Important media consideration has already been given to how Anthropic’s know-how can now be used to search out bugs in current software program and platforms. In March, Mozilla researchers revealed how Anthropic’s AI mannequin, Claude Opus 4.6, managed to discover 14 high-severity bugs and determine 22 CVEs over the course of two weeks, outperforming Mozilla’s personal human researchers.
Safety researchers using a trial model of Anthropic’s new Mythos mannequin at the moment are claiming they’ve discovered a approach of bypassing Apple macOS safety know-how. The researchers from Calif, a Palo Alto-based cybersecurity analysis agency, informed The Wall Street Journal they used what’s often called a “privilege escalation exploit,” which, if utilized in mixture with one other assault vector, might enable dangerous actors to achieve management of a goal’s machine.
They informed the Journal they wrote software program that was capable of hyperlink collectively two separate bugs, along with a “handful of different methods,” to “corrupt the Mac’s reminiscence after which achieve entry to components of the machine that must be inaccessible.”
The corporate stated the exploit took 5 days to find, however famous that it couldn’t have been pulled off by Anthropic’s Mythos alone and in addition required the experience of its human hackers.
Apple stated it’s reviewing the report to check its findings. “Safety is our prime precedence, and we take studies of potential vulnerabilities very critically,” an organization spokesperson informed The Journal.
Anthropic launched Mythos, then dubbed Mission Glasswing, in April. Nonetheless, it restricted entry to a choose group of greater than 40 tech firms it partnered with. The corporate claimed it had discovered hundreds of high-severity vulnerabilities utilizing the software, together with some “in each main working system and internet browser.” It additionally warned that, if such capabilities proliferate amongst dangerous actors, the implications “could possibly be extreme.”
Michał Zalewski, a safety researcher at Google, reviewed the Calif analysis, although he was not concerned within the testing. He cautioned that, whereas a number of the hype round Mythos was “overblown,” he informed The Journal it’s nonetheless attainable to make use of Anthropic’s instruments for “significant vulnerability analysis and code auditing.”
Beneficial by Our Editors
Regardless of studies about Mythos’s capabilities, different specialists have questioned whether or not the mannequin is in reality too highly effective for public distribution. Gary McGraw, a former Vice President at cybersecurity agency Synopsys, recently informed The New York Instances: “The know-how isn’t too harmful to launch.”
He added: “In the event you don’t launch a software like this—otherwise you hoard it—you aren’t fixing the actual downside.”
About Our Knowledgeable
Expertise
I’m a reporter protecting weekend information. Earlier than becoming a member of PCMag in 2024, I picked up bylines in BBC Information, The Guardian, The Instances of London, The Each day Beast, Vice, Slate, Quick Firm, The Night Normal, The i, TechRadar, and Decrypt Media.
I’ve been a PC gamer because you needed to set up video games from a number of CD-ROMs by hand. As a reporter, I’m passionate in regards to the intersection of tech and human lives. I’ve coated the whole lot from crypto scandals to the artwork world, in addition to conspiracy theories, UK politics, and Russia and overseas affairs.
Learn Full Bio