AI threat to every major software system revealed by Anthropic
Normally I’d be writing about the geopolitical consequences of war with Iran right now, and I’m sure I’ll be writing again soon. But I want to interrupt this reflection to highlight a striking advance in artificial intelligence that is happening sooner than expected and will have equally profound geopolitical consequences.
AI company Anthropic this week announced it would release the latest generation of its large language model, called Claude Mythos Preview, but only to a limited consortium of about 40 technology companies, including Google, Broadcom, Nvidia, Cisco, Palo Alto Networks, Apple, Amazon and Microsoft, and JPMorganChase. Some of its competitors are among these partners because this new AI model represents a “step change” in performance with critically important positive and negative implications for cybersecurity and America’s national security.
The good news is that in the process of developing Claude Mythos, Anthropic discovered that AI can not only write software code more easily and more complexly than any currently available model, but as a byproduct of this ability, it can also find vulnerabilities in almost all of the world’s most popular software systems more easily than ever before.
The bad news is that if this tool falls into the hands of bad actors, they can hack almost any major software system in the world, including those produced by companies in the consortium.
This is not a publicity stunt. Concerned tech experts told me that ahead of this announcement, representatives of major tech companies had private conversations with the Trump administration about the implications for the security of the United States and all other countries that use these now-vulnerable software systems.
For good reason. As Anthropic said in a written statement on Tuesday last month, “Mythos Preview has already found thousands of high-severity vulnerabilities, including every major operating system and web browser. Given the pace at which AI is advancing, it won’t be long before such capabilities proliferate, potentially outpacing actors committed to deploying them safely. “The consequences (economy, public safety and national security) could be serious.”
Project Glasswing, Anthropic’s name for the consortium, is an initiative that aims to “make these capabilities available for defensive use” by working with the largest and most trusted technology companies and critical infrastructure providers, including banks, to give leading technology firms a head start on finding and fixing these vulnerabilities, he added.
“We do not plan to make the Claude Mythos Preview generally available, but our ultimate goal is to enable our users to securely deploy Mythos-class models at scale for cybersecurity purposes, as well as for the numerous other benefits such high-capacity models will bring,” Anthropic said.
My translation: Holy cow! Super-intelligent AI is coming faster than expected, at least in this area. We knew it was getting incredibly good at ensuring that anyone, no matter how computer literate, could write software code. But even Anthropic reportedly didn’t anticipate it would be this good and fast at finding flaws in existing code and finding ways to exploit them.
Anthropic said it found critical risks in all major operating systems and web browsers, many of which power power grids, water grids, airline reservation systems, retail networks, military systems and hospitals around the world.
If this AI tool does indeed become widely available, it will mean that the ability to hack any major infrastructure system—a difficult and expensive endeavor that was once the exclusive province of private sector experts and intelligence agencies—will be available to every criminal actor, terrorist organization, and country, no matter how small.
I’m really not exaggerating when I say kids could accidentally deploy this. Mom and dad, prepare for:
“Honey, what did you do after school today?”
“Well, mom, my friends and I turned off the power grid. What’s for dinner?”
That’s why Anthropic gives carefully controlled releases to major software vendors so they can find and fix vulnerabilities before the bad guys or your kids do.
In moments like these, I prefer to take a deep dive with my technology teacher, Craig Mundie, a former director of research and strategy at Microsoft, a member of Barack Obama’s President’s Council of Advisers on Science and Technology, and the author of a book on artificial intelligence with Henry Kissinger and Eric Schmidt. creation.
In our opinion, no country in the world can solve this problem alone. The solution (and this may shock people) must start with the two AI superpowers, the US and China. It is now urgent that bad actors learn to cooperate to prevent them from reaching the next level of cyber capability.
Such a powerful tool would threaten to leave them vulnerable both to criminal actors within their own country and to terrorist groups and other enemies abroad. It could easily become a greater threat to each country than either country is to each other.
In fact, this has the potential to be a turning point as fundamental and important as the emergence of the need to prevent mutually assured destruction and nuclear proliferation. The US and China need to work together to protect themselves and the rest of the world from humans and autonomous artificial intelligence using this technology; That’s way more than they have to worry about Russia.
This is so important and urgent that it should be top of the agenda for the summit between Trump and President Xi Jinping in Beijing next month.
“The ability to develop these sophisticated cyberhacking operations, which used to be the province of big countries, big militaries, big corporations and big criminal organizations with big budgets, may become easily accessible to smaller actors,” Mundie explained. “What we are about to see is nothing short of a complete democratization of cyber attack capabilities.”
Mundie argues this means that responsible governments, together with the companies building these AI tools and software infrastructure, must urgently do three things.
For a start, he says, we need to “carefully control the rollout of these new super-smart models and make sure they only go to the most responsible governments and companies.”
We should then use the time this gives us to distribute defensive tools to good actors so that “any flaws in the software running their underlying infrastructure can be found and fixed before hackers inevitably get hold of those tools in one way or another.” (Meanwhile, the cost of fixing vulnerabilities that are sure to be discovered in legacy software systems like those of phone companies will be significant. Then multiply that by our entire industrial base.)
Finally, Mundie argues that we must work with China and all responsible countries to create secure, protected workspaces across all major networks, both public and private, where trusted companies and governments can “migrate all their critical services and thus be protected against future hacking attacks.”
It will be interesting to see what history remembers most about April 7, 2026: the ceasefire in Iran or the carefully controlled release of the Claude Mythos Preview by Anthropic and its technical allies.
This article was first published on: New York Times.
The opinion newsletter is a weekly package of opinions that will challenge, defend and inform. Sign up here.
