Anthropic’s Claude Mythos finds thousands of zero-day flaws across major systems
Artificial Intelligence (AI) company Anthropic announced a new cybersecurity initiative called Project Glasswing that will use a preview version of its new frontier model, Claude Mythos, to find and address security vulnerabilities.
The model will be used by a small set of organizations, including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, along with Anthropic, to secure critical software.
The company said it’s forming this initiative in response to capabilities observed in its general-purpose frontier model that demonstrate a “level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities.” Because of its cybersecurity capabilities and concerns that they could be abused, Anthropic has opted not to make the model generally available.
Mythos Preview, Anthropic claimed, has already discovered thousands of high-severity zero-day vulnerabilities in every major operating system and web browser. Some of these include a now-patched 27-year-old bug in OpenBSD, a 16-year-old flaw in FFmpeg, and a memory-corrupting vulnerability in a memory-safe virtual machine monitor.
In one instance highlighted by the company, Mython Preview is said to have autonomously come with a web browser exploit that chained together four vulnerabilities to escape the renderer and operating system sandboxes. Anthropic also noted in the preview’s system card that the model solved a corporate network attack simulation that would have taken a human expert more than 10 hours.
In perhaps what’s one of the most eyebrow-raising findings, Mythos Preview managed to follow instructions from a researcher running an evaluation to escape a secured “sandbox” computer it was provided with, indicating a “potentially dangerous capability” to bypass its own safeguards.
The model did not stop there. It further went on to perform a series of additional actions, including devising a multi-step exploit to gain broad internet access from the sandbox system and send an email message to the researcher, who was eating a sandwich in a park.
“In addition, in a concerning and unasked-for effort to demonstrate its success, it posted details about its exploit to multiple hard-to-find, but technically public-facing, websites,” Anthropic said. [Continue reading…]