Anthropic's Mythos AI Model Sparks Global Cybersecurity Concerns
Anthropic, the US tech startup behind the Claude chatbot, has confirmed it will not release its latest AI model, Mythos, to the public due to significant cybersecurity threats. This decision follows reports of unauthorized access by a small group, intensifying fears about the rapid development of advanced AI and the challenges in controlling high-risk technologies.
What Is the Mythos AI Model?
Mythos is an AI model designed to power tools like chatbots, but Anthropic warns it represents a serious potential threat to organizational cybersecurity. Announced on April 7, Mythos can identify unknown flaws, known as zero-day vulnerabilities, in every major IT operating system and web browser. These flaws, some undetected for decades, could theoretically be exploited by hackers if the model is misused.
Anthropic has described this capability as a watershed moment for cybersecurity. To mitigate risks, the company has granted access only to select tech firms and banks, including Apple and Goldman Sachs, through Project Glasswing, allowing them to assess potential threats to their operations and customers.
Why Is Mythos a Cause for Alarm?
The UK's AI Security Institute (AISI) highlights Mythos as tangible evidence of AI's disruptive potential, noting its ability to execute multi-step cyber-attacks and identify IT flaws autonomously. In a test, Mythos successfully completed a 32-step simulation of a cyber-attack, marking a first in AI capabilities according to the AISI.
However, experts caution that Mythos may represent an evolution rather than a revolution. Companies like Aisle have found that other, cheaper AI models can also detect similar vulnerabilities, suggesting nuance in Anthropic's urgent warnings. Additionally, many cybersecurity breaches still stem from well-known risks like weak authentication, not just new AI-driven threats.
Concerns extend to the potential for Mythos to fall into malicious hands, as evidenced by recent unauthorized access incidents. UK and US regulators, including the Treasury and financial authorities, are actively discussing the model's implications, with worst-case scenarios predicting disruptions to banking systems and daily payments.
Expert Assessments and Industry Response
The AISI has evaluated Mythos, labeling it a step up from previous models in cybersecurity threat levels. It can target weak IT systems, though its effectiveness against well-defended systems remains unverified. The institute emphasizes that AI capabilities are only expected to improve, raising long-term security questions.
In response, about 40 companies, including Google and JP Morgan, are participating in Project Glasswing to test Mythos for defensive purposes. Despite this, partners have not disclosed detailed findings, leaving regulators and banks to speculate on the model's full impact. High-level meetings in the UK and US are addressing these risks, with officials from the Bank of England and National Cyber Security Center involved.
Overall, while Mythos showcases advanced AI potential, its announcement has fueled broader debates on AI's role in cyber-risk, balancing innovation with security imperatives in a rapidly evolving technological landscape.
