How powerful is AI? Enough that Anthropic, a leading AI company, announced earlier this month that its latest AI model, Claude Mythos Preview, would be available only to a limited number of companies due to security concerns, at least for now.
Claude Mythos Preview was designed for general use, says Anthropic, but during testing, the company found it extremely effective at identifying vulnerabilities in the security systems of all types of software, creating potentially massive security concerns.
So far, Anthropic is sharing the Mythos Preview model with a handful of major tech companies and banks through a program called Project Glasswing, intended to give them the opportunity to shore up any existing security vulnerabilities and get ahead of potential hacking attempts that the model could identify.
To get a better idea of what Claude Mythos Preview represents and the potential threat it poses to online security, Today, explained Co-host Sean Rameswaram spoke with Hayden Field, senior AI reporter at The Verge.
Below is an excerpt from their conversation, edited for length and clarity. You can listen to the full episode wherever you get podcasts, including Apple Podcasts, Pandora, and Spotify.
Myths is [Anthropic’s] The newest AI model they designed to be a general purpose AI model like any other. But what they realized when they were working on him was that he had these special abilities that they didn’t really anticipate. He was really good at cybersecurity. It found high-risk vulnerabilities in virtually all operating systems.
That’s pretty bad if you’re using it as a hacker. And to have a blueprint for a list of every major breach, insecurity, and vulnerability in all of these very, very high profile systems, you’re going to have a list of everything you could do to take down those systems or exploit data.
They realized it was best not to release this to the general public because it could fall into the wrong hands. And instead, they carefully selected a few organizations responsible for the critical infrastructure to deliver it so they could plug those gaps in their systems.
You’ve heard of many of the companies currently running and using Claude Mythos: Nvidia, JP Morgan Chase, Google, and apparently a few dozen others that build or maintain critical software infrastructure. How does it really work?
Since they built it as a general purpose model, it probably works like any other model in that you use it and ask it to flag all the vulnerabilities in your system.
Maybe you’re Google Chrome and you’re looking for specific parts of the browser that you think may have some vulnerabilities. Basically, you’re asking the model to point out all these high-profile gaps for you and your security, and then you take it and fix it on your own.
In fact, a hacker would use it the same way. If it fell into the wrong hands, they would say, “Yeah, tell me all the vulnerabilities here.” And then they’ll take it off the platform and use it for something nefarious. It’s basically about who is driving the system and what their motives are.
It’s as easy as saying, “Hey, Claude, tell me why this banking system might be vulnerable.” And then Claude thinks about it for a minute and spits out a bunch of answers.
And do we know that the Googles and Nvidias of the world are actually using this technology?
Yes. Part of the reason Anthropic published this is that they wanted these organizations to report exactly how Mythos worked and what it did to plug the vulnerabilities and gaps in their system. It’s a matter of sharing information.
They’re allowing these companies to use it to test how well it works to plug all these high-profile gaps, and then they have to report back to Anthropic on how it worked.
How does Anthropic choose who to share this technology with?
In fact, I asked them that. Basically, they are looking for cyber defenders or companies that a lot of people depend on, and that in the future would be a big problem if they were hacked in any way, shape or form.
JP Morgan Chase is a great example. Anthropic has also offered this technology to the government.
Do Anthropic’s competitors have similar tools? They are probably working on similar tools?
OpenAI is apparently working on a similar tool. Anthropic itself has said that this is not something they believe they will be ahead of for long. They believe that laboratories anywhere in the world can launch this technology in the next three months, six months or 12 months.
It looks like, at some point in the next 12 months, this will come to light. And that’s why they wanted to launch Mythos now, so that companies and banks could get ahead of any attacks that may arise in the future, when similar types of technology are released to the general public, perhaps months from now.
If this is so dangerous and there are so many potential risks, is anyone having a conversation about just not releasing tools like this and just shutting them down and keeping them internal?
That’s a great question. I’m really glad you asked, because not enough people are asking if an AI system should be released or used for certain things. Right now, we’re seeing a great one-size-fits-all type of integration that applies to everything. And many times AI is not the answer to things.
However, with this people tend to agree that it is something that is needed right now. AI already exists helping cyber attackers escalate their attacks. And we’ve seen that intensify over the past year. People seem to agree that AI is needed to combat AI cyberattacks, essentially.
It’s kind of like medieval fortresses, where you add extra stones and build higher walls in the fortress because a war is coming. That’s the feeling I get when I talk to these experts about this. They know it’s coming. It’s simply: “Try to strengthen your defenses now to be better prepared.”