What is Mythos AI and why could it be a threat to global cybersecurity?

about 11 hours ago

Anthropic has ruled out releasing its latest AI model, Mythos, to the public because of the threat it poses to global cybersecurity,However, the US tech startup behind the Claude chatbot confirmed on Wednesday it was investigating a report that a group of people had gained unauthorised access to Mythos,The alleged incident has raised concerns over the pace of development and the ability of tech companies to keep their riskiest products out of the public domain,Here, we examine Mythos and its potential impact,Mythos is an AI model – the underlying technology that powers tools such as chatbots – that, according to Anthropic, represents a serious potential threat to any organisation’s cybersecurity.

Anthropic announced the existence of Mythos on 7 April but said it would not be released publicly because of its ability to identify unknown flaws in IT systems.Those flaws could, theoretically, be exploited by hackers.Anthropic said Mythos could identify and exploit “zero-day” flaws in every important IT operating system and web browser – if a user asked it to do so.Zero days are so-called because organisations and developers are completely unaware of them and have had no time to patch them before an assailant strikes.Anthropic described it as a “watershed moment for cybersecurity”.

Some of the unnoticed flaws had been around for decades, said the San Francisco company.The startup has allowed tech firms and banks, including Apple and Goldman Sachs, to access the model and assess what risks it could pose to their businesses and customers.Mythos represents tangible evidence, according to the UK’s AI Security Institute (AISI), of the disruptive capabilities of advanced AI.Ever since the arrival of OpenAI’s ChatGPT in 2022, experts have warned that AI could cause serious real-world damage.There is also a wider point: that Mythos is an indication of the pace of progress in AI.

Advanced models tend to be replicated swiftly by other firms, including developers of open-source models that are freely available to users.In a joint letter to business leaders last month, the UK technology secretary, Liz Kendall, and the security minister, Dan Jarvis, said businesses needed to “plan accordingly” for AI capabilities to “rapidly increase” over the next year.AI can, of course, be used to defend against cyber-attacks as well.Another concern is that Mythos could fall into the wrong hands despite being withheld from public release.That fear came to fruition this week with Anthropic confirming a “handful” of users in a private online forum had gained access to the model.

However, there is also a question about the importance of the thousands of vulnerabilities that Mythos has flagged.Can they cause serious damage? Plus, highlighting an IT flaw is not the same as exploiting one.The AISI, which is the world’s leading AI safety body, has taken a look at Mythos and says it is a “step up” on previous models in terms of its threat to cybersecurity.Among the red flags are an ability to carry out attacks involving multiple steps and identifying IT flaws without human guidance.It also achieved a first in the eyes of the AISI: successfully completing a 32-step simulation of a cyber-attack in a test created by the institute.

It can attack weak, small IT systems, the AISI said, although it could not give a verdict on well-defended systems,The institute ended its assessment with an observation that is often stated elsewhere: AI systems can only get better from here,Richard Horne, chief executive of the UK’s National Cyber Security Centre, said at the CyberUK conference in Glasgow this week that the emergence of Mythos would help encourage companies to replace “obsolete tech”,“It just drives the urgency,” he added,However, other experts have said Mythos is more an evolution than a revolution.

Aisle, a company that works on AI cybersecurity, analysed Anthropic’s main claims: that it had found thousands of zero-day vulnerabilities across large operating systems and browsers, including one in FreeBSD, a cousin to UNIX,It found that other, far cheaper models were also able to find these problems,This did not mean that Mythos’s capabilities were not significant, they said, but that there was more nuance than Anthropic’s urgent tone implied,There is also caution from experts that most breaches still come from well-established risks such as weak authentication and already known vulnerabilities that have not been patched,Some experts suggest there is an element of hype around Anthropic’s claims about Mythos and how a startup estimated to be worth about $800bn (£592bn) has presented them.

Mythos is undoubtedly a capable model.However, Anthropic’s dramatic announcement has given it significant airtime and centred its product in a broader, field-wide discussion of how AI might contribute to cyber-risk.About 40 companies, including Google, JP Morgan and Goldman, have been given early access to Mythos through an initiative called Project Glasswing, which is meant to give businesses a chance to test the AI model as part of their cyber defences.Anthropic says they will share what they learn “so the whole industry can benefit”.However, the launch partners have given no detail about what they think Mythos is capable of, and how much of a threat it might present.

That has not stopped banks and regulators from speculating about its potential impact,And for good reason: if Anthropic’s warnings are correct, having Mythos fall into the wrong hands could wreak havoc on banks and potentially put the wider financial system at risk,UK government modelling on a worst-case scenario bank hack, produced even before Mythos’s creation, suggested direct debits could fail, leaving rents, mortgages and wages unpaid, while online banking and cash machine withdrawals could be blocked,Commuters could be left in limbo as buses and petrol stations rejected payments,That could prompt panic, leading to a run on rival lenders, as customers pulled money from their accounts amid fear the disruption could spread.

Concern over Mythos’s prospective threats prompted the US treasury secretary, Scott Bessent, to call a meeting with bosses from big American banks, including Goldman and Citi, in Washington earlier this month.UK regulators have added Mythos to the agenda at the Cross Market Operational Resilience Group meetings this week.This puts it in high-level discussions between senior bankers as well as officials from the Treasury, Bank of England, Financial Conduct Authority and National Cyber Security Centre.

recentSee all

Yes, retail investment needs a boost – but the squirrel looks too tame | Nils Pratley

Red squirrel characters have a history in the public information game. Older UK readers may recall Tufty, who taught children about road safety in the 1970s. His chum, Willy Weasel, regularly got knocked down by passing cars but clever Tufty always remembered to look both ways.Now comes Savvy Squirrel, who, with backing from the chancellor and a multi-year lump of advertising spend from the financial services industry, will try “to drive a step-change in how investing is understood, discussed and adopted”, as the blurb puts it. In translation: don’t squirrel everything away in a boring cash Isa but try taking an investment risk or two if you value your long-term financial health

about 3 hours ago

Capital gains tax changes are on the table, and yet Armageddon has not arrived. Has the tide on housing turned at last? | Greg Jericho

A funny thing happened on the way to the budget: changes to capital gains tax and negative gearing, which had for years been a no-go zone, are now looking likely.One of the first times I wrote about negative gearing was in 2015 when I covered the then treasurer Joe Hockey appearing on Q+A. He said negative gearing was needed because when the Hawke government scrapped it in the 1980s rental prices rose.He was wrong (and to be honest, this was not unusual – a lot of my columns back then involved arguing Joe Hockey was wrong). While rental price growth went up in Sydney and Perth, it didn’t in Melbourne, Brisbane or Adelaide

about 3 hours ago

Tesla reports mixed financial results as Musk pivots automaker to AI and robots

Tesla reported its first-quarter earnings on Wednesday, disclosing some better-than-expected results but faltering in some key areas. The report failed to significantly buoy Tesla’s stock, which has limped along this year while its CEO, Elon Musk, has tried to sell the company’s new vision of humanoid robots and self-driving robotaxis. Its core car business has struggled in the face of competition from Chinese counterparts and backlash against his close involvement with the Trump administration.“There remains significant effort and hard work to realize our mission of Amazing Abundance,” Tesla said in its report, while claiming that demand for its vehicles was rebounding.Tesla revealed earnings of 41 cents a share on Wednesday after market close, more than the 37 cents per share that Wall Street expected