InvestMarketplaceEquityNews
Anthropic's Mythos AI Uncovered Serious Security Holes in Every Major OS and Browser
Market Updates

Anthropic's Mythos AI Uncovered Serious Security Holes in Every Major OS and Browser

Singularity Hub17d ago

It's a step change in cybersecurity. Exploits that would take experts weeks to develop can now be generated in hours.

Concerns about AI's ability to turbocharge cybersecurity threats have been building for years. Anthropic's latest model could mark a turning point after the company claimed the model could identify and exploit zero-day vulnerabilities in every major operating system and web browser.

One of the standout use cases for large language models is analyzing and writing code. This has long raised worries that the technology could help automate much of the work of hackers, potentially lowering the barrier for cyberattacks.

Leading models have demonstrated steady progress on various cybersecurity-related benchmarks, and there has been evidence malicious actors are using the technology. But so far, the impact appears to have been modest, suggesting practical barriers remain that prevent the widespread use of the technology.

According to Anthropic, that's about to change. The company says its latest model, Mythos, has hacking capabilities so potent the company will not make it publicly available. Instead, it's releasing Mythos to a select group of major technology companies and open source developers as part of an initiative called Project Glasswing. Those participating can use the model to identify vulnerabilities in their code and patch them before hackers get access to similar capabilities.

"The vulnerabilities that Mythos Preview finds and then exploits are the kind of findings that were previously only achievable by expert professionals," the company's researchers write in a blog post. "We believe the capabilities that future language models bring will ultimately require a much broader, ground-up reimagining of computer security as a field."

Fortune first reported news of Mythos last month, after a data leak at Anthropic revealed details about the new model. While the AI excels at cybersecurity tasks, it's designed to be a general purpose model, and the company says its hacking capabilities are simply a result of vastly improved coding and reasoning skills.

In testing, Anthropic's researchers discovered the model was able to find "zero-day" vulnerabilities -- ones that were previously undiscovered -- in every major operating system and web browser. Many were decades old, an indicator of how hard they were to detect.

But the model isn't just good at finding vulnerabilities. The company's red team -- security researchers who simulate hacking attacks to identify security weaknesses -- showed the model could chain together multiple vulnerabilities to create complex attacks capable of sidestepping defenses.

Its capabilities are a step change from the previous best models. Given the challenge of attacking the Firefox web browser's JavaScript engine, Anthropic's previous most powerful model Opus 4.6 succeeded just twice, compared to 181 times for Mythos. Most worryingly, the team found that engineers with no security background could use it to develop successful attacks overnight.

Key to the new capabilities is the model's ability to operate autonomously for long stretches. To find bugs, the researchers used Anthropic's coding agent Claude Code to call the model and give it a simple prompt to scan for vulnerabilities in a particular codebase. The model then read the code, came up with hypotheses about potential bugs, and ran tests to validate them without any human involvement.

Originally published by Singularity Hub

Read original source →
Anthropic