Back to Home

Anthropic AI finds vulnerabilities in OS and browsers

Anthropic Claude Mythos Preview AI model detects zero-day vulnerabilities and generates exploits for OS and browsers. British authorities assess risks to banking infrastructure. Protection measures and global implications are discussed.

Anthropic AI hacks OS: alarm in UK banks
Advertisement 728x90

Anthropic AI Model Discovers Zero-Day Vulnerabilities in OS and Browsers: Financial Sector Response

Anthropic's new AI model, Claude Mythos Preview, is capable of independently detecting unknown vulnerabilities in operating systems and web browsers, as well as developing exploits to leverage them. This has raised concerns among UK financial regulators, where authorities are coordinating efforts to assess risks to critical infrastructure.

Technical Capabilities of the Model

Presented on April 7, Claude Mythos Preview demonstrates the ability to analyze code and identify zero-day vulnerabilities. The model underwent testing on major platforms, including popular OSs and browsers, uncovering thousands of defects. Among its achievements was the discovery and remediation of a 27-year-old bug in OpenBSD.

The company has not released the model to the public, limiting access to the Project Glasswing program for select organizations. This decision stems from the model's potential to generate working exploits on demand, including multi-stage attacks that bypass defenses.

Google AdInline article slot

Reasons for this approach lie in the evolution of AI for cybersecurity tasks. Traditional vulnerability search methods rely on manual expert labor, which limits scale. AI accelerates the process by automating analysis and attack synthesis, but increases the risk of misuse.

Regulatory and Banking Sector Response

The Bank of England initiated emergency meetings with the HM Treasury, the Financial Conduct Authority, the National Cyber Security Centre, and representatives from the banking sector. Discussions focus on measures to protect IT infrastructure, particularly vulnerable due to the combination of legacy systems and modern platforms.

The financial sector is particularly susceptible to risks: older systems often contain unpatched bugs, while AI can rapidly scale attacks. Similar consultations are already underway in the US and Canada with major banks and insurers.

Google AdInline article slot
  • Key Meeting Participants: Bank of England, HM Treasury, UK financial regulators.
  • Discussion Goals: Threat assessment, development of monitoring protocols.
  • Planned Steps: Informing banks and exchanges in the coming weeks.
  • Global Context: Similar measures in the US and Canada.

Implications for the Cybersecurity Industry

The emergence of such models changes the balance in cybersecurity. On one hand, they help developers close holes faster; on the other, they lower the barrier for attackers. Banks are forced to invest in infrastructure updates and automated detection systems.

Experts note that exploit generation speed outpaces software patching. This stimulates a shift toward zero-trust architectures and network segmentation. In the long term, AI may become standard in red teaming, but it requires strict access control.

Overall context: the market for AI-based pentesting tools is growing by 25% annually. Companies like Anthropic balance innovation and responsibility by limiting the distribution of powerful models.

Google AdInline article slot

Key Takeaways

  • The Claude Mythos Preview model finds zero-days in any OS and browser, generating exploits.
  • UK financial regulators are coordinating the protection of critical infrastructure.
  • Risks for banks include outdated systems and accelerated AI attacks.
  • Limited access via Project Glasswing minimizes threats.
  • Global impact: Similar discussions occurring in the US and Canada.

— Editorial Team

Advertisement 728x90

Read Next