Anthropic’s Mythos reveals a growing security gap: AI finds flaws far faster than companies can patch them |
Anthropic’s Mythos reveals a growing security gap: AI finds flaws far faster than companies can patch them
Hello and welcome to Eye on AI, this is Sharon Goldman subbing for Jeremy Kahn today. In this edition…Suspect in attack at Sam Altman’s house aimed to kill OpenAI CEO, warned of humanity’s extinction from AI…Anthropic hires Trump-linked lobbying firm Ballard Partners…the AI revolution in math has arrived.
As my colleague Beatrice Nolan has reported, Anthropic’s new AI model, Mythos, has caused a stir among cybersecurity experts and policymakers by saying its new model is so skilled at finding and exploiting software vulnerabilities that it’s too dangerous to release. Instead, it is limiting access to a small group of major technology companies whose software is the foundation for many other digital services, hoping to give defenders time to strengthen their systems.
But this announcement also revealed a growing concern for those defenders: AI is finding flaws far faster than companies could ever hope to patch them. According to Anthropic, Mythos has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.
Flaws are coming faster than companies can fix
“Vulnerability discovery is outpacing patching,” Shane Fry, CTO and RunSafe Security, told me by email yesterday. AI is accelerating exploit discovery beyond what organizations, especially in operational technology environments (think manufacturing, building systems, industrial control systems and power grids) can realistically remediate, he said.
Critically, Anthropic says over 99% of what they found has not yet been patched.
“Organizations are already struggling to keep up with patching across both IT and OT environments, and AI is only accelerating that gap,” Fry said. “As vulnerability discovery and exploit development move faster, the idea that you can remediate everything in time just doesn’t hold. The focus has to shift to protections built into the software itself that prevent vulnerabilities from being reliably exploited.”
In a way, an AI tool like Mythos that can find thousands of cybersecurity vulnerabilities a minute is really an “incredibly expensive alarm,” said Tal Kollender, a former........