Published 08.24
The new AI model finds bugs and vulnerabilities that have been hidden for decades. The ability to plan in multiple steps allows it to hack systems and programs on its own.
– It’s not the apocalypse, but the smell of napalm is in the air, says Cambridge researcher Gerald Mako.
On April 7, the American AI company Anthropic rang the alarm bell. Their new AI model Claude Mythos’ coding ability was so high that it was uncomfortably good at finding – and exploiting – security holes.
Mythos found vulnerabilities in all major operating systems and browsers, some that had gone undetected for decades.
Previous Claude models have also been good at walking through code and following detailed instructions from humans – the difference is that Mythos does it more autonomously, according to Gerald Mako, who researches AI and cyber security at the University of Cambridge.
It can come up with a hypothesis itself – test it and then fine-tune according to the results.
– It can also chain together several weaknesses into a functioning cyber attack, he says.
Created projects
Anthropic described Mythos as so dangerous that they did not release the model freely, but instead created a project where security companies and tech giants had to test the model to find and plug security holes.
Cisco is one of the companies. There, security expert Mark Jackson describes Mythos and similar models as a paradigm shift.
“This technology dramatically lowers the skill threshold. It allows hackers to scale up attacks that were previously completely out of their reach,” he writes via email.
After 90 days, Anthropic must report on the results. In a couple of months, 23,000 vulnerabilities have been found so far, of which 6,200 are serious or critical, according to a partial result.
“There is no doubt that the situation is urgent. We expect these capabilities to become widespread as AI technology advances and those who must protect must review their environments immediately,” writes Jackson.
Not cause for concern
Gerald Mako singles out banks, manufacturing, logistics, care, sales and government as vulnerable. Ordinary individuals should take worries in moderation.
– It is not the apocalypse, but the smell of napalm is in the air because the direction is clear and AI development will not suddenly stop.
Sverker Janson leads the research institute Rises AI center. He also doesn’t think the common man should worry, as the Mythos is now being used to plug security holes.
– On the contrary, I feel happy that we are getting better tools to find these problems. Because otherwise, they were open targets that ordinary people could have found too, if they put their mind to it. It’s nothing magical.
This is how Claude Mythos works
Claude Mythos is an AI model developed by American Anthropic. The model can code and understand programming code, and according to the company, is better than almost all humans at finding and exploiting vulnerabilities.
How to use it:
1. It can read the program’s source code in a computer isolated from the Internet.
2. Mythos develops a hypothesis of possible vulnerabilities.
3. The hypothesis is tested to confirm or reject the suspicions, or adapt something and make another attempt.
4. When Mythos finds several smaller vulnerabilities, it tries to chain them together to create a more powerful attack.
5. The model writes a bug report.
Source: Anthropic
