Claude Mythos: A double-edged sword of global-cybersecurity

Anthropic is back in the news, with yet another groundbreaking development in AI. Its latest AI model, Claude Mythos, which runs AI models like Claude and Claude code, has the cybersecurity space is worried.

In its latest blog, Anthropic said that Claude Mythos Preview is a new general-purpose language model. "This model performs strongly across the board, but it is strikingly capable at computer security tasks. In response, we have launched Project Glasswing, an effort to use Mythos Preview to help secure the world’s most critical software and to prepare the industry for the practices we all will need to adopt to keep ahead of cyberattackers," the blog explained.

Soon after its launch, central bank governors, finance ministers and financiers have expressed their serious concerns as the new model could undermine the security of financial systems. Canadian Finance Minister Francois-Philippe Champagne said in an interview with the BBC that Mythos has been discussed extensively by his peers at the International Monetary Fund (IMF) meeting this week, and it is serious enough to warrant the attention of all finance ministers.

The model is yet to be launched for the public and is only available for government entities and central banks to access and assess its capabilities. Anthropic believes the launch of Mythos as a watershed moment for the cybersecurity industry.

Read on to know what Claude Mythos is, what it can do and why it is grabbing attention in the highest circles of the government, central banks and financial institutions.

What is Claude Mythos Preview?

Mythos Preview is a general-purpose language model capable of exploiting vulnerabilities in the most complex cybersecurity systems. Anthropic found it to be so powerful that the model was just released for elite partners, which include governments and financial institutions. The company calls it Project Glasswing, which will enable the elite partners to use Mythos Preview to help secure the world’s most critical software.

What is Mythos Preview capable of?

Unlike the earlier launches of Anthropic’s Claude models, Mythos Preview was capable of finding bugs in the world’s most critical software, all on its own, without any human intervention. The company, over the past few weeks, has used Mythos Preview to identify zero-day vulnerabilities (flaws that were previously not discovered) and found flaws in the most critical operating systems, browsers and important pieces of software.

Here are key examples highlighted by the company.

• Mythos Preview found a 27-year-old vulnerability in OpenBSD, which is one of the most critical security-hardened operating systems. OpenSSH, which is has been developed as part of the OpenBSD project, is used in communication between servers across the globe. It facilitates private data transfer across the globe without getting hacked. The AI model found vulnerabilities in OpenBSD, which could allow an attacker to remotely crash any machine running the operating system just by connecting it.

• Secondly, it also discovered a 16-year-old bug in FFmpeg, which is used in encoding and decoding audio and video data. The vulnerability was found in a line of code that was previously tested 5 million times by automated testing tools. FFmpeg is a library of code that can read, write and convert any video or audio format ever created. In simple terms, it is the technology behind how we watch videos and listen to music online, how YouTube can upload a video and make it watchable online anywhere in the world.

• The model also found several vulnerabilities in the Linux Kernel, which is considered to be the brain behind every operating system. It is a software that runs most of the servers of the world. The vulnerabilities show that an attacker could have gained access from any ordinary user to take complete control of the system.

Why is everyone worried about Mythos Preview?

Experts believe the Claude Mythos could act as a weapon if it gets in the hands of bad actors. Jamie Dimon, CEO of JP Morgan, warned that advanced AI models like Mythos Preview will make threats worse and require significant defensive investments. Many termed this a double-edged sword, which could prove to be catastrophic if it gets in the wrong hands.

As the world gets connected to reap the benefits of a globalisation, it also opens itself to the vulnerability of disasters it brings. The US Treasury also directed major banks to test their systems with Mythos Preview before releasing them to the world.

How are AI companies planning to tackle these threats?

As AI brings advancement in different fields, it also opens the arena for disasters that can be orchestrated by the use of these models. The accountability lies with the makers of these models to make sure that it is not used for destructive purposes. To tackle these vulnerabilities, AI companies are now hiring domain experts from fields like chemical weapons and high-yield explosives. AI companies like Anthropic and ChatGPT are hiring for the above posts to prevent the misuse of AI in creating chemical weapons and radioactive bombs.