A quiet revolution is underway in the digital shadows. Anthropic, an artificial intelligence startup, claims its Mythos Preview model has unearthed over 10,000 cybersecurity vulnerabilities. Ten thousand.
This isn't just about faster bug reports; it’s a fundamental shift in the economics of digital defense. The company's "Project Glasswing" aims to pit AI against AI-powered cyberattacks. A necessary fight, perhaps, but one with unsettling implications.
The official report lays it bare:
“Progress on software security used to be limited by how quickly we could find new vulnerabilities. Now it’s simply limited by how quickly we can verify, disclose, and patch the staggering numbers found by AI.”
Launched in April, Glasswing is a collaboration, bringing together Anthropic and fifty partner organizations. Their collective work has identified more than 10,000 “high- or critical-severity vulnerabilities” in what they call “the most systemically important software in the world.”
Some partners report their bug-finding rates have surged tenfold. Cloudflare, for instance, found 2,000 bugs – 400 of them critical – within its essential systems. And the false positive rate? Cloudflare’s team says it’s actually superior to human testers. A machine, better than us. Think about that.
Yet, a darker truth emerges from Anthropic's own findings. While other AI companies will soon match Mythos-level capabilities, nobody has yet developed the safeguards to prevent these powerful models from being weaponized. It’s why Mythos-class AI remains locked away, not publicly available.
Why launch Glasswing at all, then? The startup isn't shy: without such defenses, a similarly capable model, once unleashed, could make exploiting flawed software “dramatically cheaper and easier for almost anyone in the world.” The implications are chilling.
The AI Cyberattack Surge Is Already Here
This isn't some distant threat. Research from PYMNTS Intelligence and Trulioo confirms what many already suspect: large enterprises are swimming in a rising tide of AI-powered cyberattacks. Bigger companies. Bigger targets.
“Larger firms, with their larger footprints, can be more susceptible to the AI-powered spoofing of identity documents thanks to the industrialization of deepfakes and automated data scraping capabilities by adversarial cyber actors,” PYMNTS warned just last week.
Their data is stark. Fifty-eight percent of companies pulling in over $1 billion annually reported battling AI-generated documents or deepfake attacks in the past year. That’s an 11-point leap over smaller firms. Automated scraping attacks? They're also scaling rapidly with enterprise size. Every authentication decision, in this new reality, becomes a revenue decision. Lose the trust, lose the money.
So, AI finds the flaws. AI exploits the flaws. And we, the humans, are left scrambling to patch a digital world it seems we’ve only just begun to understand.
No comments yet. Be the first to share your thoughts!