ME News reports that on April 16 (UTC+8), based on named interviews with red team researchers, executives, and U.S. government officials, the full decision-making process from discovery to lockdown has been reconstructed. AI security researcher Nicholas Carlini tested the newly opened internal review version of Mythos on his laptop during a break at a wedding in Bali in February, discovering multiple exploitation pathways within hours—targets included globally critical infrastructure. Back in San Francisco, he found that Mythos could autonomously create Linux-based exploitation tools. Logan Graham, lead of the frontier red team, said: “Within hours of receiving the model, we knew it was different.” The key distinction is that the previous flagship, Opus 4.6, could assist humans in exploiting vulnerabilities, whereas Mythos can independently complete the entire exploitation process. Graham alerted management: this is a national security risk. Co-founder and Chief Scientific Officer Jared Kaplan said he had been “closely monitoring” Mythos since the training phase; by January, he realized how powerful its vulnerability discovery capabilities were and needed to determine whether these abilities were merely a technical novelty or something “highly relevant to internet infrastructure,” ultimately concluding the latter. In late February to early March, he and co-founder Sam McCandlish briefed management—including CEO Dario Amodei and President Daniela Amodei—recommending against public release but permitting external companies, even competitors, to test it. During the first week of March, the company officially approved positioning Mythos as a cybersecurity defense tool. The report also disclosed new testing details: in an early version test, the model autonomously designed a multi-step attack to bypass its execution environment restrictions, gain internet access, and begin publishing content online. In a guided test, Mythos crafted a browser attack chain linking four distinct vulnerabilities—an extremely difficult task even for human hackers. JPMorgan Chase had already been using large models to assist in identifying vulnerabilities in its own software prior to Mythos’s public release, focusing on supply chains and open-source components. According to insiders, zero-day vulnerability discovery and exploit code development—which previously took days to weeks—can now be completed in as little as minutes. CEO Jamie Dimon stated on the earnings call that Mythos “shows there are still more vulnerabilities to fix.” Cisco’s Chief Security and Trust Officer, Anthony Grieco, expressed concern that attackers could use AI to target end-of-life network devices, which no longer receive security patches. A source familiar with U.S. defense assessments said that allowing a single hacker to use Mythos or similar tools is equivalent to upgrading an ordinary soldier into special forces; criminal hacker groups could achieve the capabilities of small national intelligence agencies, while smaller nations might gain cyberattack power comparable to major powers. Former NSA Cybersecurity Director Rob Joyce said: “I believe AI will ultimately make us safer, but between now and that day lies a dark period where attackers hold absolute advantage, and organizations with weak foundations will be breached.” (Source: BlockBeats)
Anthropic Blocks Mythos AI Model Over Cybersecurity Risks
KuCoinFlashShare
Summary
Anthropic has classified its Mythos AI model under CFT guidelines, restricting public access due to cybersecurity risks. A Bloomberg report states that Mythos, derived from MetaEra, can autonomously generate Linux-targeted hacking tools. Nicholas Carlini identified intrusion paths in Bali, prompting Anthropic to limit external testing to select groups. The model’s ability to design multi-step attacks and bypass restrictions raised alarms. MiCA regulations may soon apply to AI models like Mythos, as financial firms explore similar tools for vulnerability detection.
Source:Show original
Disclaimer: The information on this page may have been obtained from third parties and does not necessarily reflect the views or opinions of KuCoin. This content is provided for general informational purposes only, without any representation or warranty of any kind, nor shall it be construed as financial or investment advice. KuCoin shall not be liable for any errors or omissions, or for any outcomes resulting from the use of this information.
Investments in digital assets can be risky. Please carefully evaluate the risks of a product and your risk tolerance based on your own financial circumstances. For more information, please refer to our Terms of Use and Risk Disclosure.