Latest Anthropic AI model finds cracks in software defenses

Anthropic on Tuesday said its yet-to-be-released artificial intelligence model called Claude Mythos has proven keenly adept at exposing software weaknesses.

Mythos has laid bare thousands of vulnerabilities in commonly used applications for which no patch or fix exists, prompting the San Francisco-based AI startup to form an alliance with cybersecurity specialists to bolster defenses against hacking.

"The capabilities of the most advanced AI models are expected to advance substantially in the coming months," Anthropic said.

"For cybersecurity to stay ahead of this curve, we must act now."

Leaps in AI model capabilities have come with concerns about hackers using such tools for figuring out passwords or cracking encryption meant to keep data safe.

The oldest of the vulnerabilities uncovered by Mythos dates back 27 years, and none were ostensibly noticed by their makers before being pinpointed by the AI model, according to Anthropic.

Mythos is the latest generation of Anthropic's Claude family of AI, and a recent leak of some of its code prompted the startup to release a blog post warning it posed unprecedented cybersecurity risks.

"The vulnerabilities it finds are often subtle and difficult to detect," Anthropic said during a briefing on Tuesday. As an example, it said Mythos found a previously unnoticed flaw in video software that had been tested more than 5 million times by its creators.

As a precaution, Anthropic has shared a version of Mythos with cybersecurity companies CrowdStrike and Palo Alto Networks, as well as with Amazon, Apple, and Microsoft in a project it dubbed "Glasswing."

Networking giants Cisco and Broadcom are taking part in the project, along with the Linux Foundation that promotes free, open-source Linux computer operating system.

Approximately 40 organizations involved in the design, maintenance, or operation of computer systems are said to have joined Glasswing.

Project partners are to share their Mythos findings, according to Anthropic, which is providing about $100 million worth of computing resources for the mission.

Mythos was designed as a general-purpose AI model, and not a software vulnerability hunter, according to its creator.

Anthropic said it has had discussions with the US government regarding Mythos despite a decree by the White House in February to terminate all contracts with the startup.

That directive was put on hold by a federal court judge while a legal challenge by Anthropic works its way through the courts.