Anthropic's Mythos AI triggers global race for access as cybersecurity vulnerabilities mount

EU should seek access to Anthropic's Mythos, Bundesbank says

BERLIN, April 29 (Reuters) - European banks need to be given access to Anthropic's latest artificial intelligence model, Mythos, if they are to shield themselves against the threat of cyberattacks powered by this new breed of programmes, one of Germany's top financial regulators told Reuters. Mythos, a model designed to find flaws in computer code, is viewed by cybersecurity experts as potentially turbo-charging attacks on banks' technology systems but so far it has only been ⁠made available to some U.S. banks. The chief supervisor at Germany's Bundesbank, Michael Theurer, urged European Union authorities to request access to Mythos from Anthropic or from Donald Trump's U.S. administration. "I consider it necessary that the European Commission and governments in Europe now also approach the company -- or rather the United States -- to request that the technology be shared," he told Reuters in an interview. "There has to be an official request so that we in Europe can also benefit from the insights." Sources recently told Reuters Anthropic plans to provide access to its Mythos AI model to European banks soon. Mythos' release to ⁠a selected group of companies, initially including just one bank, earlier this month raised alarm among regulators and policymakers across the world. German banks and national authorities have been jointly examining risks around these models and European Central Bank supervisors, who are responsible for the euro zone's biggest lenders, have been quizzing bankers about their preparedness. Theurer said his meetings with ⁠banks so far showed they were acutely aware of the possible threat from the new model but they could not "test which vulnerabilities it is capable of identifying" without getting access to it. "We may be moving into ⁠an area in which economic actors could potentially become dependent on state assistance," Theurer said. "If you do not have access to this technology yourself, you naturally find yourself in very difficult waters." Regulators' ⁠own ability to monitor and combat the risks posed by Mythos and similar models has been called into question, with a survey finding authorities significantly lag financial firms in AI adoption and lack data on emerging harms. Writing by Francesco Canepa in Frankfurt; Editing by Toby Chopra Our Standards: The Thomson Reuters Trust Principles., opens new tab

Companies with Mythos access urge joint defence of infrastructure

Anthropic's Claude Mythos AI model is driving a surge in software updates, risking exposure of critical national infrastructure to hackers and prompting cyber security chiefs to demand better co-ordination between government and business. Companies that have access to the San Francisco group's new tool told the FT joint action "across the public and private sectors" was essential to support hospitals, banks and utilities vulnerable to the threats Mythos uncovered. "The way I think about this is there is a world pre-Mythos and there is a world post-Mythos," said Jeetu Patel, president and chief product officer at tech group Cisco, one of the few companies given access to the model. Anthropic plans to roll Mythos out gradually, following its release to a small group of 40 organisations that are mostly US-based. This includes Amazon and Microsoft as well as large banks such as JPMorgan Chase. This has led some companies to receive more "patches" -- technical fixes that close vulnerabilities found by Mythos. Bryan Preston, chief financial officer of US bank Fifth Third, told the FT that its technology provider, Microsoft, had rolled out almost 150 software updates since Mythos's release. The volume of bugs Anthropic's model identified could trigger a "flood of patches", said Haider Pasha, vice-president and chief security officer for Emea at cyber security group Palo Alto Networks. That could challenge businesses that need to keep systems running smoothly, he added. Anthropic unveiled Mythos earlier this month and touted its ability to detect cyber security flaws faster than humans. Palo Alto Networks has warned the new technology will quickly proliferate beyond the models built by US tech groups, which have guardrails to prevent malicious use, and could enable hackers to "develop autonomous attack agents unlike anything the industry has faced". Pasha said frontier models such as Mythos were notable for their abilities to "chain together vulnerabilities" to bypass security systems. Cyber security experts have suggested software developers would need to be selective in the updates they released to avoid overwhelming customers. This week, Anthropic said it was investigating reports that a group of users had gained unauthorised access to Mythos through third parties. Central bankers, financial institutions and regulators have demanded expedited access to Mythos in recent days, but the start-up has declined to provide a timeline. While many companies were susceptible, critical infrastructure groups were especially attractive targets, said Cisco's Patel. Such systems often run older software and are seen as higher-value targets. "The challenge with patching [is] you actually have to bring down your system sometimes and most organisations can't afford to have downtime, so they do the downtime at scheduled intervals [to] update the systems," Patel said.

Australia government working with Anthropic over cybersecurity vulnerabilities

SYDNEY, April 23 (Reuters) - Australia is working with software providers including Anthropic over potential cybersecurity vulnerabilities, a spokesperson for Home Affairs minister Tony Burke said ⁠on Thursday, following the firm's release of its Mythos AI model that has caused concern in several countries. Designed for defensive cybersecurity tasks, Mythos' ⁠vast capabilities have sparked fears about the threat to traditional software security, ⁠after Anthropic said a preview had uncovered "thousands" of ⁠major vulnerabilities in "every major operating system ⁠and web browser". Reporting by Alasdair Pal in Sydney; Editing by Muralikumar Anantharaman Our Standards: The Thomson Reuters Trust Principles., opens new tab

UK in talks with Anthropic over Mythos access for banks and business

Anthropic is in active talks with the UK government over rolling out its powerful Claude Mythos model to British businesses eager for access to technology that has raised alarm for its ability to expose cyber security vulnerabilities. Officials are discussing an expanded rollout of the powerful AI model by the San Francisco-based company to key UK-based organisations, according to people familiar with the matter. Banks and financial institutions are among those seeking to get expedited access to the technology to help strengthen their cyber security, but Anthropic told the FT it would not commit to a timeline on this. In light of the risks posed by the model, Anthropic has been rolling Mythos out gradually, first to a select group of 40 organisations that are almost exclusively American. This includes Amazon and Microsoft as well as large banks such as JPMorgan Chase and Morgan Stanley. One executive at a large UK company said they had been discussing the specific vulnerabilities that Mythos exposed with American companies that have access to the model. They added that groups were in discussions with Microsoft about securing "patches" -- technical fixes that close off vulnerabilities found by Mythos. This has allowed companies to begin bolstering their software before they have access to the technology. JPMorgan Chase chief Jamie Dimon has privately warned about the importance of Mythos for the banking sector and the risks that it raises. He cautioned a UK banking executive that organisations should tread carefully with Anthropic's new tool and advised it should be deployed in co-ordination with the government, according to people familiar with the conversation. Similar warnings have been made by regulators, central bankers and cyber security leaders around the world. On Tuesday, German central bank chief Joachim Nagel called for all institutions to have access to Mythos to ensure a level playing field and avoid misuse. The Bundesbank head said in a speech: "This AI model seems to be a double-edged sword, ⁠since it could be used not only to improve digital security systems, but also to leverage their vulnerabilities for malicious purposes." Anthropic unveiled its latest model earlier this month and touted its ability to detect cyber security flaws faster than humans, a feature that has stoked fears worldwide it will generate "exploits" that bad actors can use to take advantage of them. Earlier this week, Anthropic said it was investigating reports that a group of users gained unauthorised access to Mythos through third parties. The UK is the only known government outside the US to have accessed a preview of the model, via its AI Security Institute, a research body that tests frontier AI systems before release. The institute has said that Mythos represents a step up over previous AI capabilities and is able to exploit vulnerabilities "that would take human professionals days of work". Technology minister Liz Kendall and security minister Dan Jarvis warned in a joint public letter last week that "AI cyber capabilities are accelerating even faster than had been previously envisaged" in light of Mythos and urged businesses to fortify their cyber defences. UK lenders also raised the topic with chancellor Rachel Reeves at a roundtable catch-up on Wednesday. Leading British banks, insurers, exchanges and regulators met this week to discuss the cyber security risks of Mythos and AI models more generally. The cross-market operational resilience group, which is co-chaired by the Bank of England and the UK Finance banking trade association, said the meeting had "reflected on the challenges these models present from a cyber security perspective". It said companies had agreed to use AI "to strengthen cyber defence, for example through ongoing efforts to reduce the attack surface available; improving threat detection and investigation; and further exploration into automating mitigation and response measures". The Department for Science, Innovation and Technology did not immediately respond to requests for comment. Additional reporting by Martin Arnold in London

Australia joins countries trialing Claude Mythos 'to ​make sure we are aware of emerging vulnerabilities'

* The Australian government confirmed it is working with Anthropic and other providers to stay informed about emerging cybersecurity vulnerabilities. * Anthropic's Mythos Preview, part of Project Glasswing, is said to be powerful enough to discover and exploit flaws at scale, though it remains unreleased to the public. * Debate continues over whether Mythos represents a genuine breakthrough or a PR stunt, with governments and major software firms already testing its potential impact. The Australian government is "working with" Anthropic and other similar software providers to make sure it is "aware of emerging vulnerabilities". This was the statement given by the spokesperson for Home Affairs minister Tony Burke to the media earlier this week. "Our government takes protection of critical infrastructure extremely seriously which is why we're working with software providers and companies like Anthropic to make sure we are aware of emerging vulnerabilities," Reuters cited the spokesperson. How powerful is Mythos really? We don't know if that means the Australian government is using Anthropic's Mythos Preview tool, or if it is just being kept in the loop on the tool's capabilities. Earlier this month, Anthropic announced a new cybersecurity initiative called Project Glasswing. At its heart is Mythos Preview, the company's latest Generative Artificial Intelligence (GenAI) model, allegedly capable of discovering - and exploiting - more vulnerabilities than any of its predecessors. In fact, Mythos is allegedly so powerful that Anthropic decided not to share it with the public and instead gave it to a handful of major software companies. Since then, the internet has been abuzz. While some praised it as a revolution that would practically end cybercrime, others were wary of what might happen if the tool were to fall into the wrong hands. Some, claimed it was all a PR stunt, and slammed Anthropic for basing its advertising on fear. Apparently, OpenAI did the same with an earlier version of Chat-GPT which, as it later turned out, wasn't as powerful as the company was saying. Still, things might be different with Mythos. The US government is apparently using it, despite the company being designated a supply chain risk, and Mozilla CTO recently called the tool the light at the end of the tunnel. Mythos' public release does not yet have a firm date. Via Reuters Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Europe urged to build rival AI after Anthropic's Mythos debut

Europe needs to urgently develop its own superhacking technology to rival Anthropic's Mythos model, senior government and industry cybersecurity officials stated, as reported by Politico. Officials are preparing for an increase in cyberattacks and data breaches after Anthropic shared its new AI model with several tech firms and unnamed organizations, primarily in the U.S., earlier this month. The Mythos model reportedly outperforms humans in identifying and exploiting cybersecurity vulnerabilities, raising concerns about its potential use in major attacks on critical systems. Regulators in Europe have not been included in discussions surrounding the Mythos model, which is prompting experts to urge the development of a European superhacking AI. Such a solution could fortify defenses against the growing threat of cyber adversaries leveraging advanced AI technology. "We face a significant challenge if we do not start developing our own capabilities," one official said, emphasizing the risks associated with external threats. The call to action reflects heightened awareness of the cybersecurity landscape and the necessity for Europe to maintain its technological independence in this critical area.

Anthropic's Mythos puts banks on edge in rush to fix cyber risks

The country's major banks are increasingly concerned about the ability of next-generation artificial intelligence models like Anthropic's Mythos to compromise their systems, and say they are escalating their efforts to defray the risk that cybersecurity defences could be seriously compromised. Anthropic said earlier this month it would not publicly release Mythos, citing the cybersecurity risks given that the model is adept at identifying unknown flaws in defences, putting the entire global financial system at risk.

Australia working with Anthropic over cybersecurity vulnerabilities

SYDNEY, April 23 (Reuters) - Australia is working with software providers including Anthropic over potential cybersecurity vulnerabilities, a spokesperson for Home Affairs minister Tony Burke said on Thursday, following the firm's limited release of its Mythos AI model that has caused concern in several countries. Designed for defensive cybersecurity tasks, Mythos' vast capabilities have sparked fears about the threat to traditional software security, after Anthropic said a preview had uncovered "thousands" of major vulnerabilities in "every major operating system and web browser". "Our government takes protection of critical infrastructure extremely seriously which is why we're working with software providers and companies like Anthropic to make sure we are aware of emerging vulnerabilities," the spokesperson said. The central banks of Australia and New Zealand said on Wednesday they were monitoring the release of Mythos, and were in contact with major regulators across the globe. Anthropic has launched Claude Mythos Preview under Project Glasswing, a tightly restricted access program that includes major technology firms such as Amazon, Microsoft, Nvidia and Apple. The company has also widened access to more than 40 other organisations involved in building or maintaining critical software infrastructure. A spokesperson for Burke said the project would help equip providers with the right tools to build more secure software and protect infrastructure. Experts said Mythos' advanced coding and autonomous capabilities could sharply increase the pace of sophisticated cyberattacks, particularly in sectors such as banking, where complex, interconnected and often decades-old systems are still widespread. Simon Birmingham, CEO of the Australian Banking Association which represents the majority of the country's major commercial lenders, said in a statement on Thursday banks were engaging with regulators over Mythos to ensure the financial system remains safe. (Reporting by Scott Murdoch and Alasdair Pal in Sydney; Editing by Muralikumar Anantharaman and Kim Coghill)