When Anthropic detected last September that someone was using its artificial intelligence software in a highly sophisticated spy campaign, the company began investigating. What stood out about this cyberattack was how much the hackers, who Anthropic says were probably Chinese-sponsored, relied on AI.
Rather than advising the attackers, the company discovered, the AI technology actually carried out much of the attack itself.
Fast-forward to this past week, when the company said AI had made another huge leap in its cyberattack capabilities. The most advanced model to date, Claude Mythos Preview, not only had found thousands of severe vulnerabilities in common operating systems that humans had missed, but also had devised sophisticated ways to exploit those gaps.
Why We Wrote This
Tech leaders are scrambling to address risks after Anthropic found its new artificial intelligence tool can both find and exploit software flaws, highlighting a new era of security vulnerability.
The software was so powerful, the San Francisco-based company said, that it would not release it publicly, but rather, for the moment, would make it available to a newly formed consortium of some 40 key tech companies that could fix the vulnerabilities Mythos found.
In short, with AI, the long-standing arms race between hackers and cybersecurity firms is going nuclear. If what Anthropic has claimed about Mythos is true, then the race will be faster, more sophisticated, and bigger than ever before.
“This is kind of the beginning of the full-scale reckoning of the cyber risk posed by AIs,” says Mantas Mazeika, research scientist at the Center for AI Safety, a nonprofit that advocates for standards to manage risks like misinformation, weaponization, and existential threats.
The twist is that this time, it’s the cybersecurity community that might have gained a step on the hackers.
“I view this as an opportunity to get ahead of the bad guys,” says V.S. Subrahmanian, a computer scientist at Northwestern University. “We have this capability now to identify the vulnerabilities that might exist in a system.”
Mission: defend or attack?
Anthropic built Mythos as a cutting-edge, general-purpose AI model. But what Anthropic found was that it had made a big leap in its ability to detect software bugs and, more importantly, how to use those bugs, sometimes in tandem, to attack systems. The company claims it found severe vulnerabilities in every major operating system and web browser, some of which had gone undetected for years.
For example:
- An operating system called OpenBSD, used to run firewalls that protect computer systems, had a 27-year-old vulnerability that would let a hacker remotely crash any machine running the software.
- It also discovered a 16-year-old flaw in the popular FFmpeg software, which codes and decodes video, that could help attackers crash devices or steal control of them.
- On its own, Mythos combined several problems in Linux code to allow hackers to take control of a server. Linux runs most of the world’s servers, which in turn run companies’ and others’ networks.
“AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities,” the company warned in its introduction of Project Glasswing. The consortium is using Mythos to find and fix key flaws in its own software and systems.
Part of Mythos’ advantage over humans is the speed with which it can operate.
To find software bugs, most major technology companies follow a cycle. They hire professionals who find a vulnerability in the system and figure out how to exploit it. Then those professionals alert the company, which figures out how to “patch” it. Typically, that process takes months.
“What we’re basically seeing these AI systems do now – if everything that they are saying in this announcement is accurate – is that time is compressed significantly,” says Allie Mellen, an AI security operations analyst in Boston. “The time between anyone – not just a white-hat hacker, but also a black-hat hacker, or a nation-state or a cyber criminal gang – being able to identify and exploit those vulnerabilities is incredibly small.”
Speed matters
That kind of speed means small companies are most at risk because they don’t have the resources that big companies do to spend what’s needed to fix flaws in their systems.
“Is this a manageable threat? Not with the current software security practices that we have,” says Katie Moussouris, founder of Luta Security, a cybersecurity firm in Seattle.
“My hope is that this will galvanize as much innovation on the AI defense end as it has on the AI offense end,” she says. “We do need to match that energy, or we are not going to be prepared for the tsunami of bugs and patches that are going to be coming out in the next year.”
Anthropic says it will not widely release this version to the public, in an effort to keep it out of the hands of hackers. Dr. Mellen calls Anthropic’s approach a “very positive step,” and exactly what’s needed in the short term.
Down the road, though, “it’s a different conversation,” she says. “We need to rethink the way that we are approaching the patching process and system.”
Finding gaps, blocking hackers
In her view, the solution is two-sided: (1) finding the vulnerabilities in existing software and (2) setting up processes for developing new software. That might mean using AI technologies like Mythos to spot vulnerabilities in advance, so new software is developed to be more hacker-resistant.
On the political end, several experts say a first step would be a dialogue among AI firms, cybersecurity companies, and industry and government officials.
AI technology is moving so fast, however, that there’s only a tight window to act or make revisions before AI’s capabilities spread beyond Anthropic’s latest development.
The company’s CEO, Dario Amodei, has said competitors are only six to 18 months behind. Some say China and others may be able to match Mythos’ capabilities sooner – perhaps in just a few months.
“Chinese cyber capabilities are formidable and impressive, and they have probably hacked Anthropic long back,” says Dr. Subrahmanian of Northwestern. “I would suspect they have it already or have the ability to get it very soon.”
