerous outputs,” it said.

Does Mythos give cybersecurity defenders an advantage over hackers?

Maybe, but it might take a while. Anthropic’s process for disclosing flaws to the people who maintain the software or computer systems can be lengthy. So far, less than 1% of the potential vulnerabilities Mythos Preview has uncovered have been fully patched, the company said.

...Bloomberg carefully avoids the main topic for which Bessent urgently gathered the experts.

It's not even that the new AI system poses a threat to military secrets. That's obvious.

However, this program is reportedly capable of quickly and effectively hacking any banking system. And such a threat means the entire global financial system is at risk.

AI poses a new challenge to humans and their environment, which includes finance.

read more in our Telegram-channel https://t.me/The_International_Affairs