Anthropic’s New AI Model Alarms Cybersecurity Experts with Hacking Potential
Anthropic has announced a significant shift regarding its new AI model, Claude Mythos Preview. Out of concern for its potential to disrupt cybersecurity, the company has decided not to release it to the public. This decision reflects a growing anxiety among experts about the capabilities of this advanced artificial intelligence.
Unexpected Cybersecurity Implications of Claude Mythos Preview
In a recent blog post, Anthropic described Mythos as capable of autonomously identifying, analyzing, and exploiting software vulnerabilities at an unprecedented scale. The company highlighted that its performance might surpass that of human professionals in some instances, marking what they refer to as a “watershed moment” in AI development.
Expert Insights on AI’s Cybersecurity Potential
- Jake Moore, a global cybersecurity specialist at ESET, emphasized the dual purpose of Anthropic’s announcement: genuine caution and branding as a safety-focused AI firm.
- Anthropic’s Mythos has reportedly detected thousands of critical security flaws, including zero-day vulnerabilities, in contrast to elite human teams, which typically identify around 100 such vulnerabilities annually.
- Comparatively, Ofer Amitai from Onit Security noted that Mythos could produce outputs 10-100 times greater than top human teams and significantly reduce exploit development time.
Capabilities and Concerns with Large Language Models
Mythos is built on large language model technology, which has demonstrated proficiency in coding. Erik Bloch, vice president of information security at Illumio, explained that LLMs treat code as another form of language, making them adept at identifying bugs and vulnerabilities often overlooked by humans or conventional tools.
Cost, Scalability, and Potential Uses
Despite its significant capabilities, there are questions surrounding the costs associated with AI-powered cybersecurity. Testing revealed that identifying a 27-year-old vulnerability required an investment of $20,000 when using Mythos. This raises concerns about whether AI can scale effectively compared to human effort.
Offensive and Defensive Dynamics in Cybersecurity
The introduction of tools like Mythos poses challenging questions about their implications for cybersecurity. Experts warn that, if available publicly, attackers could leverage these tools to create highly targeted phishing attempts or sophisticated exploit chains with ease. However, as defenders adapt and incorporate similar technologies, they could eventually regain an advantage.
- Mike Britton from Abnormal AI highlighted the risks inherent in such powerful tools.
- Amitai believes that defenses built on Mythos capabilities would enable quicker vulnerability detection and remediation across entire systems.
Project Glasswing: Controlled Testing for Safety
Anthropic has initiated “Project Glasswing,” allowing select companies, including Google and JPMorgan Chase, to test Claude Mythos in a controlled setting. This initiative aims to explore the model’s capabilities while ensuring a focus on defensive applications.
Concerns remain about the broader impact of Mythos on economies, public safety, and national security. Dan Andrew, head of security at Intruder, cautioned that, while the situation seems alarming, Anthropic’s careful handling indicates they recognize these risks as substantial.
