Anthropic 'Mythos' sparks bank alarm
A preview of an Anthropic model called “Mythos” reportedly found thousands of zero‑day vulnerabilities, triggering urgent meetings between central banks and major banks about cyber risk. The finding and the coordination briefings were shared publicly in social posts summarising the threat and citing participation from AWS, Apple, Google, Microsoft, NVIDIA and CrowdStrike. (x.com)
Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell warned major United States banks on April 7 that Anthropic’s new Mythos model could sharply raise cyber risk. (bloomberg.com) Anthropic said Mythos Preview found thousands of previously unknown software flaws during testing, including bugs in every major operating system and every major web browser. A zero-day is a hidden defect that vendors do not know about yet, which means attackers can use it before a patch exists. (anthropic.com) Anthropic published those claims on April 7 and said more than 99% of the vulnerabilities it found were still unpatched, so it withheld technical details under a coordinated disclosure process. The company said the oldest bug it found and helped patch was a 27-year-old flaw in OpenBSD, a system widely known for security. (anthropic.com) Banks were pulled in because the concern is not a single product failure but a faster way to discover weak spots across the software stack they depend on. Bloomberg reported that the Washington briefing framed Mythos as the start of a new phase in cybersecurity, with software flaws found and exploited with less human supervision. (bloomberg.com) Anthropic has not released Mythos to the public. It said the model is being limited to defensive work through Project Glasswing, a program announced April 7 with Amazon Web Services, Apple, CrowdStrike, Google, JPMorganChase, Microsoft, NVIDIA, Palo Alto Networks, the Linux Foundation and other partners. (anthropic.com) The basic idea is simple: give defenders the tool first and let them search their own systems before criminals or state hackers get something similar. Anthropic said Project Glasswing was created because of capabilities it observed in Mythos Preview and because critical software needed immediate review. (anthropic.com) Anthropic also said Mythos was not built as a hacking-only system. The company described it as a general-purpose language model whose coding and reasoning ability made it unusually strong at finding and exploiting subtle flaws. (anthropic.com) Outside researchers have not independently verified Anthropic’s performance claims. Bloomberg quoted University of Illinois computer science professor Gang Wang saying it is hard to judge the significance of Mythos Preview without broader hands-on testing. (bloomberg.com) Anthropic says that uncertainty is one reason it is moving slowly. For now, the model that set off emergency talks in Washington is being kept inside a small circle while banks, software vendors and security teams race to patch what it already found. (axios.com)
