Anthropic's latest AI model, Mythos Preview, has demonstrated the ability to transform newly disclosed software vulnerabilities into working exploits in a matter of hours, a process that traditionally takes weeks. This development underscores the growing national security risks posed by advanced AI capabilities.
Threat Level Escalates
In recent tests, Mythos generated its first proof-of-concept exploit for a Windows kernel vulnerability within just 31 minutes. Out of 21 kernel bugs tested, Mythos caused a 'blue screen of death' in 18 instances. Additionally, the AI model created eight distinct exploits, with the longest taking approximately 5.7 hours. Mythos also achieved success with Mozilla Firefox, producing eight working code-execution exploits across 18 security patches.
'Most cyberattacks target known vulnerabilities that companies haven't patched yet,' said a source familiar with the research.
Implications for National Security
The rapid exploitation of vulnerabilities by AI models like Mythos could dramatically shrink the 'patch gap,' the period between a vulnerability's disclosure and widespread patching. This gap often exists because IT and security teams need time to test patches to avoid system crashes and downtime.
Anthropic estimates that Mythos generated its Windows privilege-escalation exploits for about $15,700 in API credits, equating to roughly $2,000 per exploit. As the Trump administration begins implementing a new AI security executive order, the national security risks posed by increasingly capable AI models are coming under scrutiny.
The ability of AI to exploit known vulnerabilities raises significant concerns about the future of cybersecurity and the potential for rapid, large-scale attacks on unpatched systems.