In just one month, Anthropic’s cybersecurity AI, Claude Mythos, identified more than 10,000 serious flaws in software used by billions of people. De facto, security teams are no longer able to correct vulnerabilities as quickly as they are found.
A month ago, Anthropic unveiled Claude Mythos, an AI model designed to identify security vulnerabilities in software. AI quickly showed that it was also capable of developing exploitation methods based on the vulnerabilities discovered. Faced with the risks of malicious use, Anthropic has chosen not to make Mythos accessible to the general public.
Currently, only around fifty hand-picked partners have access to this tool. Among them, we find giants like Amazon Web Services, Apple, Google, Microsoft, NVIDIA, CrowdStrike, JPMorganChase and Palo Alto Networks. The partners, grouped under the “Project Glasswing” initiative, began deploying AI on their systems and plugging detected vulnerabilities before hackers exploited them.
Also read: Claude Code at Microsoft – why the honeymoon only lasted four months
10,000 vulnerabilities, including critical breaches
In the space of thirty days, Claude Mythos uncovered more than 10,000 vulnerabilitiesindicates Anthropic in its first report. These are flaws high or critical levelunearthed in the code of widely used software. Mythos notably scrutinized open source projects. In these, the AI found 1,726 actual confirmed vulnerabilities, with more than 1,000 deemed critical or high risk.
“After a month, most partners have each found hundreds of critical or high-severity vulnerabilities in their software. Collectively, they found more than ten thousand”says Anthropic.
Note that Mozilla has integrated no less than 271 security patches into Firefox 150, all detected by Claude Mythos. For its part, Cloudflare has identified 2,000 bugs in its own systems, including 400 critical ones. According to Anthropic, the rate of bug detection by its partners has increased more than tenfold. Microsoft has even warned that its security update cycles will “continue to grow in volume in the near future”especially because of the discoveries of Mythos.
Among the most worrying findings unearthed by AI are: a flaw in wolfSSLa security library integrated into more than five billion connected objects and routers. The model developed on its own an attack demonstration, showing how a cybercriminal could concretely exploit this flaw to trap Internet users.
Also read: Claude Mythos leak – a Discord group found a way to bypass Anthropic security
Traffic jam among security teams
Faced with the discoveries at the Mythos chain, security teams struggle to keep up. It is in fact more complicated to correct a flaw than to identify it. The discovery of flaws now goes much faster than their correction, and this is precisely what worries Anthropic. The average time to correct a bug remains around two weeks. With tens of thousands of anomalies to process, teams find themselves completely underwater.
“Advancements in software security were once limited by the speed with which we could find new vulnerabilities. Now it’s the speed with which we can verify, disclose and remediate the large number of vulnerabilities detected by AI that is the barrier.”explains the American start-up.
In reaction, “some maintainers have even asked to slow down the pace of releases because they need more time to design fixes”. Despite the logjam caused by Mythos’ findings, Anthropic launched a verification program for cybersecurity professionals. This allows Anthropic models to be used without restriction for security missions, such as intrusion tests. Enough to increase the number of vulnerabilities discovered, and accentuate the traffic jam phenomenon…
👉🏻 Follow tech news in real time: add 01net to your sources on Google, and subscribe to our WhatsApp channel.
Source :
Anthropic
