Anthropic: Mythos finds more than 10,000 software flaws in first month

Source Domain: cyberscoop.com

Summary:
Anthropic’s Project Glasswing initiative has revealed a surge in discovering software vulnerabilities, uncovering over 10,000 critical-severity flaws in systemically important code. The project signifies a shift in cybersecurity focus from identifying vulnerabilities to verifying and patching them. Partners employing the methodology, such as Cloudflare and Mozilla, saw bug detection rates increase by more than tenfold, with Cloudflare identifying 2,000 vulnerabilities, including high-severity ones. The UK’s AI Security Institute found Anthropic’s model addressing multistep cyberattacks more effectively than previous security models. Despite the success, there is acknowledged room for human resources to close the gap in triaging and fixing these vulnerabilities. Anthropic remains cautious about broader releases of its powerful models due to concerns around misuse, opting instead for limited beta versions like Claude Security and an enterprise Cyber Verification Program. The overarching aim is to help bolster cybersecurity defenses globally while ensuring responsible development and deployment.

Key Points:

Anthropic’s Project Glasswing discovered over 10,000 high- or critical-severity vulnerabilities using frontier AI.
Partner organizations reported a tenfold increase in bug discovery rates, with Cloudflare finding 2,000 bugs and helping thwart a fraudulent transfer.
Independent evaluations validate the model’s potential, noting its superior performance in cyber security simulations.
A major bottleneck remains in human capacity to triage, report, and deploy patches for identified vulnerabilities.
Anthropic plans cautious, phased rollout of its advance tools with a focus on responsible usage, starting with enterprise customers.