\n
<\/p>\n
The real question about Anthropic\u2019s new Claude Mythos Preview AI model is whether it (and future models like it) will be more helpful to defensive cybersecurity or to hackers. To find out, Fast Company<\/em> asked a number of cybersecurity pros.\u00a0<\/p>\n Claude Mythos, released in \u201cpreview\u201d on April 9, is Anthropic\u2019s biggest and most capable frontier AI model. Anthropic researchers say that during its training, the model showed a unique ability to find security vulnerabilities deep within software code, then create exploits to gain administrator-level access to software systems, including operating systems. <\/p>\n Because of this, Anthropic says, Mythos is too dangerous to release to the public. But because similar AI models are likely on the way, it announced an industry initiative called Project Glasswing, for which it\u2019s giving cybersecurity researchers at various companies and institutions access to the Mythos model so they can harden widely deployed software against AI-assisted attacks.\u00a0<\/p>\n \u201cWhat Anthropic is showing . . . is how quickly AI is getting to a place where it can identify vulnerabilities at scale,\u201d says Marcus Fowler, CEO of Darktrace Federal. \u201cWhen AI can find vulnerabilities at a speed and depth that materially changes how quickly weaknesses can be identified, it fundamentally accelerates the discovery of issues across both new and existing systems.\u201d <\/p>\n Dean Ball, a senior fellow at the Foundation for American Innovation and former senior policy adviser for artificial intelligence and emerging technology under President Donald Trump, says that by getting early access to Mythos, cybersecurity researchers will have an advantage in the ongoing cold war with hackers. <\/p>\n \u201cWhen the dust settles, Mythos and the similarly capable models that will follow it will go down as major achievements in the history of cybersecurity,\u201d Ball tweeted Thursday. \u201cThe hardening they will do to all important global software is a gift from American capitalism given freely to the world, at our great expense.\u201d<\/p>\n But Ball acknowledges in a message to Fast Company<\/em> that there may be a time clock on the advantage Mythos confers. There\u2019s a constant struggle between defensive cybersecurity people and cybercriminals (hackers) to use the latest software to their advantage. \u201cThere is always an equilibrium between offense and defense, and Anthropic is attempting to give defense a leg up by keeping Mythos in limited availability for now,\u201d Ball says. <\/p>\n He notes that the head start may last only 9 to 12 months before some AI lab open-sources a model similar to Mythos. But it could be much sooner if someone manages to steal the Mythos parameter weights. \u201cThis may have already happened, and it may be very hard to tell if it does,\u201d Ball says.\u00a0<\/p>\n In the meantime, Anthropic\u2019s model could get exposure to, and experience with, a lot of software code from major commercial systems it\u2019s never seen before. It\u2019ll see new kinds of architecture and software flaws that could be exploited by attackers, and develop new patches for those. This will not only make Mythos more effective in the cybersecurity realm, but it could also benefit Anthropic\u2019s Claude Code product by making it better at detecting bugs or potential security problems in the code it generates.<\/p>\n Mythos may be more than an upgrade to the AI that hackers already use. In the Claude Mythos Preview system card, Anthropic researchers describe how the model scanned large open-source codebases, identified software bugs that had persisted for decades, and then developed sophisticated exploits to target them. Systems like Mythos could dramatically increase the speed and scale at which vulnerabilities are found and exploited.\u00a0<\/p>\n \u201cFrontier AI models like Claude Mythos represent a true inflection point for cybersecurity because they dramatically compress the time between identifying a vulnerability and exploiting it,\u201d says Dan Schiappa, president of technology and services at Arctic Wolf. \u201cZero-days are not new, but the speed at which they can now be discovered and weaponized is. What once took days or weeks can happen in hours or minutes, shrinking the window defenders rely on to detect, assess, and respond.\u201d<\/p>\n Once AI can produce working zero-day exploits at speed, as Mythos apparently can, organizations could \u201close the breathing space they have traditionally relied on to detect, patch, and recover,\u201d says X-PHY CEO Camellia Chan, noting that during testing, an early version of Mythos Preview escaped its sandboxed environment and independently accessed the internet. <\/p>\n That\u2019s Mythos exhibiting unsanctioned autonomous behavior. \u201cAny security architecture that assumes a bounded, predictable attacker needs to reckon with that,\u201d Chan says.<\/p>\n Indeed, the AI-assisted cyberattacks of the future may take shapes that researchers haven\u2019t seen before. \u201cThe most troubling capability to me is the claim that it is highly effective at reverse engineering binaries and identifying new exploits,\u201d says Black Duck CEO Jason Schmitt. \u201cThat is breaking new ground in automated exploitation of arbitrary pieces of software, which DARPA has been funding research around for years.\u201d<\/p>\n Scott Kuffer, chief product officer at Nucleus Security, says: \u201cOrganizations need to rethink how they prioritize and operationalize risk in environments that are dynamic and increasingly unpredictable.\u201d<\/p>\n Other experts point out that Project Glasswing focuses on locating security vulnerabilities, but doesn\u2019t create tools for remediation. <\/p>\n \u201cThere’s a lot of defensive benefit here, but they’re missing an important\u2014maybe the<\/em> important\u2014part,\u201d says Drew Lohn, senior fellow at Georgetown University\u2019s Center for Security and Emerging Technology (CSET). \u201cThey’re like, \u2018We’re going to give defenders the opportunity to find the vulnerabilities first and we’re going to give them the tools to write the patches,\u2019 but that was never the hard part.<\/p>\n \u201cIf AI helps find vulnerabilities, that’s good for attackers and for defenders,\u201d Lohn adds. \u201cIf AI helps write exploits, that helps attackers maybe a little bit more than defenders. But then attackers, once they’ve got it written, can just fire it away, and defenders have to do a lot more work to make sure those patches get implemented.\u201d <\/p>\n In an email, Chainguard CEO Dan Lorenc tells Fast Company<\/em> that many organizations lack the resources to patch all the vulnerabilities that Project Glasswing exposes, writing that enterprises \u201caren’t ready for the influx of real vulnerabilities and patches they’re going to need to get out quickly.\u201d\u00a0<\/p>\n Darktrace\u2019s Fowler provides more color, noting, \u201cMany organizations can\u2019t patch everything, whether it\u2019s legacy systems, unmanaged devices, or environments where updates aren\u2019t feasible. So while the window of vulnerability may get narrower, it doesn\u2019t disappear entirely.\u201d\u00a0<\/p>\n Both Lohn and Fowler believe that if AI tools help reduce the number of software vulnerabilities (and therefore targets), hackers might try other kinds of targets: human targets.\u00a0<\/p>\n \u201cIf I\u2019m an attacker and I can\u2019t easily break the code, I\u2019m going to look for another path, and the most effective one is often the human,\u201d Fowler says. \u201cIt\u2019s someone already inside the environment, whether that\u2019s a malicious insider, a compromised credential, or someone being incentivized or coerced. They already have access, and they can operate in ways that bypass controls inside the environment.\u201d<\/p>\n AI systems like Mythos could also broaden the potential attack surface for hackers. <\/p>\n \u201cWhile most cyber defense begins in the data center, this stands out as an existential threat that must be first addressed at the edge,\u201d Viakoo Labs VP John Gallagher writes in an email. This could mean protecting power grids, water systems, self-driving car networks, industrial automation systems or smart home appliances. \u201cMythos is OS agnostic, but vulnerability remediation is not,\u201d he writes. \u201cThere is no \u2018Windows Update\u2019 for a water pump or an IoT gateway.\u201d<\/p>\n And speaking of critical software systems, it\u2019s not always easy to install patches quickly, CSET\u2019s Lohn points out. \u201cThe reason that there were so many vulnerabilities is because you can’t take these systems offline right away, or you have to be pretty darn sure that any update you make isn’t going to crash the system,\u201d he says, recalling the disastrous CrowdStrike patch install<\/a> that grounded airline, bank, and hospital systems in July 2024. \u201cThat’s the big concern: How long does it take to update? How sure can you be that your update didn’t break some other stuff?\u201d<\/p>\n In some online conversations this week, people questioned whether Mythos is really as capable, and therefore threatening, as Anthropic’s researchers say it is. It\u2019s true that AI labs have in the past hyped their models by talking about how dangerous they are. But it seems far-fetched that Anthropic\u2019s researchers would go to the trouble of faking the Mythos performance tests and then writing a 280-page system card about it. And all of Anthropic\u2019s Glasswing partners would have to be in on the scam.\u00a0<\/p>\n But whether Mythos ultimately helps software security more than it harms it is yet to be seen. Not everybody thinks it will. <\/p>\n BeyondTrust SVP Bradley Smith, for one, questions the narrative that Anthropic is really giving the good guys a head start, pointing out that hackers have been using AI tools for some time. They have experience with them, and will soon have access to far more powerful models.<\/p>\n \u201cThere is no head start,\u201d Smith says. \u201cThere is only the decision to act or the decision to wait, and waiting has already cost the industry more than most leaders are willing to admit.\u201d<\/p>\nNot just next year\u2019s model <\/strong><\/h2>\n
Detection is the easy part<\/h2>\n
The AI is real, even if its impact is uncertain<\/h2>\n
\n