According to the California-based company, during internal tests, Mythos discovered “thousands” of zero-day vulnerabilities in online-accessible programs, a term indicating that their designers and users are unaware of the weakness point. Without intervention to fix them, these flaws could potentially provide hackers with as many angles for cyber attacks.
“Difficult to detect” vulnerabilities “The potential of AI has crossed a threshold that fundamentally changes the level of urgency required to protect (IT) infrastructures from attacks,” commented Anthony Grieco, security chief at IT network specialist Cisco.
Many observers have noted that the delay in Mythos’ release was significant as the deployment of new models has significantly accelerated over the past six months in a cutthroat competitive environment. “The flaws it finds are often subtle and difficult to detect,” warned Anthropic on Tuesday, citing an issue in a video software tested over five million times by its authors without detecting the problem.
Before releasing its model online, the company founded by former OpenAI members decided to share it with cybersecurity specialists CrowdStrike and Palo Alto Networks, as well as with industry giants like Amazon, Google, Nvidia, Apple, and Microsoft. About 40 organizations involved in designing and maintaining IT systems have also joined the group.
“So far, flaw detection has been a process requiring a lot of human intervention, with not very high efficiency,” analyzed Gang Wang, professor of computer science at the University of Illinois (UIUC). “But with AI working around the clock, we can do mass cleansing,” he said, referring to a technique known as CDR that involves examining all files, removing potentially dangerous elements, and replacing them with a safer version.
“On the bright side” The partners of the Glasswing project “will work with the test version of Mythos on IT security and share their results for the benefit of the entire industry,” explained Anthropic. The company will provide partners with computing capabilities worth $100 million to use Mythos. “Everyone must prepare for the arrival of AI-assisted hackers,” declared Lee Klarich, Chief Technology Officer at Palo Alto Networks.
For Gang Wang, “the good news is that these AI companies want to be on the right side of the cybersecurity battle.” Developing AI interfaces gives them an edge over hackers as they can test and anticipate their effects before commercializing them.
But for Luka Ivezic, of the Information Security Forum (ISF), a research and cybersecurity best practices dissemination organization, AI “lowers the cost of detecting a flaw for a cybercriminal and allows for more attempts,” with greater sophistication, including for less skilled hackers.
“Additional safeguards” The company stated that Mythos was initially designed as a general model and not as a dedicated cybersecurity tool. “Our ultimate goal remains to deploy Mythos on a large scale,” either for the general public, “for cybersecurity purposes but also for the myriad of other possibilities this model will offer,” announced Anthropic.
