Securing Software: Anthropic opens „Project Glasswing“ for Europe

Anthropic wants to significantly expand access to its most powerful AI model, Mythos, allowing organizations in more than 15 countries to search for security vulnerabilities in system-relevant software. The AI company announced this without providing further details. The Financial Times reports, citing a person familiar with the matter, that institutions in Germany and Switzerland, as well as other European countries, India, Japan, and South Korea, will also receive access. The newspaper specifically names Samsung, SK Hynix, the financial messaging network Swift, and the military alliance NATO. The project, launched in early April, is expected to be expanded to 150 new organizations here.

Only security-relevant organizations with access

Anthropic introduced Mythos in early April and states that the model is so dangerous that it is only made available to companies working on IT security. The AI model has since identified over 10,000 high-risk zero-day vulnerabilities, including in all major operating systems and every internet browser. At the same time, the AI technology is significantly more capable of developing a working exploit for such vulnerabilities, sometimes even using multiple vulnerabilities in conjunction. As part of “Project Glasswing,” the industry is to work on patching vulnerabilities found this way. This is intended to prepare the industry for when other AI models become available that criminals can use to catch up.

According to Anthropic, all organizations that already have access to Mythos and those that are now receiving it have one thing in common: “successful attack on their codebase could be catastrophic.” The AI company explains that a “major attack” on any one of them could affect more than 100 million people, with serious consequences for global and national security. While certain industries have not been as well represented until now, this has now been changed primarily for energy and water supply, the healthcare sector, communication, and hardware manufacturing. At the same time, they are working hard to make capabilities like those of Mythos safely available to the public.

The significance of Mythos and similar AI models, as well as Anthropic's approach, has been debated for weeks. Opinions are divided whether this is clever PR before the planned IPO or actually the best method to prepare for a security catastrophe. At Mozilla, for example, they recently found significantly more vulnerabilities in Firefox and were able to secure the browser. In the download tool curl, only one vulnerability was discovered. At the same time, those responsible for software projects have been complaining for months about the greatly increased workload from AI-assisted bug hunting, where there is far too little help.

Read also

Comment: Open-source developers are working themselves sick on AI bugs

(mho)