Anthropic keeps latest AI tool out of public’s hands for fear of enabling widespread hacking | AI (artificial intelligence)
Anthropic said Tuesday that its unreleased artificial intelligence model, called Claude Mythos, has proven extremely adept at uncovering software vulnerabilities.
Mythos has uncovered thousands of vulnerabilities in widely used applications for which no patches or fixes exist, prompting the San Francisco-based AI startup to form an alliance with cybersecurity experts to strengthen defenses against hacking and prevent wide distribution.
“We have a new model that we have not released publicly,” Mike Krieger of Anthropic Labs said at the HumanX AI conference in San Francisco.
Krieger explained that Anthropic instead allowed cybersecurity experts and engineers in the open source community to work with Mythos to use the model as “a sort of defensive weapon that would pre-arm them.”
Jumps in AI model capabilities have also raised concerns about hackers using such tools to crack passwords or break encryption to keep data safe.
According to Anthropic, the oldest of the vulnerabilities uncovered by Mythos date back 27 years, and none were apparently noticed by their makers before being detected by the AI model.
Mythos is the latest generation of Anthropic’s Claude family of AIs, and a recent leak of some of its code prompted the startup to publish a blog post warning that it poses unprecedented cybersecurity risks.
“AI models have reached a coding capacity that can outpace all but the most skilled humans at finding and exploiting software vulnerabilities,” Anthropic said in a blog post. “The consequences for economies, public safety and national security could be serious.”
According to Anthropic, the software vulnerabilities uncovered by Mythos were often subtle and difficult to detect without artificial intelligence. As an example, he said Mythos found a previously undetected flaw in video software that had been tested more than 5 million times by its creators.
As a precaution, Anthropic has shared a version of Mythos with cybersecurity companies CrowdStrike and Palo Alto Networks, as well as Amazon, Apple and Microsoft, in a project it calls “Glasswing.”
Networking giants Cisco and Broadcom are also involved in the project, as is the Linux Foundation, which supports the free, open-source Linux computer operating system.
Anthony Grieco, Cisco’s chief security and trust officer, said in a joint statement about Glasswing: “This work is too important and urgent to be done alone.” “AI capabilities have crossed a threshold that has fundamentally changed the urgency required to protect critical infrastructure from cyber threats, and there is no turning back.”
Around 40 organizations involved in the design, maintenance or operation of computer systems are said to have joined Glasswing. Project partners will share their Mythos findings, according to Anthropic, which provided approximately $100 million worth of computing resources for the mission. According to Grieco, early work with AI models has shown that they can help find and fix vulnerabilities in software and hardware at a speed and scale not previously possible.
“The window between the discovery of a vulnerability and its exploitation by an adversary has collapsed; what used to take months now happens in minutes with AI,” said Elia Zaitsev, Crowdstrike’s chief technology officer.
“The Claude Mythos Preview shows what is possible for defenders at scale, and opponents will inevitably look to take advantage of the same capabilities,” he added.
Anthropic said it was in talks with the U.S. government regarding Mythos despite the White House’s decision in February to terminate all contracts with the startup. That directive was put on hold by a federal court judge, while Anthropic’s legal challenge continues to work its way through the courts.
