Image by Lily Hay Newman, WIRED, Getty Images
Bugs are one of the biggest problems developers face, and they can have devastating effects if left undiscovered. Some unknown bugs can provide a backdoor into the software and allow bad actors to abuse them. Having thousands of users’ data and the software developers not even knowing about the bugs is a melting pot for disaster.
Further testing revealed Mythos to be far more powerful than expected, so Anthropic is restricting access to a handful of top companies. However, with further testing, Anthropic found this model to be one of the strongest ones yet, and they’re limiting the users to only the top companies. The public can’t even use it.
Over the past few weeks, Anthropic used Claude Mythos to scan thousands of software to find vulnerabilities that the software developer didn’t even know about. Mythos found thousands of them, but didn’t stop there. Mythos found a bug in OpenBSD, one of the most secure operating systems in the world, which had been unknown and sitting there for over 27 years! The bug would allow any hacker to crash any system they desired almost instantly. Furthermore, Mythos also discovered a bug in FFmpeg, a piece of software powering YouTube, Netflix, TikTok, and Facebook, which had been sitting unknown for over 16 years!
These are not just minor bugs that allow hackers to abuse your account. They’re bugs that can crash national-level governments, Fortune 500 companies, and our own operating systems, which we rely on every day. So, let’s get to the real question: is this exactly what we needed, or is it terrifying? The answer is both, but we should lean towards the first.
The truth is, the bugs didn’t appear due to the AI. They were already there, sitting in silence inside software that billions use daily, for decades, avoiding human review and automated security tests. The threat was always there, and Mythos only made it visible.
Think of Mythos like a metal detector at an airport. The metal detectors didn’t create the weapons, it only found them before they became a security risk. That is the same case with Mythos. The same capabilities that make Mythos the most dangerous AI on the planet also make it invaluable for finding and fixing flaws in software.
The good news is that Anthropic is not just handing this beast out to anyone. Through Project Glasswing, companies people rely on every day: Amazon, Apple, JP Morgan Chase, and Google are using Mythos Preview exclusively for defense work. Anthropic themselves are handing out over $100 million in usage credits so those companies can find and fix bugs before hackers do.
However, there are certain risks that we cannot ignore.
While testing Mythos in a lab, it was able to escape the secure environment, gain internet access, and send an email to a research professor who was just eating a sandwich in a park. After, it posted details about its escape to public websites without ever being asked to do so. Nobody told it to do any of that. It just did by itself.
According to researchers at Anthropic, Mythos can independently identify multiple undisclosed vulnerabilities, write code to exploit them, then chain them together to penetrate complex software. And all of this is being done without human guidance. A skilled hacker takes weeks to do this, while Mythos will be done in a couple of hours. However, if this lands in the wrong hands, the hacker doesn’t even need to be skilled.
We cannot go about our daily lives with the assumption that we can keep ignoring decades-old vulnerabilities in critical software and hope no one finds them. Mythos just proved this assumption to be one of the most dangerous of all.
We cannot ignore Mythos and shut it down just because of the terrifying side effects if used incorrectly. Anthropic themselves say it’s not long before the capabilities of Mythos proliferate to actors who aren’t keen on using it safely and for safety. Other AI labs aren’t years behind this leap, only months. The technology is coming regardless of what we think.
The most important matter now is that the Anthropic approach of letting a critical company have limited access to use the model strictly for defense work, and being transparent about the security risks. But this approach only works if companies and governments realize the criticality of this new tool and treat it as the urgent moment it is. The internet has had a lot of lucky years, and Mythos just made us realize that this luck is running out.
Be First to Comment