Anthropic's Mythos - New AI Model for Cybersecurity Defense Unveiled with Industry Collaboration

The Development

Anthropic officially unveiled its new AI model, Mythos, as part of a cybersecurity initiative named Project Glasswing. This model, described as one of Anthropic's most powerful yet, is being previewed by over 40 partner organizations, including tech giants like Microsoft, Apple, and Google. The aim is to leverage Mythos for defensive security work, specifically to identify and mitigate vulnerabilities in software systems. Notably, Mythos is classified in a new tier called Copybara, which positions it as superior to previous models like Haiku, Sonnet, and Opus.

Security Implications

While Mythos was not specifically trained for cybersecurity tasks, its capabilities in code analysis have led to the identification of thousands of vulnerabilities, some dating back one to two decades. Recent reports indicate that Mythos has autonomously identified critical zero-day vulnerabilities, including a 27-year-old bug in OpenBSD and a 16-year-old vulnerability in video software that had evaded detection by other automated tools. The model's potential extends beyond mere identification; it can also generate attack chains and proofs of concept, which raises concerns about its misuse by malicious actors. Anthropic's CEO, Dario Amodei, acknowledged that as AI models become more capable, they could be weaponized, thus necessitating a robust response plan.

Industry Impact

Project Glasswing aims to create a collaborative environment where foundational tech platforms can test Mythos on their systems to address vulnerabilities before they are publicly disclosed. Logan Graham, Anthropic's frontier red team lead, emphasized the urgency of preparing for a future where such capabilities are widely available, potentially transforming current security paradigms. CrowdStrike, a founding member of Project Glasswing, highlighted the importance of combining frontier AI capabilities with real-world threat intelligence to enhance security measures, noting a significant increase in AI-driven attacks, with an 89% rise year-over-year in adversaries using AI for malicious purposes.

Cisco's SVP & chief security & trust officer, Anthony Grieco, remarked on the necessity for technology providers to adopt new approaches to security, stating that traditional methods of hardening systems are no longer sufficient. This sentiment is echoed by Igor Tsyganskiy from Microsoft, who emphasized the importance of early risk identification and mitigation through access to Mythos.

What to Watch

As the deployment of Mythos progresses, the tech industry will need to navigate the challenges of governance and security. The collaboration aims to ensure that while AI models evolve, the security measures in place evolve concurrently to mitigate risks associated with their misuse. The initiative represents a proactive step towards redefining cybersecurity in an era increasingly influenced by AI technologies. Anthropic plans to extend access to Mythos outside of Project Glasswing, allowing more than 40 organizations that build or maintain critical software to utilize the model for scanning and securing systems. The rapid advancement of AI capabilities necessitates immediate action from all stakeholders to stay ahead of potential threats.