Anthropic’s Mythos AI Can Reportedly Turn Patches into Exploits Anthropic’s unreleased AI system Mythos is forcing governments, companies, and security experts to confront how quickly artificial intelligence could shift from defending software to helping break it.

In early April, Anthropic quietly announced Mythos as a powerful, general‑purpose model that it chose not to release publicly, highlighting its unusual strength at computer security tasks. The company said Mythos Preview could identify and exploit vulnerabilities across “every major operating system and every major web browser,” even uncovering a 27‑year‑old bug in a security‑focused OS.

Soon after, Anthropic launched Project Glasswing, giving an initial group of about 50 partners — including companies, NGOs, labs, and the U.S. government — controlled access to the model to hunt for software flaws. With Mythos’ assistance, those partners reported finding more than 10,000 high‑ or critical‑severity vulnerabilities, prompting Anthropic to expand Glasswing to over 150 organizations in 15 countries whose systems underpin critical infrastructure and services used by millions.

New internal test results, shared with Axios, then revealed just how quickly Mythos can weaponize known flaws. Anthropic’s frontier red team used Mythos to turn recent Mozilla Firefox and Microsoft Windows kernel patches — all disclosed after the model’s training cutoff — into working exploits within minutes to hours. Mythos generated its first Windows kernel proof‑of‑concept exploit in 31 minutes, caused a “blue screen of death” in 18 of 21 kernel bugs, and produced eight distinct privilege‑escalation exploits, one taking about 5.7 hours. Against 18 Firefox security patches, it built eight working code‑execution exploits.

Policy analysts argue this marks the “adolescence” of AI governance, as states rush to respond. One newsletter notes that Mythos has “already transformed the current cybersecurity paradigm” and warns that rival firms could field Mythos‑class systems within 6–12 months, potentially without comparable safeguards. In parallel, a new U.S. AI security executive order and calls from religious leaders for stronger regulation and multilateral oversight signal mounting concern that AI‑driven cyberattacks on critical infrastructure could arrive sooner, and at larger scale, than previously expected.

Continue reading https://foxvector.com/stories/019ea984-5c3b-1d0a-7289-3759a03efbb8