Anthropic Glasswing Project Using Mythos AI Uncovers Massive Security Vulnerabilities Across Global Networks And Reveals Human Patching Bottlenecks
The cyber security landscape around the globe has taken a turn due to the release of preliminary performance findings from the Anthropic led artificial intelligence security project "Glasswing". This initiative has utilized a preview of the high performance AI Mythos and uncovered more than 10,000 high risk or critical security flaws within core software applications in under 1 month. These numbers show the unprecedented speed and accuracy of automatic detection are now revealing and creating a problem with the human aspect of defense networks.
As this system has been tested in the past by several technology partners of Anthropic the Mythos AI has shown truly astounding findings. The internet infrastructure giant, Cloudflare, used the AI system on the company's own core infrastructure and discovered more than 2,000 bugs. Of those 2,000 findings, 400 were reported to be either critical or high risk vulnerabilities. Elsewhere, the software firm Mozilla, discovered 271 separate security bugs in their new version of the web browser Firefox by using the same AI model to check the new browser for security flaws. This amount is 10x the amount of bugs discovered compared to current AI's. This is said by several Anthropic technology partners to be increasing overall bug finding speeds by 10x.
Rigorous evaluations were done independently on the AI system to demonstrate its true capability. The UK AI Safety Institute conducted a sandbox test of the Mythos AI to see its autonomous exploit capabilities, and during these tests, it was discovered that the AI could conduct an entire multi stage hack by themselves.XBOW, a specialized security evaluation firm, found that when tested on web based vulnerability testing systems the AI was by far superior to any other current agent at finding hidden exploits and also discovered vulnerabilities faster and with higher accuracy.
Accompanying this new data has been an explanation by Anthropic regarding how automated security is changing defense structures. The bottleneck to defending the cyber infrastructure previously was finding these zero day vulnerabilities before an attacker. Now, Mythos reveals, the bottleneck to cyber security has become the human ability to write patch programs. Artificial intelligence finding an exploit in seconds may not be enough; the system now must be able to have humans recognize this vulnerability, fix it, patch it, anddeploy updates in a quick fashion in order to defend the network properly. This gap in security makes organizations vulnerable, so Anthropic recommends drastically reducing development cycles and employing automated patch and update mechanisms.
