A single AI model has sent shockwaves through the cybersecurity industry not by being hacked, but by being too good at finding vulnerabilities.
Anthropic’s Mythos, released earlier this month to a controlled group of 40 organisations, has already triggered close to 150 software updates at one major US bank, and cybersecurity executives are warning that the pace of discoveries could outstrip companies’ ability to safely deploy fixes.
Mythos was created by Anthropic precisely to identify cybersecurity vulnerabilities at a faster rate than human analysts could. In the weeks following its restricted release, the results started pouring down from the tech stack of those who received it first.
According to the Financial Times, Fifth Third Bank’s CFO Bryan Preston said that the bank’s technology vendor, Microsoft, had introduced around 150 software updates since the release of Mythos.
The effect of the model was not mincing any words when explained by the president and Cisco Chief Product Officer Jeetu Patel. “When you consider that there is a pre-Mythos world and there is a post-Mythos world,” Patel says. Cisco is one of the select few companies in the United States, along with Amazon, Microsoft, and JPMorgan Chase, to gain access to the model.
The number of bugs that have been detected through Mythos has brought an additional challenge, too many patches coming in too quickly. “There is a possibility of flooding with patches,” Palo Alto Networks Chief Security Officer of EMEA Haider Pasha cautioned.
Patching security vulnerabilities frequently requires system downtime, which is something critical infrastructure companies must be able to do only during scheduled maintenance periods.
“The challenge with patching is you actually have to bring down your system sometimes,” Patel said, “and most organisations can’t afford to have downtime.” For hospitals, utilities, and financial institutions running older software on tight operational schedules, that constraint is not theoretical it is structural.
It goes even further than how Mythos interacts with its users. According to Palo Alto Networks, the technology will spread out of the safe confines of models designed by American companies and allow hostile groups to create, as Pasha puts it, “autonomous attack agents like nothing the industry has seen before”.
The ability to connect various vulnerabilities and turn them into a chain of attacks for one attack path shows how much more advanced adversarial AI has become.
It was confirmed earlier this week that Anthropic is currently looking into unauthorised access to its technology through third-party platforms, adding yet more pressure on the organisation from central banks, regulators, and institutions that require fast access to Anthropic’s product that it has refused up until now.
Cybersecurity executives with access to Mythos told the FT that joint action “across the public and private sectors” is now essential to protect critical infrastructure.
Click Here For The Original Source.
