Vulnerabilities uncovered in secret US government systems and software during testing of Anthropic Mythos

• Senator Mark Warner testified NSA confirmed Mythos Preview identified vulnerabilities in nearly all classified systems within hours during a controlled exercise
• US officials clarified Mythos found flaws rapidly rather than exploiting them, but the capability still raises major concern
• Anthropic withheld public release, sharing only with select firms; Mozilla and others validated its potency, with thousands of critical bugs uncovered in weeks

We now have another witness claiming Mythos Preview is able to break into protected systems fast and this one is none other than a high-ranking member of the US Government.

According to the Associated Press, Senator Mark Warner of Virginia testified in front of a congressional hearing this month, saying he was informed by National Security Agency (NSA) chief Joshua Rudd that Mythos “broke into almost all of our classified systems, not in weeks, but in hours.”

It’s worth mentioning here that the break-in was controlled, since it was part of an exercise done by the Anthropic team and the intelligence agency.

How powerful is Mythos?

The Associated Press dug deeper, and was informed by an unidentified US official that Mythos merely found vulnerabilities within hours, not necessarily exploited them. Still, identifying a vulnerability that theoretically can be exploited for attacks against protected US Government systems should be cause for concern on its own.

Mythos is an advanced AI model built by Anthropic, first introduced in early April this year. However, the company decided not to share it with the general public because it was apparently too capable of discovering and leveraging software vulnerabilities.

Instead, Anthropic shared it with a handful of major corporations, to help them secure their systems before cybercriminals can use the tool. Since then, multiple companies came forward to confirm Mythos’ potency, including Mozilla, which said the tool was “every bit as capable” as the world’s best security researchers.

Mozilla said that with the help of Mythos, it was able to ship more than 400 Firefox security bugs in April alone.

A month later, Anthropic said the 50 companies using the tool discovered more than 10,000 critical and high-level security vulnerabilities in roughly two months’ time.

“Several have told us that their rate of bug-finding has increased by more than a factor of ten,” the company said. “For instance, Cloudflare has found 2,000 bugs (400 of which are high- or critical-severity) across their critical-path systems, with a false positive rate that Cloudflare’s team considers better than human testers.”

Via Reuters