AI Cybersecurity Model Claude Mythos Breaches Corporate Networks
The UK AI Security Institute (AISI) has independently confirmed that the AI model Claude Mythos can autonomously execute complex, multi-stage cyber attacks on corporate networks, challenging the myth that frontier AI cannot hack secure systems.
Why it matters
The rapid progress of AI-powered cyber attacks challenges the assumption that frontier AI cannot breach secure corporate networks, raising concerns about how defenders can keep up with the evolving threat.
Key Points
- 1Claude Mythos successfully completed a 32-step corporate network attack 3 out of 10 times, with an average of 22 steps completed per attempt
- 2Mythos scored 73% on expert-level capture-the-flag challenges, a dramatic improvement from the 0% scored by the best model just 12 months prior
- 3Anthropic has gated access to Mythos behind a high-priced consortium model to limit unauthorized use, while OpenAI has confirmed developing a similar restricted cybersecurity AI
- 4The rapid progress of AI-powered cyber attacks has raised concerns about how defenders can keep up with the evolving threat
Details
The AISI report shows that the AI model Claude Mythos, developed by Anthropic, is the first frontier model capable of autonomously executing complex, multi-stage cyber attacks on corporate networks. In AISI's testing, Mythos successfully completed a 32-step attack sequence 3 out of 10 times, with an average of 22 steps completed per attempt. This is a dramatic improvement over the previous best model, which could only reach 16 steps on average and never completed the full attack. On expert-level capture-the-flag challenges, Mythos scored 73% success, up from 0% for the top model just 12 months prior. While the AISI tests lacked real-world defenses, the report warns that restricted-tier models matching Mythos's current capabilities could become accessible through standard APIs within 12-18 months, with open-source equivalents following 18-24 months later. In response, Anthropic has gated access to Mythos behind a high-priced consortium model, while OpenAI has confirmed developing a similar restricted cybersecurity AI, signaling an emerging 'cyber-AI arms race'.
No comments yet
Be the first to comment