Anthropic’s
new
AI
model
can
find
security
vulnerabilities
that
survived
27
years
of
expert
review.
It
broke
out
of
its
own
sandbox
and
emailed
a
researcher
who
was
eating
a
sandwich
in
a
park.
The
Fed
chairman
and
Treasury
Secretary
held
an
emergency
meeting
with
bank
CEOs
to
discuss
it.
Axios
described
it
as
capable
of
“bringing
down
a
Fortune
100
company.”
At
least
one
managing
partner
reading
these
stories
suffered
a
small
cardiac
event,
and
forwarded
them
to
the
IT
department
with
“thoughts???”
in
the
subject
line.
Everyone
needs
to
chill
out.
And
then
get
more
scared.
Claude
Mythos
Preview
is
Anthropic’s
newest
model,
aiming
to
replace
Opus
4.6
assuming
Opus
doesn’t
successfully
blackmail
the
company
into
keeping
it
live.
According
to
Anthropic
—
a
company
actively
litigating
against
the
claim
that
it
presents
a
threat
to
national
security
—
the
new
model
is
arguably
the
greatest
cybersecurity
threat
in
history,
and
will
not
be
released
to
the
public
until
a
select
group
of
trusted
enterprise
partners
(called
Project
Glasswing)
can
sort
out
the
risks.
If
the
Pentagon’s
supply
chain
designation
was
serious
and
not
a
bumbling
attempt
to
strong
arm
the
company
into
giving
the
Defense
Department
even
more
Anthropic
products,
posturing
as
an
apocalyptic
technology
would
be
a
poor
strategic
maneuver.
Thankfully,
it’s
not.
Anthropic
is
telling
everyone
that
its
new
model
is
rapidly
uncovering
thousands
of
zero-day
vulnerabilities
—
bugs
nobody
knew
existed
—
across
every
major
operating
system
and
web
browser.
It
found
a
decades-old
flaw
in
OpenBSD,
an
operating
system
whose
entire
selling
point
is
being
unhackable.
It
chained
together
a
bunch
of
low-severity
Linux
kernel
bugs
into
a
full-scale
attack.
On
an
exploit-writing
benchmark
where
the
prior
model
succeeded
twice,
Mythos
succeeded
181
times.
But
we’ve
seen
this
ploy
before.
OpenAI
told
us
all
that
GPT-5
was
a
frightening
leap
forward
when
it
was…
not
that.
It
seems
as
though
the
big
AI
industry
players
constantly
market
their
product
as
exceedingly
dangerous,
with
the
caveat
that
their
version
—
despite
being
the
most
dangerous
of
all
—
is
the
only
one
we
can
trust.
Other
industries
don’t
do
this.
Coke
doesn’t
say,
“Cola
will
kill
your
family,
but
if
you
have
to
drink
it,
just
make
sure
it’s
not
Pepsi.”
There
will
be
marketing
text
books
written
about
this
curious
moment
in
American
business
where
every
provider
in
an
arguably
trillion-dollar
industry
frames
their
product
as
the
sensitive
bad
boy
from
a
YA
novel.
Except
Grok,
which
is
framed
as
the
creepy
incel
whose
notebook
is
all
anime
porn
and
swastikas.
Though
make
no
mistake
that
it’s
mostly
marketing.
Within
days
of
Anthropic’s
announcement,
researchers
at
AISLE,
an
AI
cybersecurity
startup
took
the
specific
vulnerabilities
Anthropic
showcased
in
its
announcement,
isolated
the
relevant
code,
and
tested
them
against
small,
cheap,
models.
All
eight
of
the
eight
tested
models
detected
the
FreeBSD
exploit
that
Mythos
flagged.
One
of
those
models
only
had
3.6
billion
parameters
and
cost
11
cents
per
million
tokens.
A
5.1-billion-parameter
model
recovered
the
core
analysis
of
the
27-year-old
OpenBSD
bug.
AI
cybersecurity
researcher
Heidy
Khlaaf,
the
chief
AI
scientist
at
the
AI
Now
Institute,
cautioned
against
taking
Anthropic’s
claims
at
face
value
without
more
detail
on
false
positive
rates
and
the
role
humans
played
in
the
process.
Another
way
to
put
it
is
that
Anthropic’s
marketing
is
a
wee
bit
delusional:
While
tech
experts
may
be
dunking
on
Mythos
for
not
presenting
a
uniquely
powerful
new
threat,
that’s
actually
a
much
more
terrifying
proposition
for
law
firms.
The
fact
that
cheaper
models,
available
to
anyone,
can
find
these
same
problems
means
that
the
problem
isn’t
waiting
on
Anthropic’s
release,
it’s
already
here.
As
Anthropic’s
red
team
acknowledged,
they
didn’t
train
Mythos
to
be
a
hacker.
It’s
what
happens
to
people
when
they
get
better
at
coding,
so
why
wouldn’t
it
be
what
happens
to
a
model
trained
to
get
better
at
coding?
Getting
better
at
writing
code
begets
getting
better
at
spotting
exploits.
And
most
of
the
models
have
been
getting
better
at
writing
code.
Mythos
may
be
faster,
but
the
capability
isn’t
limited
to
this
release.
The
genie
left
the
bottle
a
while
ago.
Hackers
with
motivation
and
a
few
pennies
per
million
tokens
can
crack
almost
anything.
The
cost
and
expertise
required
to
find
exploitable
vulnerabilities
has
been
collapsing
across
the
entire
AI
ecosystem
for
over
a
year.
We’re
screwed.
The
good
news
of
the
Mythos
story
is
that
while
hackers
can
find
soft
spots,
AI
can
also
potentially
discover
them
before
it’s
too
late.
Everyone
wants
to
talk
about
AI
running
down
non-hallucinated
precedent,
when
they
should
be
interested
in
seeing
if
it
can
run
down
that
gaping
hole
in
your
system.
That
said,
Biglaw
firms
are
still
falling
for
dumb
pfishing
attacks
so
maybe
this
isn’t
the
wake-up
call
the
industry
needs
yet.
Joe
Patrice is
a
senior
editor
at
Above
the
Law
and
co-host
of
Thinking
Like
A
Lawyer.
Feel
free
to email
any
tips,
questions,
or
comments.
Follow
him
on Twitter or
Bluesky
if
you’re
interested
in
law,
politics,
and
a
healthy
dose
of
college
sports
news.
Joe
also
serves
as
a
Managing
Director
at
RPN
Executive
Search.