Anthropic’s ‘Mythos’ AI Sparks Security Fears, Limits Access

Anthropic Unveils ‘Mythos’ AI, Citing Severe Security Risks

Artificial intelligence company Anthropic has announced a new, highly capable AI model named Mythos. The company claims this model is so advanced that releasing it to the public could cause serious problems for economies, public safety, and national security. This announcement has sparked widespread discussion and concern within the tech community.

Concerns Over AI’s Power and Potential Misuse

The potential security implications of a powerful AI like Mythos are significant. Some experts worry it could disrupt the cybersecurity industry by discovering vulnerabilities faster than they can be fixed. Others suggest this might be a repeat of past AI releases, where initial hype about a model’s capabilities is later found to be exaggerated. The idea of such a powerful AI, even if not yet fully understood, has led to widespread anxiety for many.

Mythos’s Discovered Vulnerabilities

During internal testing, Anthropic found that Mythos identified numerous security flaws. The model reportedly found a 16-year-old bug in FFmpeg, a software for handling multimedia data. This bug could allow an attacker to create a malicious video file that crashes the program and corrupts data. Mythos also found a 27-year-old flaw in OpenBSD, an operating system, that could let a remote attacker crash any reachable machine. In web browsers, it reportedly found bugs in JavaScript engines that could allow malicious websites to steal data or even take full control of a user’s device by writing directly to the operating system’s kernel. One particularly concerning discovery involved a Linux kernel bug that allowed the AI to change a single bit of data, making a password file writable and granting full system access.

Government and Industry Reaction

The potential dangers of Mythos have prompted high-level discussions. Reports indicate that the U.S. Treasury Secretary and the Federal Reserve Chair held an urgent meeting with bank CEOs to discuss these security threats. In response, Anthropic has launched ‘Project Glass Wing.’ This initiative involves a group of companies that pay Anthropic for access to Mythos. The goal is to use Mythos to quickly find and fix critical software vulnerabilities worldwide before other, less controlled AI models can exploit them.

Skepticism and Questions About Capabilities

Despite Anthropic’s claims, some in the AI community are skeptical about Mythos’s true capabilities and the way its vulnerabilities were discovered. The company has experienced some technical issues, including API outages, since Mythos was first used internally in late February. The method used to find some of the exploits, such as running thousands of agent tests that cost nearly $20,000 in computing power, has led to questions about whether more accessible models could achieve similar results with enough resources. While Mythos reportedly showed an 84% success rate in writing working exploits for Firefox, this was tested against a simplified version of the browser with security features turned off, not the full, protected software.

Why This Matters

The development of highly capable AI models like Mythos presents a dual-edged sword. On one hand, such advanced AI could be instrumental in identifying and fixing security flaws at an unprecedented speed, making our digital world safer. On the other hand, the very power that allows it to find vulnerabilities also makes it a potential tool for malicious actors if it falls into the wrong hands. Anthropic’s decision to restrict access to Mythos highlights the growing debate about how to manage the risks associated with increasingly powerful AI technologies. The company’s approach, involving partnerships with major corporations to secure critical software, suggests a strategy of controlled release and application, rather than widespread public access, to mitigate potential harm.

Availability and Future Outlook

Mythos is not currently available to the general public. Anthropic is working with a select group of companies through Project Glass Wing to leverage its capabilities for security patching. While Anthropic asserts Mythos is a significant step up from its previous models, like Opus 4.6, definitive proof of its exact capabilities remains largely internal. The situation underscores the ongoing challenge of balancing AI innovation with the need for safety and security in an increasingly connected world. It remains to be seen how this controlled approach will impact the broader AI development landscape and public access to cutting-edge AI tools.

Source: Claude Mythos is too dangerous for public consumption… (YouTube)