Anthropic's AI Model Uncovers Thousands of Zero-Day Vulnerabilities, Sparks Urgent Meeting with Fed Chair and Bank CEOs

Anthropic's Claude Mythos Preview, a yet-to-be-released AI model, has made a startling discovery: thousands of zero-day vulnerabilities across major operating systems and browsers. This finding has sent shockwaves through the cybersecurity industry, prompting the Federal Reserve chair and Treasury secretary to call an emergency meeting with bank CEOs to discuss the potential risks. The company behind the AI model, Anthropic, warns that there is a narrow window of six to twelve months to patch these flaws before adversaries can replicate the capability.

The discovery was made possible by the Mythos model, which surpassed all but the most skilled humans in finding and exploiting software vulnerabilities. In controlled testing, it identified flaws that had existed undetected for decades, including a 27-year-old bug in OpenBSD and a 17-year-old remote code execution flaw in FreeBSD. Mozilla, for instance, released Firefox 150 with fixes for 271 security vulnerabilities identified by Mythos in a single evaluation pass.

The implications of this discovery are far-reaching. The traditional economics of cybersecurity depend on the asymmetry between attackers, who must find one flaw, and defenders, who must secure all of them. Mythos collapses the cost on both sides, allowing defenders to scan their entire codebase for flaws they never knew existed. However, this also means that attackers, once they build or obtain equivalent models, can do the same.

The Response

Anthropic has chosen a controlled rollout of the Mythos model, dubbed Project Glasswing, which has given approximately 40 technology companies and institutions initial access to bolster their systems. The list does not include most central banks and governments. The asymmetry is intentional: give defenders a head start before the capability becomes widely available. Financial regulators have responded swiftly, with Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent convening a meeting with major US bank CEOs to discuss the cyber risks raised by Mythos.

The concern is not that Mythos itself will be used to attack banks but that the capability it demonstrates – automated discovery of vulnerabilities at superhuman speed – will be replicated by adversaries who are not bound by Anthropic's responsible disclosure practices. Anthropic's CEO, Dario Amodei, describes the current period as a

This article was written with the assistance of AI.
News Factory SEO helps you automate news content for your site.