By: Ivan Habib
Website Editor
On Mar. 26, Fortune Magazine revealed the assets that they discovered on Anthropic’s website. Among these leaks was a draft blog post for the release of Anthropic’s newest artificial intelligence model, Mythos. Fortune promptly informed Anthropic, which subsequently revoked public access to search and access the data cache, acknowledging that “human error in the configuration of its content management system led to the draft blog post’s being accessible.”
Since the leak, Anthropic has openly revealed the benchmark performances and other use cases of their Mythos model, even though they have opted not to release the model to the general public. Anthropic has justified this non-release of their model by noting, “Claude Mythos Preview’s large increase in capabilities has led us to decide not to make it generally available. Instead, we are using it as part of a defensive cybersecurity program with a limited set of partners.” This program, which Anthropic has termed Project Glasswing, is designed to secure the world’s most critical software. The enterprises given access to Mythos as part of this project include, but are not limited to, The Linux Foundation, Nvidia, Google, CrowdStrike, and Palo Alto Networks. Anthropic claims that the project has already identified thousands of vulnerabilities. These notably include a 27-year-old susceptibility in the Open Berkeley Software Distribution (OpenBSD) allowing remote infection of any machine, and a 16-year-old vulnerability in FFmpeg, which is the groundwork for most modern-day video editing software. Anthropic has opted to not release the other vulnerabilities, as maintainers of the software have not yet been able to patch all of the flaws identified by Mythos.
While the software vulnerabilities Mythos has revealed are impressive, some still doubt the attribution to the model itself. Strikingly, some of the flaws Mythos has discovered demanded over 20 thousand dollars in inference costs to discover. This staggering price tag has sparked heavy debate in the cybersecurity community. Critics argue that 20 thousand dollars in inference for a single vulnerability suggests that Mythos may not be employing a true reasoning approach, but rather a “brute-force” analysis of codebases that traditional models could potentially achieve. However, proponents of Project Glasswing maintain that the value of ending a “forever-day” vulnerability, referring to long-persisting and uncouth security flaws, far exceeds high computing costs.
As Project Glasswing continues, the pressure on Anthropic to prove Mythos’s unique utility grows. While the identification of the flaws was a significant victory for digital infrastructure, the true test for Mythos will be whether it can transition from identifying historical bugs to efficient patching and prediction of attacks.
(Sources: Anthropic, CNBC, CNN, Forbes)