Anthropic has launched a new security initiative alongside big tech partners, including Amazon, Apple, Google, and Microsoft, after the AI firm found its latest model was far too good at finding and exploiting software vulnerabilities.
Announcing Project Glasswing, which also counts Broadcom, Cisco, CrowdStrike, and NVIDIA among its core members, Anthropic said that testing of the unreleased Mythos model had shown the AI was “strikingly capable at computer security tasks”, saying it had found high-severity vulnerabilities in every major operating system and web browser.
Anthropic’s testing found that Mythos Preview far outperformed its previous models in a variety of coding tasks, including vulnerability reproduction, with the firm saying the AI is beyond “all but the most skilled humans” at finding security flaws.
According to Anthropic’s red team, the AI found thousands of zero-day vulnerabilities that have survived decades of human review, with the oldest exploit found so far a 27-year-old flaw in OpenBSD, a security-heavy OS used to run firewalls and other critical infrastructure.
The, thankfully now-patched, vulnerability Mythos uncovered would allow hackers to remotely crash any machine using the OS “just by connecting to it”.
It also managed to independently link together a series of flaws in the Linux kernel, the core interface between a machine’s hardware and software, creating a path for an attacker to go from ordinary user access to full system takeover.
That opens the door to some terrifying prospects. Recent figures show that Linux is the operating system behind 100% of the top five hundred most powerful supercomputers in the world, as well as more than 96% of the world’s top one million web servers, and the OS at the heart of every Android phone.
Looking at the Mythos safety card reveals even more concerning behaviour, with Anthropic admitting the model demonstrated a “dangerous capability for circumventing our safeguards”, and covering its own tracks.
“Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely,” said Anthropic. “Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes.”
“No one organisation can solve these cybersecurity problems alone: frontier AI developers, other software companies, security researchers, open-source maintainers, and governments across the world all have essential roles to play.”
Recommended reading
Framing Glasswing as an altruistic mission, Anthropic said that the project partners, including JPMorganChase, the Linux Foundation and Palo Alto Networks, will use Mythos Preview to build next-gen defences before these advanced capabilities proliferate to threat actors.
For its part, Anthropic has committed up to $100m in Mythos credits for these efforts, as well as $4m in donations to open-source security organisations, and pledged to share what it learns from its own research with the wider industry, a noteworthy gesture in the cutthroat world of AI development.
The potential threat may even act as an olive branch with the US Government following Anthropic’s months-long spat with the Pentagon, with the firm saying it is in ongoing discussions with officials about Mythos’ offensive and defensive cyber capabilities.
Related
Click Here For The Original Source.
