High-ranking members of Britain’s government and banking sector are reportedly scrambling to figure out what to do about cybersecurity holes found by Claude Mythos Preview, Anthropic’s new automated system for making tech elites—and now financial elites—wet their pants.
In case you weren’t aware, last week Anthropic declared its unreleased model, Claude Mythos Preview, scary as heck and simply too powerful to unleash upon the world.
In addition to claiming that Claude Mythos Preview is a sneaky little dickens, a post on Anthropic’s frontier red team blog describes it as essentially the world’s most dangerous super-hacker. The passage below summarizes the apparent hacking hazard pretty well. (Note that “zero-day vulnerabilities” are vulnerabilities in code known only to the person or AI agent who found them):
During our testing, we found that Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so. The vulnerabilities it finds are often subtle or difficult to detect. Many of them are ten or twenty years old, with the oldest we have found so far being a now-patched 27-year-old bug in OpenBSD—an operating system known primarily for its security.
Now, according to the Financial Times, the Bank of England and regulators at the U.K.’s Financial Conduct Authority and Treasury will hold “urgent discussions” with that country’s National Cyber Security Centre to figure out a course of action. Anonymous sources who spoke to the Financial Times said (quite Britishly) that a planning meeting will be held “in the next fortnight.”
How scared is the U.K.? This issue is also the next big priority of the UK’s “Cross Market Operational Resilience Group,” according to the Financial Times. That group includes members of the U.K.’s National Cyber Security Centre, the Financial Conduct Authority (their equivalent of the SEC), and His Majesty’s Treasury. It’s co-chaired, the Financial Times says, by someone at the Bank of England with the title “executive director for supervisory risk.”
One bit of verbiage from the Financial Times is remarkable. It describes discussions about “the risks posed by the latest AI model from Anthropic.” Anthropic might quibble slightly, since it has framed the secretive release of Claude Mythos Preview only through its “Project Glasswing” initiative as a way to warn stakeholders about future dangers down the line, not as a sort of global cybersecurity hostage situation.
Some, like rationalist blogger Zvi Mowshowitz have expressed concern that Anthropic’s claims are being communicated poorly. Mowshowitz wrote that Anthropic is “mixing valid points and helpful analysis with overstatement and hype.”
For his part, Yann LeCun, the former head AI researcher at Meta has been reposting X posts claiming that big, bad Mythos is actually no big deal.
And it should be noted that as far as anyone knows, no one outside of Anthropic has so far been allowed the sort of unfettered access to the model it would take to attempt a more objective form of analysis.
