Anthropic AI Model Discovers Zero-Day Vulnerabilities in OS and Browsers: Financial Sector Response
Anthropic's new AI model, Claude Mythos Preview, is capable of independently detecting unknown vulnerabilities in operating systems and web browsers, as well as developing exploits to leverage them. This has raised concerns among UK financial regulators, where authorities are coordinating efforts to assess risks to critical infrastructure.
Technical Capabilities of the Model
Presented on April 7, Claude Mythos Preview demonstrates the ability to analyze code and identify zero-day vulnerabilities. The model underwent testing on major platforms, including popular OSs and browsers, uncovering thousands of defects. Among its achievements was the discovery and remediation of a 27-year-old bug in OpenBSD.
The company has not released the model to the public, limiting access to the Project Glasswing program for select organizations. This decision stems from the model's potential to generate working exploits on demand, including multi-stage attacks that bypass defenses.
Reasons for this approach lie in the evolution of AI for cybersecurity tasks. Traditional vulnerability search methods rely on manual expert labor, which limits scale. AI accelerates the process by automating analysis and attack synthesis, but increases the risk of misuse.
Regulatory and Banking Sector Response
The Bank of England initiated emergency meetings with the HM Treasury, the Financial Conduct Authority, the National Cyber Security Centre, and representatives from the banking sector. Discussions focus on measures to protect IT infrastructure, particularly vulnerable due to the combination of legacy systems and modern platforms.
The financial sector is particularly susceptible to risks: older systems often contain unpatched bugs, while AI can rapidly scale attacks. Similar consultations are already underway in the US and Canada with major banks and insurers.
- Key Meeting Participants: Bank of England, HM Treasury, UK financial regulators.
- Discussion Goals: Threat assessment, development of monitoring protocols.
- Planned Steps: Informing banks and exchanges in the coming weeks.
- Global Context: Similar measures in the US and Canada.
Implications for the Cybersecurity Industry
The emergence of such models changes the balance in cybersecurity. On one hand, they help developers close holes faster; on the other, they lower the barrier for attackers. Banks are forced to invest in infrastructure updates and automated detection systems.
Experts note that exploit generation speed outpaces software patching. This stimulates a shift toward zero-trust architectures and network segmentation. In the long term, AI may become standard in red teaming, but it requires strict access control.
Overall context: the market for AI-based pentesting tools is growing by 25% annually. Companies like Anthropic balance innovation and responsibility by limiting the distribution of powerful models.
Key Takeaways
- The Claude Mythos Preview model finds zero-days in any OS and browser, generating exploits.
- UK financial regulators are coordinating the protection of critical infrastructure.
- Risks for banks include outdated systems and accelerated AI attacks.
- Limited access via Project Glasswing minimizes threats.
- Global impact: Similar discussions occurring in the US and Canada.
— Editorial Team
No comments yet.