InvestMarketplaceEquityNews
Anthropic cyberattack highlights how the modalities are becoming harder to contain
Company Updates

Anthropic cyberattack highlights how the modalities are becoming harder to contain

Digital Journal1d ago

Investigators and researchers are still learning of the scope of the cyberattack which has hit US government agencies and other victims around the world - AFP

With both OpenAI and Anthropic introducing more "cyber-permissive" models (in tightly controlled releases), this indicates that advanced vulnerability discovery and exploit reasoning are becoming more accessible and potentially harder to contain. A recent incident demonstrates this.

This week it was announced how unauthorised users were able to access Anthropic's Mythos model, PC Mag reports. The way the rogue agents accessed the server was reportedly by just changing a model name.

Anthropic's Mythos model is a powerful AI tool capable of identifying undiscovered security holes that have existed for decades.

Bloomberg has reported that an as yet unnamed group tried multiple ways to gain access to the AI model, and then finally they were able to get through to the system, via a third-party vendor.

The issue demonstrates how easily such systems can be exposed. This signals that AI capabilities are already out there and in the wrong hands they can accelerate how quickly vulnerabilities can be detected and exploited.

Consequently, software teams will need to look at how to harden their code so those vulnerabilities cannot be exploited to begin with.

Several experts reached out to Digital Journal to explain about the ramifications and ongoing significance of the incident.

The first to do so is Steve Povolny, Vice President of AI Strategy & Security Research at Exabeam. Povolny focuses on the seeming simplicity of the attack: "The reality is, Pandora is out of the box. If it was as relatively easy as it sounds to gain access to the world's most talked-about security model, it's very likely a much larger group will have access to Mythos far sooner than originally intended."

He then turns his attention to the future, considering: "What will be most interesting is observing whether researchers or adversaries can leverage the tech more effectively - will we see widespread exploitation or widespread discovery and patching first? Or will this be another DeepSeek moment? Overreactions and underwhelming impact. Either way, should be interesting to watch this unfold."

The second IT specialist to pitch in is Isaac Evans, founder and CEO of Semgrep. Evans seeks to put the incident in perspective: "This infiltration is a minor hiccup compared to the idea of someone exfiltrating the models' weights, which would be a game-changing scenario, and one that has occurred in part before with the distillation of OpenAI models into Deepseek. Anthropic has to protect Mythos against distillation or outright theft."

Evans then ponders the future move for Anthropic: "Mythos' ability to find zero-days in so much of the software stack that SaaS vendors rely on is evidence that security bugs are plentiful, not scarce, in the software Anthropic and the broader community use. The security team at Anthropic has a very difficult job: securing the model on a software stack that was designed for high velocity over high assurance, against some of the most sophisticated threat actors in the world.

He is also cautious about what happens next: "Until we are able to reach a new steady state by patching all of the vulnerabilities LLMs can find, expect a lot of successful offensive activity."

The third commentator is Gabrielle Hempel, Security Operations Strategist at Exabeam. Hempel is interested in how the attack was devised: "Any time you build a high-capability system and expose it even to a semi-distributed environment (partners, contractors, "trusted" ecosystems), you're expanding your attack surface beyond what you can realistically control. While everyone seems focused on securing against sophisticated nation-state actors, we've increasingly seen third-party access paths becoming the weakest link. "

She next looks at the inherent weaknesses that opened the door for the attackers: "From a defender's perspective, this is the point we've been reinforcing until we've gone blue in the face: your security perimeter isn't just the infrastructure you own, it's your entire supply chain."

Stepping back, Hempel weighs up the situation of an offensive AI world: "I think the interesting thing is that everyone is going to focus on the headlines touting, "AI tool capable of cyberattacks falls into the wrong hands. The real problem, however, is that this model was never supposed to be broadly accessible, it was intentionally restricted to a small set of orgs due to dual-use risk, and it still leaked almost immediately due to a contractor environment. The uncomfortable truth here is that we are rapidly building offensive-grade AI capability into tooling and assuming that policy, contracts, and limited access lists are going to sufficiently control the sprawl."

Originally published by Digital Journal

Read original source →
Anthropic