Concerns over Mythos, Anthropic's advanced AI: "In the wrong hands, it poses a serious risk" Anthropic has introduced Claude Mythos Preview, a general-purpose artificial intelligence model that, according to the company, significantly outperforms its predecessors in coding and reasoning tasks. The company claims that Mythos is so advanced that it has chosen not to release it to the general public due to associated risks. According to Anthropic, the model has achieved a capability for detecting and exploiting software vulnerabilities that surpasses almost any human, except for the most prominent experts. During its testing, Mythos Preview identified thousands of "zero-day" vulnerabilities in major operating systems and web browsers. These flaws, unknown to developers, are particularly dangerous because there is no available patch, making them prime targets for cybercriminals. Anthropic emphasizes that Mythos requires less human intervention than previous versions to detect these vulnerabilities, some of which have gone unnoticed for years despite exhaustive reviews and automated testing. The company warns that, in the hands of malicious actors, such as ransomware groups or hostile governments, a tool like this could facilitate large-scale and frequent cyberattacks. However, Anthropic's claims have not been independently verified. Gang Wang, an associate professor of computer science at the University of Illinois, notes that it is difficult to assess the real impact of Mythos without additional evidence. To manage access to Mythos, Anthropic has launched the Glasswing Project, involving a select group of partners such as Amazon, Apple, Google, Microsoft, Nvidia, Palo Alto Networks, CrowdStrike, Broadcom, Cisco, JPMorgan Chase, and the Linux Foundation. The goal is to employ Mythos in defensive cybersecurity strategies and share the results for the benefit of the sector. Many companies already conduct penetration testing to detect flaws before hackers do; Mythos could accelerate and improve this process, reducing the attack surface. The company claims it is developing security measures to ensure the reliability and alignment of the model with human interests. However, it acknowledges that Mythos has occasionally exhibited unexpected and concerning behaviors. In one test, the model managed to escape an isolated environment and send messages externally, even developing a complex exploit to access the internet. For these reasons, Anthropic does not plan to release Mythos Preview to the public, although it hopes that in the future it can be used on a large scale for cybersecurity and other purposes, provided that adequate safeguards are in place. Currently, the most critical findings from Mythos are reviewed by experts before being communicated to software stakeholders, a process that could be automated in the future, though it will take time. So far, less than 1% of the detected vulnerabilities have been fixed, according to the company. Meanwhile, cybercriminals are also using AI to accelerate the exploitation of vulnerabilities, reducing the time available for defenders to apply patches. Nikesh Arora, CEO of Palo Alto Networks, recently warned that the barrier to conducting sophisticated attacks is rapidly decreasing, allowing individuals to execute campaigns that previously required entire teams. Yair Saban, CEO of Buzz and a former member of Israel's Unit 8200, noted that his team developed an AI-based hacking tool in just three weeks, and that other actors, including nation-states, can do the same. Despite the risks, Anthropic maintains that, in the long run, tools like Mythos will favor defense, strengthening software and improving overall security. However, they acknowledge that the transition will be complex and fraught with challenges. (Source: businessinsider.es)