Anthropic announced on Tuesday that its unreleased artificial intelligence model, Claude Mythos, has demonstrated exceptional proficiency in identifying software vulnerabilities. Mythos has uncovered thousands of flaws in widely used applications, many of which lack existing patches or fixes. This alarming capability has led the San Francisco-based AI startup to collaborate with cybersecurity specialists to enhance defenses against hacking and to refrain from a broad public release of the model.
“We have a new model that we’re explicitly not releasing to the public,” stated Mike Krieger of Anthropic Labs at the HumanX AI conference in San Francisco. Instead, Anthropic is engaging cybersecurity specialists and engineers within the open-source community to work with Mythos, leveraging it as a defensive tool to "arm them ahead of time," Krieger elaborated.
The rapid advancements in AI model capabilities have simultaneously raised concerns about malicious actors potentially exploiting such tools to discover passwords or crack encryption, thereby compromising data security.
According to Anthropic, some vulnerabilities identified by Mythos date back 27 years, and none were apparently detected by their original developers prior to the AI model's discovery. Mythos represents the latest iteration in Anthropic’s Claude AI family. A recent leak of some of its code prompted the startup to issue a blog post, cautioning about the unprecedented cybersecurity risks it presents.
In its blog post, Anthropic stated, “AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” The company further warned that “the fallout – for economies, public safety, and national security – could be severe.”
Anthropic noted that the software vulnerabilities exposed by Mythos were frequently subtle and challenging to detect without AI assistance. As an illustration, Mythos uncovered a previously overlooked flaw in video software that had undergone over 5 million tests by its creators.
As a precautionary measure, Anthropic has shared a version of Mythos with cybersecurity firms CrowdStrike and Palo Alto Networks, alongside tech giants Amazon, Apple, and Microsoft. This collaborative effort is branded "Project Glasswing."
Networking leaders Cisco and Broadcom are also participating in Project Glasswing, joined by the Linux Foundation, which advocates for the free, open-source Linux computer operating system.
Anthony Grieco, Cisco’s chief security and trust officer, emphasized in a joint release regarding Glasswing: “This work is too important and too urgent to do alone.” He added, “AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back.”
Around 40 organizations engaged in the design, maintenance, or operation of computer systems have reportedly joined Glasswing. Project partners are slated to share their findings from Mythos, with Anthropic contributing approximately $100 million worth of computing resources to the initiative. Early engagements with AI models indicate their potential to identify and remediate software and hardware vulnerabilities with unprecedented speed and scale.