Ask Onix
Anthropic unveils advanced AI model with hacking capabilities
Anthropic, a leading AI firm, has introduced Claude Mythos, a model reportedly surpassing human experts in identifying and exploiting cybersecurity vulnerabilities. The revelation has triggered discussions among regulators, financial institutions, and tech giants about its potential risks and benefits.
Project Glasswing: A preemptive defense initiative
Rather than releasing Mythos to the public, Anthropic launched Project Glasswing, granting access to 12 major technology companies, including Amazon Web Services, Apple, Microsoft, Google, Nvidia, and Broadcom. Over 40 organizations responsible for critical software infrastructure have also been included in the initiative.
Anthropic CEO Dario Amodei stated in a launch video that the company is collaborating with U.S. government officials to mitigate risks associated with such advanced AI models.
Mythos's capabilities raise alarms
According to Anthropic, Mythos has demonstrated an ability to uncover thousands of high-severity vulnerabilities across major operating systems and web browsers. The model identified a 27-year-old dormant bug in legacy code and suggested methods to exploit it with minimal oversight.
"Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely."
Anthropic, April 7 statement
Global regulators and financial leaders express concerns
Canadian Finance Minister François-Philippe Champagne described Mythos as an "unknown unknown" during an IMF meeting in Washington, D.C., emphasizing the need for vigilance. Bank of England Governor Andrew Bailey noted that the central bank is closely examining the model's implications for cybercrime risks.
The European Union has also engaged with Anthropic to discuss concerns surrounding Mythos. Ciaran Martin, former head of the UK's National Cyber Security Centre (NCSC), stated that the model's ability to rapidly uncover vulnerabilities has "really shaken people."
Skepticism and cautious optimism
Independent cybersecurity experts have yet to independently verify Mythos's capabilities, leading some to question whether its performance is overstated. The UK's AI Safety Institute acknowledged the model's power but noted that its greatest threat lies in targeting poorly defended systems.
"We cannot say for sure whether Mythos Preview would be able to attack well-defended systems."
UK AI Safety Institute researchers
Martin emphasized that while the tool presents risks, it also offers an opportunity to address long-standing internet vulnerabilities. "In the medium-term, there's an opportunity to use these tools to fix a lot of the underlying vulnerabilities in the internet," he said.
Balancing hype and reality in AI advancements
As with many AI breakthroughs, distinguishing between genuine innovation and marketing hype remains challenging. The NCSC urged organizations to focus on strengthening basic cybersecurity measures, noting that most hackers exploit simple vulnerabilities rather than relying on advanced AI tools.
Anthropic's claims about Mythos highlight both the potential and the uncertainties of AI-driven cybersecurity, leaving regulators and industries to navigate a complex landscape of risks and opportunities.
