IIn June 2024, a cyberattack against a pathology services company caused chaos across London’s hospitals. More than 10,000 appointments have been canceled. A blood shortage then occurred, and a patient died due to a delay in blood tests.
Thankfully, such deadly cyberattacks are rare. But new releases of AI could change the game, plunging us into a frightening new world where the digital systems we rely on are subject to disruption and destruction.
Anthropic, a leading San Francisco AI company, announced this week an AI model called Claude Mythos Preview. The company says that this AI model is too dangerous to release to the public thanks to its outstanding cybersecurity and cyber attack capabilities. Mythos has discovered vulnerabilities in all major browsers and operating systems, the company claims. In other words, this new AI model could help hackers destroy much of the world’s most important software.
“This is a 2000-level alarming situation,” said one security expert. Already, Mythos has discovered a 27-year-old bug in a critical part of the security infrastructure and multiple vulnerabilities in the Linux kernel, which is essential to computer systems around the world. These weaknesses can threaten just about everything on the internet, from the streaming services you use to relax to the banking systems you rely on.
If such technology were to be widely available and as capable as humanity claims, the impact could be devastating. Cyberattacks are no longer just a digital problem. Almost everything we rely on in the physical world involves software. In recent years, airports, hospitals, and transportation networks have been crippled by cyberattacks. Until now, attacks of this scale required a high level of expertise. Mythos puts that ability within the reach of amateurs and accelerates the ability of professionals to wreak havoc.
Cybersecurity experts are sounding the alarm. Anthony Grieco of Cisco, a networking and cybersecurity company, said, “AI capabilities have crossed a threshold that fundamentally changes the urgency needed to protect critical infrastructure…and there is no going back.” Lee Klarich, head of product management at Palo Alto Networks, said the model “represents a dangerous shift” and warned that “everyone needs to be prepared for AI-assisted attackers.”
“We’re going to see more attacks, faster attacks, and more sophisticated attacks,” Kralich said.
Thankfully, we’re not completely doomed yet. Rather than making Mythos available to the public, Anthropic will first make it available to the companies that operate much of our critical infrastructure, including Apple, Microsoft, and Google. The hope is that Mythos can be used to find security gaps and patch them before malicious parties gain similar functionality.
In other words, we are now in a race against time. In the absence of regulation at the national and international level, there is nothing to force other companies to follow Anthropic’s implementation strategy. It will probably only be a few months before less responsible actors release models with similar features in the US or elsewhere. When that happens, all we can do is hope that the software we rely on is properly protected.
I would be optimistic that in a more cooperative era, the United States could accomplish a collective effort to prepare for this impending “apocalypse.” But the Trump administration has declared war on Anthropic, banning the use of its technology by government agencies and the military, and openly calling the company a “woke company of the radical left” for not allowing the military to use its tools for mass surveillance of Americans. This hostility means the government is unlikely to work with Anthropic to strengthen its own system, which is notoriously unstable. These systems are some of the most important systems to ensure safety.
There are several reasons for optimism. Anthropic may be overstating the abilities of Mythos. After all, Anthropic has a vested interest in hyping its products. However, the documented vulnerabilities and competitors’ willingness to partner with Anthropic suggest the threat is real. Meanwhile, some in the government are also taking notice, with US Treasury Secretary Scott Bessent and Federal Reserve Chairman Jerome Powell reportedly convening Wall Street executives on Tuesday to prepare for the risks posed by Mythos and future cybersecurity-focused AI models.
But the overall picture is bleak. Mythos isn’t just a cybersecurity problem; it’s also disturbingly good at helping design biological weapons, sometimes intentionally deceiving users and covering their tracks. This demonstrates the risks of the “superintelligent” AI that Anthropic and its competitors are attempting to unleash on society, and the consequences are abhorrent. With Mythos, you may have more time to get ahead of risk. But they may not be so lucky in the future if the government continues to let these companies operate without rules.
-
Shakeel Hashim is the editor of Transformer, a publication about the power and politics of transformative AI.
