Anthropic's new AI model Mythos: Too dangerous for the public

Anthropic has introduced Mythos, a new AI model that is said to be so dangerous that it should not be made public. Instead, Claude Mythos Preview is to be made available exclusively to a range of companies working on IT security as part of an initiative called Project Glasswing. They are to use the AI technology to secure the "world's most critical software." Anthropic justifies this step by stating that the AI model has already identified thousands of high-risk zero-day vulnerabilities. Such vulnerabilities have been discovered in all major operating systems and every internet browser, as well as in numerous other software. Above all, Mythos Preview is significantly more capable of developing a working exploit.

Decades-old vulnerabilities identified

As an example, Anthropic lists a vulnerability in OpenBSD that has been overlooked for 27 years, which could allow attackers to crash a device remotely "just by connecting to it." It also mentions a 16-year-old vulnerability in FFmpeg that was not identified in five million automatic scans with special search tools. Furthermore, the model was able to combine a series of previously unknown vulnerabilities in the Linux kernel and develop an attack from them that would allow an attacker to gain complete control over a computer as a normal user. These and other vulnerabilities have been reported to the respective responsible parties. Anthropic has published a blog post on the matter.

The initiative "Project Glasswing" now presented includes, among others, Amazon Web Services (AWS), Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. 40 other organizations responsible for software for critical infrastructure are also involved. In total, Anthropic is providing usage rights worth up to 100 million US dollars for the new AI model, with four million US dollars going directly to operators of open-source software. This is intended to enable them all to search systems for vulnerabilities. These are to be closed before other AI models catch up to Mythos' capabilities.

Anthropic is primarily known for its AI Claude, which competes with OpenAI's ChatGPT. However, the company recently made headlines due to a dispute with the Pentagon: Anthropic refused to allow its AI to be used in autonomous weapons or for mass surveillance in the USA and was consequently declared a security risk. The company is now taking legal action against this. The AI company told the US magazine Platformer that it could help the US government with the much-needed evaluation of Mythos. However, it is still unclear whether they would accept the offer. It is also unclear whether the plan to find security vulnerabilities with increasingly powerful AI tools in time to preempt malicious attackers will succeed.

Read also

Anthropic wants over 3.5 gigawatts of computing capacity with Google's TPUs

(mho)