Anthropic's Claude Mythos: What organizations should do now to boost cyber resilience

Barracuda's broad security platform can help close blind spots and improve resilience.

On Tuesday, April 7, Anthropic released a private preview of its new Claude artificial intelligence (AI) model, Mythos, which it says is the most capable model it has built to date and represents a step change in AI performance. The model is currently being trialed by several organizations as part of a project called Glasswing.

The announcement unleashed a media storm - much of it looking at the potential implications of the model falling into the hands of adversaries.

Most concerns focus on the fact that Claude Mythos shows how AI can increase the likelihood and speed of discovering software vulnerabilities, creating new exploits and then deploying these exploits at scale in automated attacks.

The reality is that well-resourced nation state-sponsored groups are already using similar AI capabilities, and other attackers will soon leverage them as the quality and performance of AI models improve.

Advances in AI models means technology and security organizations will be faced with a larger number of AI-discovered vulnerabilities, exploits and automated attacks. The window of time between vulnerability discovery and exploit will decrease, leaving less time to deploy patches and security workarounds.

To keep up, companies must accelerate adoption of AI for defensive purposes in all parts of their security program. Automate code reviews and use the capabilities of AI models/ LLMs to find vulnerabilities in your own code base - including third-party libraries and dependencies - before attackers do.

Organizations of all sizes and sectors should also strengthen their core security controls, starting with the following measures:

Review your coverage for these controls and ensure they apply consistently to all users and endpoints.

Finally, verify that your organization can effectively detect and respond to an incident. Review your security playbooks and run simulation exercises to test resilience. Validate the existence and security of your backups and test your ability to recover data in the event of data loss or corruption.

Outside of vulnerabilities, attackers are already using AI to improve phishing messages and automate credential-related attacks. To reduce risk, strengthen identity and email security. Implement phishing-resistant multifactor authentication (MFA) and review your MFA configuration to identify users that don't have MFA deployed.

AI tools will help adversaries to move faster. Barracuda solutions and services are designed to help organizations become cyber resilient - detecting and neutralizing high-speed AI-powered threats before they can cause widespread harm.

The BarracudaONE cybersecurity platform unifies these defenses to improve resilience with an easy, complete, intelligent, and open ecosystem. It protects email, networks, data, and applications - and is strengthened by our 24/7 managed XDR service.