Anthropic’s new Mythos AI mannequin has raised issues amongst governments and companies that it may outpace present cybersecurity defenses, make them extra prone to hacking, and expose weaknesses quicker than they are often fastened.
The San Francisco-based startup launched a cyber-focused mannequin this month that demonstrated its skill to not solely detect software program flaws quicker than people, but additionally generate the exploits wanted to use them.
In a single alarming case, Mythos fashions have been proven to have the ability to breach safe digital environments and get in touch with human employees, overriding the intentions of their human creators and publicly revealing software program flaws.
This week, OpenAI launched its personal superior cyber mannequin with related capabilities.
The developments have despatched worldwide monetary officers and authorities ministers all over the world scrambling to know the dangers and, in some circumstances, in search of entry to new fashions reserved for a small variety of vetted companions.
“This appears like the invention of fireside,” stated Leif Pilling, director of risk intelligence at cyber agency Sophos. “This energy can drastically enhance our lives, but when mishandled could cause actual hurt to the whole digital world.”
Final week, U.S. Treasury Secretary Scott Bessent and Federal Reserve Chairman Jay Powell convened a number of giant U.S. banks to debate the cyber threats posed by AI fashions. UK AI Minister Kanishka Narayan advised the FT that the mannequin’s capabilities have been “regarding”.
These dangers are well-known inside Anthropic. Logan Graham, who leads Anthropic’s Frontier Crimson Group, which checks the lab’s fashions, stated: [Mythos] Primarily, it may be exploited en masse in an automatic method, in a short time, and in opposition to most organizations all over the world. . . Even essentially the most technically refined ones won’t be able to be patched in time. ”
AI instruments have considerably boosted the already multi-billion greenback cybercrime business. They supplied newbie hackers with low-cost instruments to create dangerous software program and allowed skilled criminals to higher automate and scale their operations.
“AI is already rising the frequency and class of assaults,” stated Christina Cacioppo, chief government officer of safety and compliance agency Vanta.
“Most corporations are unprepared to cope with the dangers as a result of they handle safety in outdated ways in which can not match the pace of AI-powered assaults,” she added.
In line with information from safety group CrowdStrike, AI-powered cyberattacks elevated by 89% in 2025 in comparison with the earlier 12 months. In the meantime, the typical time between an attacker first accessing a system and performing malicious motion decreased to 29 minutes final 12 months, a 65% lower in comparison with 2024.
“The sport is uneven. It is simpler to determine and exploit than to patch all the pieces in time,” stated a supply near Frontier AI Labs.
Anthropic’s Graham stated there are additionally inside issues that corporations will use Mythos to seek out “extra vulnerabilities than we will hope to handle within the close to future.”
The rising issues about AI and cyber safety come amid indications that brokers performing autonomously and performing duties on behalf of customers may additionally gas additional progress in AI-powered hacking.
Final September, Anthropic detected the primary reported AI cyberespionage operation believed to be coordinated by a Chinese language state-backed group.
The corporate’s coding product, Claude Code, was used to infiltrate roughly 30 world targets, together with main tech corporations, monetary establishments, chemical producers, and authorities companies. It was profitable in a small variety of circumstances and was carried out with out in depth human intervention.
Software program researcher Simon Willison has warned that brokers have a “lethal trio” of options. Publicity to untrustworthy content material, resembling on the Web. and exterior communication expertise.
Safety consultants argue that the most secure solution to shield in opposition to cyberattacks when utilizing AI brokers is to permit them entry to solely two of those areas. However AI consultants consider that a lot of the worth you get from brokers comes from giving them entry to all three.
“The dangerous information is that there aren’t any good options proper now,” stated one particular person near the AI Institute. “The excellent news is that [AI agents aren’t] It may also be utilized in mission-critical environments resembling inventory exchanges, financial institution ledgers, and airports. ”
Really useful
Stanislav Fort, a former Anthropic and Google DeepMind researcher who based the AI safety platform AISLE, stated he was optimistic that AI may assist determine and repair the “finite repository” of historic safety flaws.
Thus far, AI fashions have recognized 1000’s of “zero-day” vulnerabilities, or unknown weaknesses in generally used software program, a few of which have gone undetected for many years.
“The worst sort of zero-day we will think about is turning into much less and fewer widespread,” Fort stated.
As soon as these weaknesses are resolved, it will likely be doable to make use of this know-how to “test upfront that dangerous issues will not get in.” [and] In consequence, the safety degree all over the world might be considerably improved. ”
Extra reporting by Kieran Smith in London
