"Last month, Anthropic made a remarkable announcement about its new model, Claude Mythos Preview: it was so good at finding security vulnerabilities in software that the company would not release it to the general public. Instead, it would only be available to a select group of companies to scan and fix their own software. The announcement requires context but it contained an essential truth."
"Modern generative AI systems not just Anthropic's, but OpenAI's and other, open-source models are getting really good at finding and exploiting vulnerabilities in software. And that has important ramifications for cybersecurity: on both the offense and the defense. Attackers will use these capabilities to find, and automatically hack, vulnerabilities in systems of all kinds. They will be able to break into critical systems around the world, sometimes to plant ransomware and make money, sometimes to steal data for espionage purposes, and sometimes to control systems in times of hostility."
"But at the same time, defenders will use these same capabilities to find, and then patch, many of those same systems. For example, Mozilla used Mythos to find 271 vulnerabilities in Firefox. Those vulnerabilities have been fixed, and will nev"
"While Anthropic's model is really good at finding software vulnerabilities, so are other models. The UK's AI Security Institute found that OpenAI's GPT-5.5, already generally available, is comparable in capability. The company Aisle reproduced Anthropic's published results with smaller, cheaper models."
A new AI model was withheld from general release because it performed strongly at identifying software security vulnerabilities. Other available models show comparable vulnerability-finding capability, and smaller models can reproduce similar results. The high cost of running the model and limited resources likely contributed to the decision to restrict access. Despite the marketing and access constraints, the underlying capability is significant: modern generative AI can locate and exploit vulnerabilities automatically. This increases offensive risk, enabling faster intrusion, ransomware deployment, data theft, and potential control of critical systems. At the same time, defenders can use the same techniques to discover vulnerabilities and patch them, reducing exposure. Mozilla used the model to find many Firefox vulnerabilities that were subsequently fixed.
#ai-security #vulnerability-discovery #cybersecurity-offense-and-defense #software-patching #generative-ai
Read at www.theguardian.com
Unable to calculate read time
Collection
[
|
...
]