Mythos and friends could be a 'net positive' for UK cyber security defenses but only if they're secured, says top cyber official

According to the BBC, Horne echoed these statements in a speech to the NCSC’s annual conference CyberUK, on Wednesday.

"As we have seen in the media in recent days, frontier AI is rapidly enabling discovery and exploitation of existing vulnerabilities at scale, illustrating how quickly it will expose where fundamentals of cyber-security are still to be addressed," he said.

This time is different

Earlier this month, Anthropic announced a new security initiative called Project Glasswing, and at its heart, the newest AI model, Mythos Preview. This model was apparently so good at discovering and exploiting zero-day vulnerabilities, that Anthropic decided to only give it to a handful of large software companies. That way, these companies can get a head start against bad actors, before the model is released to the general public at a (yet undetermined) later date.

There is also plenty of chatter online about this being just a PR stunt, with some people stating that OpenAI did the same for GPT-2 which later turned out to be a lot more benign.

However, this time it really might be different. The Mozilla Foundation said that with the help of Mythos it managed to find 271 vulnerabilities in Firefox 150, the famed browser’s latest build. When it tried a similar thing with an earlier model - Opus 4.6 against Firefox 148 - it found “just” 22 bugs.

Announcing the results, Mozilla CTO Bobby Holley couldn’t hide his excitement, hinting that the cat-and-mouse fight against cybercriminals might finally come to an end.

“Our work isn’t finished, but we’ve turned the corner and can glimpse a future much better than just keeping up,” he wrote. “Defenders finally have a chance to win, decisively. ”

Via BBC