<p>When Anthropic announced its latest large language model, Claude Mythos, the news hit with a jolt. Anthropic wasn’t putting out word that it was about to release Mythos — it wanted the world to know that it would <i>not</i> release the frontier LLM.</p>
<p>The unreleased Mythos preview showed capabilities that no one saw coming. The LLM identified security gaps in every major browser and OS, some of which were said to have existed for many years, even decades. This meant that in some cases an entire generation of developers, cybersecurity experts and attackers had missed them.</p>
<p>Concerns were exacerbated by Anthropic’s revelation that the LLM was finding zero days even when the model hadn’t specifically been asked to seek them out. And in situations where Mythos was asked to create exploits, it did so in ways described as effective, unprecedented and fast.</p>
<p>In addition to keeping a lid on Mythos, Anthropic decided to give access to a select group of leading companies so that those companies could learn about — and fix — vulnerabilities in their products. This initiative, dubbed Project Glasswing, involves key players in tech and security, including Google, Apple, Microsoft, AWS, CrowdStrike and Palo Alto Networks. Early access to Mythos is meant to give the industry the opportunity to perform critical defensive work before bad actors turn those advanced AI capabilities into weapons.</p>
<div class=”pro-features-wrapper”></div>
<p>Worries about <a href=”https://www.techtarget.com/searchsecurity/tip/What-AI-zero-days-mean-for-enterprise-cybersecurity”>an AI arms race between attackers and defenders</a> existed before the Mythos news. Now, the anxiety is ratcheted up.</p>
<p>Governments, too, are expressing varying degrees of alarm about the potential security consequences of a super-charged LLM. A top cybersecurity official in the German government described Mythos as a paradigm change, and Japan’s finance minister called the model “<a target=”_blank” href=”https://www.darkreading.com/cyber-risk/claude-mythos-startle-japans-financial-sector” rel=”noopener”>a crisis that is already upon us</a>.”</p>
<p>In this Reporters’ Notebook video, Becky Bracken, senior editor of Dark Reading, Eric Geller, senior reporter of Cybersecurity Dive, and Phil Sweeney, industry editor of TechTarget SearchSecurity, discussed what they’re seeing about Mythos and Project Glasswing.</p>
<p><i>Phil Sweeney is an industry editor and writer focused on cybersecurity topics.</i></p>
<transcript>
<p><b>Editor’s note: </b><i>This transcript has been edited for clarity and length. For the full experience, please watch the video.</i></p>
<p><b>Dark Reading’s Becky Bracken:</b> Hello everybody, and welcome to Reporters’ Notebook. I am Becky Bracken and I am here with my two colleagues to discuss this month’s big blockbuster story, “Mythos, the AI Model to End All Cybersecurity,” and Glasswing, the forum that was established to wrap industry and government’s head around it. I’m joined today by Eric Geller, senior reporter with Cybersecurity Dive, as well as Phil Sweeney, who is with TechTarget SearchSecurity. Welcome both of you. I figured this was a pretty easy one for us to tackle. Do you wanna walk us through the background as you understand it?</p>
<p><b>TechTarget SearchSecurity’s Phil Sweeney:</b> For the <a target=”_blank” href=”https://www.darkreading.com/cloud-security/csa-cisos-prepare-post-mythos-exploit-storm” rel=”noopener”>Mythos preview</a>, Anthropic developed it and had some pretty startling success with it, things they did not expect. And before release, they said, ‘OK, we can’t do this. We can’t release this. We need to talk about this and the implications for that, especially security-wise.’ They found incredible volumes of <a href=”https://www.techtarget.com/searchsecurity/definition/zero-day-vulnerability”>zero days</a>, unknown vulnerabilities, and some of them going back years; they said many, in fact, are 10, 20 years old, not just a few outliers. There were many, many that were going back many years undiscovered and the LLM found them in almost no time at all. So, it was quite a jolt and, as a result, Anthropic has reached out to partners across the IT industry to try to come to some kind of consensus about, what are we going to do about this before this becomes major security crisis?</p>
<p><b>Bracken:</b> Eric, what’s the headline for you here?</p>
<p><b>Cybersecurity Dive’s Eric Geller:</b> To me, this is a story about how the government is going to be increasingly dependent on the technology companies in a way that wasn’t even really true in earlier phases of th
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: