Anthropic on Tuesday debuted a preview of its newest AI model, Mythos, as part of its new cybersecurity initiative. It also announced that the preview wouldn’t be released for general availability due to its “powerful cybersecurity skills.”

The AI model, which the company calls its “most powerful yet”, demonstrated capabilities that could be exploited, as it was able to breach the company’s own safeguards, according to Anthropic’s system card for the preview.

Anthropic’s frontier model signals that AI’s increasing capabilities call for greater security. While it is made for defensive purposes, its potential to evade containment should be a warning to enterprises that such models can find and exploit serious cybersecurity vulnerabilities that can put businesses at major risk.

em360tech image

What is Mythos?

The Claude Mythos preview is a new large language model from Anthropic. This cybersecurity AI has demonstrated capabilities in many areas, including agentic coding and reasoning skills. The company claims that its capabilities are “substantially beyond those of any model” that it has previously trained.

As of now, Anthropic has announced that only select organisations which are part of their new initiative, Project Glasswing, are given access to the frontier model. They include Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks, all of which maintain important software infrastructure. 

The project was formed with the development of their Mythos AI model, which proved to have capabilities which Anthropic believes could reshape cybersecurity. 

Although this Anthropic AI is not primarily trained for cybersecurity, its powerful cyber capabilities, like coding skills, make it invaluable for defensive purposes like finding software bugs.  But the company has raised concerns over the possibility of the same capabilities being exploited and used for cyberattacks. It claims that Mythos can autonomously discover “zero-day vulnerabilities” (security flaws that are undiscovered and not known by anyone) in software and exploit them by writing the code needed to take advantage of them.

For the same reasons, the company warns against the risks the AI model poses and has halted its public release.

Why is Access to Mythos AI Model Restricted?

The announcement of the release of the preview follows the accidental data leak last month, which confirmed the model’s existence. Along with the claim about the Anthropic AI’s powerful skills, the company also added in the leak that the model could pose as a cybersecurity threat if accessed by attackers who can weaponise its abilities to identify weaknesses and exploit them.

The company says that it has offered access to the model only to some partner organisations for cyber defence purposes, “under terms that restrict its uses to cybersecurity.” The company is acting with caution here by making its frontier model available to only some of the biggest cybersecurity and software firms to test it on their products and understand the risks it poses before making it publicly available. 

Ensuring AI safety and its responsible deployment should be the top priorities in an age where AI can be both defender and attacker. Anthropic’s decision to halt the public release indicates the gravity of the situation. Weaponising AI isn’t just a future possibility; it has been proven that it can happen anytime now with the newest AI models like Mythos.

Cybersecurity and AI

Recent developments in AI models are reshaping the field of cybersecurity. However, the impact of these powerful AIs isn’t always positive.  While they have become increasingly effective at spotting vulnerabilities, they also create risks by allowing cyberattackers to hijack and steal data. 

These AI models can strengthen cybersecurity defences by identifying threats and malware attacks faster and more efficiently. Anthropic claims that Mythos can detect software vulnerabilities that have survived decades of human review and millions of automated security tests. 

The same skills can, however, be exploited by the wrong hands, which make them dangerous. The software that we rely on everyday basis – that ensures the running of banking systems, storage of medical records and others– has always contained bugs, says Anthropic. If these subtle or difficult to detect security flaws are discovered by attackers with the help of AI, they can inflict substantial economic damage, steal and expose sensitive data and even put lives at risk.

What Should Businesses Look Out For?

Anthropic’s approach to the careful rollout of Mythos AI highlights the importance of developing tools that can defend and safeguard systems from the model’s destructive powers. Safe deployment of AI models is the need of the hour. 

Businesses should :

Track and monitor new AI developments

Should weigh in on both the capabilities of the models and the risks of using them 

Are you enjoying the content so far?

Ensure data security- secure systems to prevent data leaks before deploying AI models that can identify software vulnerabilities

Mythos AI model is too dangerous to be released to the public. But this doesn’t have to create panic. Research, AI safety measures and regulation can curb the bad outcomes. 

Consider the case of GPT-2 built by OpenAI. It was initially decided not to release it due to concerns over it being exploited to generate fake news. However, eventually it was released for public access, but also carefully monitored for misuse. Over time, mitigations were implemented, and guardrails were added to prevent the threats it poses from being materialised.

Anthropic writes in its system card that Mythos is the best-aligned model they have trained so far, which means it can be tamed to do what we want it to do, and the worst-case scenarios can be avoided. 

Our experience with previous AI models proves that AI safety can be ensured with the implementation of ethical standards and regulations. For example, Guardrails can enhance the reliability of AI by ensuring they operate legally and ethically within defined boundaries. Red-teaming can test the model to find its flaws and vulnerabilities before attackers do. These flaws can be patched before they are made generally accessible and can be exploited.

Takeaways

Thinking and acting ethically and transparently is key while working with these highly efficient AI models. Anthropic AI model Mythos is powerful and invaluable in the field of cybersecurity because it can find and fix bugs in software with less money and takes a shorter amount of time than a large number of software engineers would take. But its destructive powers should be equally considered. 

AI is progressing rapidly, and so are the threats it presents. Responsible deployment of AI models, adequate research into developing tools to reduce risks, and ensuring ethical and legal standards are upheld can foster better conditions for these AI models to succeed as intended.