What is Claude Mythos?
In recent weeks, the artificial intelligence sector has been focused on claims made by Anthropic, a leading AI company, regarding its new model named Claude Mythos.
Anthropic states that Mythos can outperform humans in certain hacking and cybersecurity tasks, which has sparked discussions among regulators, legislators, and financial institutions about the potential risks it may pose to digital infrastructure.
Several major technology companies have been granted access to Mythos through an initiative called Project Glasswing, which aims to enhance resilience against threats posed by Mythos itself.
However, some observers caution that Anthropic has an interest in promoting Mythos as possessing unprecedented capabilities, making it challenging to separate substantiated claims from marketing hype, a common issue in the AI industry.
What is Claude Mythos?
Mythos is one of the latest AI models developed by Anthropic as part of its broader AI system known as Claude. This system includes the company's AI assistant and a family of models designed to compete with OpenAI's ChatGPT and Google's Gemini.
Anthropic introduced Mythos in early April under the name "Mythos Preview."
Specialized researchers known as "red-teams," who evaluate AI models' responses to specific tasks, reported that Mythos demonstrated "striking capability at computer security tasks." They found that the model could identify dormant bugs in decades-old code and exploit them with ease.
Instead of releasing Mythos widely to Claude users, Anthropic provided access to 12 technology companies through Project Glasswing, which it described as "an effort to secure the world's most critical software."
Participants in Project Glasswing include cloud computing leader Amazon Web Services; device manufacturers Apple, Microsoft, and Google; and chip manufacturers Nvidia and Broadcom.
Crowdstrike, a cybersecurity firm whose faulty software update caused a significant global outage in July 2024, is also a partner in the project. Anthropic has additionally granted Mythos access to over 40 organizations responsible for critical software.
Why are there concerns?
Anthropic claims that during testing, Mythos exhibited exceptional skill in cybersecurity and hacking tasks, surpassing human performance.
"Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser," Anthropic stated on 7 April.
The company warned that, given the rapid progress of AI, such capabilities could soon become widespread, potentially falling into the hands of actors who may not deploy them responsibly.
Anthropic noted that Mythos could identify critical bugs requiring immediate attention in legacy systems with minimal oversight, including a vulnerability that had existed in a system for 27 years, and could suggest methods to exploit these flaws.
These revelations have raised serious concerns among finance ministers, central bankers, and financial experts, who fear the model could threaten the security of financial systems.
Canadian Finance Minister François-Philippe Champagne told the BBC that Mythos was discussed at an International Monetary Fund (IMF) meeting in Washington DC during the week.
"Certainly it is serious enough to warrant the attention of all the finance ministers," he said, describing the technology as an "unknown unknown."
Andrew Bailey, Governor of the Bank of England, told the BBC,
"We are having to look very carefully now what this latest AI development could mean for the risk of cyber crime."
Meanwhile, the European Union has indicated it is in discussions with Anthropic regarding its concerns about Mythos.
What have cyber experts said about it?
Ciaran Martin, former head of the UK's National Cyber Security Centre, told the BBC earlier this week that the claim Mythos could identify critical vulnerabilities faster than other AI models has "really shaken people."
"The second thing is that even with existing weaknesses that we know about, but organisations might not have patched against, might not be well defended against, it's just a really good hacker," he said.
Many independent cybersecurity analysts and experts have not yet had the opportunity to test Mythos themselves, and some remain skeptical about its reported performance.
The UK's AI Safety Institute recently concluded that while Mythos is a very powerful model, its greatest threat would be to poorly defended, vulnerable systems.
"We cannot say for sure whether Mythos Preview would be able to attack well-defended systems," its researchers stated.
Therefore, in environments with strong cybersecurity measures, the model would, in theory, be effectively countered.
Should we be worried about it?
Concerns related to AI are not new. New models and tools are frequently introduced, often accompanied by claims of revolutionary potential, both positive and negative.
The AI sector has increasingly leveraged a combination of fear and excitement about AI’s future impact as part of its marketing strategies.
Regarding Mythos, there remains insufficient information to determine whether the hopes or fears surrounding it are justified or primarily reflect industry hype.
According to the National Cyber Security Centre (NCSC), the most important response at this stage is to avoid panic and focus on strengthening fundamental cybersecurity practices.
After all, most hackers do not require advanced AI tools to breach systems when simpler attacks often suffice.
"For some this is an apocalyptic event, for others it seems to be a lot of hype," Martin told the BBC.
He added that whether it is this tool or future ones developed by Anthropic or its competitors, alongside the risks there is an opportunity to build a safer online environment.
"In the medium-term, there's an opportunity to use these tools to fix a lot of the underlying vulnerabilities in the internet," he said.
for our Tech Decoded newsletter to follow the world's top tech stories and trends. Outside the UK? here.
