OT Cybersec Sector Frets Anthropic Will Leave It Behind
There's growing concern in the operational technology cybersecurity community that manufacturers and operators, and their security vendors, will be left out in the cold by the latest efforts to use artificial intelligence in securing critical software.
See Also: AI Security Risks Rise With Agentic Systems
Mythos Preview is the latest frontier AI model from Anthropic, which the company said Tuesday was so good at both finding zero day vulnerabilities and writing exploits for them, that it would not be released to the public (see: Anthropic Calls Its New Model Too Dangerous to Release).
Project Glasswing is the exclusive group the company has set up, whose members - including major IT security vendors, infrastructure providers and original equipment manufacturers like Crowdstrike, Microsoft, Google and Cisco - get to use Mythos to scour their codebases for vulnerabilities. But there don't appear to be any pure play OT or industrial control system OEMs or security companies who have said they were among members of the coalition.
"We see security vendors from some larger platform plays, who might offer OT options," said Sean Tufts, field CTO of pure-play OT security firm Claroty, "I think that's really helpful. But we need people in there that are more OT specific and OT only. I think that's critical," he told Information Security Media Group.
"I'd like to see best-of-breed critical infrastructure security and manufacturers in there, someone like Claroty or one of our main competitors," Tufts added, "I think someone at the table needs to have a myopic focus on OT, if they're targeting critical infrastructure."
Two other pure play vendors approached by ISMG declined comment or were not available for comment. Neither said they were members of Glasswing.
Anthropic said Mythos has "already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser." The large language model is significantly better than prior versions - and "all but the most skilled humans" - at finding and exploiting vulnerabilities in software code, the company said.
But while Mythos may be more capable, it is not unique. A competition staged last year by DARPA, the Pentagon's cutting edge science agency, awarded prizes to seven teams that developed open source LLMs which could scan software libraries for hidden flaws, validate the ones they found to make sure they could actually be used by a hacker and then write and deploy patches to fix each one. All seven toolsets have been publicly released.
Given the astounding rate of AI progress, Mythos would likely be followed by other models, some perhaps designed by less scrupulous actors, Anthropic said. "It will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely." The company said Project Glasswing is "a starting point," an "urgent attempt to put these capabilities to work for defensive purposes" while they still had a head start on malicious actors.
The company did not immediately respond to a request for comment about why no OT/ICS companies appear to have been included.
Tufts welcomed Anthropic's declaration that it would make the vulnerabilities Mythos found public once they had been patched, in line with responsible disclosure practices.
"I think we absolutely should look for vulnerabilities in OT software any way we can get it. It doesn't matter to me where it comes from, whether it's a researcher with a soldering iron or an AI model. We need that data," he said.
The work of Project Glasswing is urgent, he said, because the advent of AI hacking had rendered the term "zero day" obsolete. "Now we have 'zero minute.' We used to have 24 hours between the release and when the bad guys would start to build kits for it, and now AI has shrunk that down to minutes. So we can't let a vulnerability sit for days. We have to be on that faster," he said.
But he cautioned that patching and other mitigations often take much more time to implement for OT. "The speed and the ferocity is increasing now at the pace of AI, which is a scary thing for critical infrastructure, when we start talking about our mitigations, our patches, our controls, can often take months or more to properly implement."
Speed was essential, added Rob Lee of the SANS Institute. "If patches take weeks or months to develop and deploy, the head start may not be enough. But at minimum, Anthropic is attempting to slow down the exposure timeline," he said.
It was especially critical given the current conflict with Iran, which had developed cyber capabilities. "The wartime context makes this more urgent. Current mean time to exploit for newly disclosed vulnerabilities is under 24 hours" and if an adversary like Iran "can operationalize an AI-discovered vulnerability that fast against critical infrastructure, the consequences aren't theoretical.
The absence of OT/ICS companies was only one of the questions about the membership of Glasswing, said Leah Siskind, AI research fellow at the Foundation for the Defense of Democracies think tank.
"I'm very curious whether the other frontier AI companies [like OpenAI] will be included," she said.
"I've been talking to some federal agency CISO's today," she added, "And although Anthropic says in their press release that they are in talks with the government about [Glasswing], it doesn't seem like they're an official partner yet."
She said that given the huge codebase the federal government maintained, agencies also need a seat at the table. It was "worrying" the feds weren't yet included, especially given the "fraught relationship" between the federal government and Anthropic, which had been declared a supply chain risk by the Department of Defense.
She called the designation "inappropriate," and urged the DoD to "make amends and move on."
Defense "could encounter the same sort of difference of opinion with OpenAI or X or Google next week," she pointed out, "Just because they disagree on some some aspect, is no reason to blackball them."