San Francisco (United States) (AFP) – Anthropic postponing the release of its new AI model Claude Mythos, said to be so skilled at coding it could be a wicked weapon for hackers, has encountered a mix of alarm and skepticism. The company is among several contenders in a fierce artificial intelligence race. Promoting the awe of Anthropic’s own technology boosts business and enhances its allure in the event it soon goes public, as is rumored.
“The world has no choice but to take the cyber threat associated with Mythos seriously,” said David Sacks, an entrepreneur and investor who heads President Donald Trump’s council of advisors on technology. “But it’s hard to ignore that Anthropic has a history of scare tactics.” Mythos has sparked fears of hackers commanding armies of AI agents able to break through computer defenses with ease.
At this week’s HumanX AI conference in San Francisco, Alex Stamos of startup Corridor, which addresses AI safety, acknowledged a real threat from agentic hackers. And Stamos quipped about what he referred to as Anthropic’s “marketing schtick.” “They have these adorable cutesy cartoons about these products that are so incredibly dangerous that they won’t even let people use them,” Stamos said of the San Francisco-based startup. “It’s like if the Manhattan Project announced the nuclear bomb within a cute little Calvin and Hobbes cartoon.”
The heads of America’s biggest banks met this week with Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent to weigh the security implications of the yet-to-be released Claude Mythos, according to reports Friday. “Mythos model points to something far more consequential than another leap in artificial intelligence,” Cato Networks co-founder and chief executive Shlomo Kramer said in a blog post. “It signals a shift that could redefine the balance between attackers and defenders in cyberspace.”
A tightly restricted preview of Mythos was shared with partner organizations this week, under an initiative called Project Glasswing. They include Amazon, Apple, Microsoft, Google, Cisco, CrowdStrike, and JPMorgan Chase. According to Anthropic and partners, Mythos can autonomously scan vast amounts of code to find and chain together previously unknown security vulnerabilities in all kinds of software, from operating systems to web browsers.
Crucially, they warn, this can be done at a speed and scale no human could match, meaning it could be used to bring down banks, hospitals, or national infrastructure within hours. “What once required elite specialists can now be performed by software agents,” Shlomo said. “The immediate consequences will be a surge in vulnerability discovery, a true tsunami.”
– ‘Agent-to Agent War’ –
At HumanX, the apparent consensus was that it makes sense that AI agents already adept at coding will excel at finding weaknesses in software. “We’re not in an era where human beings can write code when we have superhuman (AI models) that are then going to find bugs in it,” Stamos contended. “It’s just not possible.” He predicted the coming dynamic will involve humans supervising AI agents to protect networks against hackers using that same technology to attack. Stamos referred to it as “agent-to-agent war,” with humans on the sidelines giving advice.
Wendy Whitmore, of cybersecurity firm Palo Alto Networks, expects “some sort of catastrophic attack” this year connected to AI agent capabilities. “The thing that keeps me up at night is that we’re staring down the barrel of a massive influx of new vulnerabilities that are going to be found by AI,” said Adam Meyers of CrowdStrike. Meyers saw embedding a tiny AI model directly into malicious code infecting networks as a natural tactic to be explored by hackers. “The ultimate weapon would be malware that has no pre-programming,” Meyers said. “It can do whatever you ask it to.”
© 2024 AFP
