The AI industry is too advanced to sell itself with an old-fashioned message like, “We have a great product, subscribe and we think you’ll like it.” If you’re selling big language models, you need something much more cortisol-inducing: “Our product is so advanced it’s literally the apocalypse, it’s an extremely powerful demon on the verge of escaping its cage, subscribe and maybe it’ll save you.”
This is an approach that OpenAI has been taking since 2019, when it told the world that it would not release its early GPT-2 model because it would be dangerous in the wrong hands (they released it anyway). Last week, Anthropic issued a similar message about its new model, the Mythos, which it’s also not releasing (they’re going to anyway) because it’s become capable of hacking everything in the world. Or rather, that’s what many people and publications have decided to infer from the company’s warning that the model “found thousands of high-severity vulnerabilities, including some in every operating system and web browser.”
A more measured analysis was published this week by the British AI Security Institute, which has also evaluated Mythos and found that when tested in controlled simulations, it is “a step up” from previous models. It is the first model to solve a long and difficult hacking test that AISI invented (and which would take an experienced person about 20 hours to complete). But these are controlled tests, quite different from the real world. “We cannot say for sure,” AISI concluded, “whether Mythos Preview would be able to attack well-protected systems.”
Mythos isn’t a cutting-edge cybersecurity tool, then, and in the long term, cybersecurity experts I spoke to say it could make software and systems more robust because it will allow for much more thorough testing of products before they’re released. But in the short term, AI models will create what experts have described to me as an “avalanche” of newly discovered vulnerabilities for which the world’s companies and their IT managers are “unprepared.”
Subscribe to the New Statesman today and save 75%
The big difference is how easily AI models detect vulnerabilities. In the past, companies have held hacking contests and bug bounty programs in which large sums—millions of dollars—are paid to people who find cracks in their defenses. AI models find these vulnerabilities much faster than humans. It’s worth noting that this isn’t simple – some of the vulnerabilities found by Mythos reportedly involved spending tens of thousands of dollars in computing power – but also that Mythos isn’t much different in its capabilities, just further. All major commercial models can also find vulnerabilities and are expected to.
Criminals know this and have changed their attitude towards AI in the last one to two years. When generative AI became popular with the release of ChatGPT, there was concern that bad versions (called things like “WormGPT”) would start creating viruses at scale. Most criminals find these patterns laughable. Now, however, they’re using the same commercial models as everyone else because everyone has gotten dramatically better at finding vulnerabilities and creating exploits, especially over the past year. Again, Mythos is just the leading edge of this trend, which already exists and which most companies are not prepared for.
A normal person might assume that when a company’s executives and IT managers are told about a vulnerability in their equipment, they drop their coffees and run down the hall to fix it immediately. This does not happen. IT tends to fix a company’s “computers” (laptops), but not its other computers (routers, power supplies, printers, industrial controllers). And even if she it Was It is a duty to fix those things, doing so may require the factory to shut down or the building to be shut down for a time, which is often too expensive to contemplate. The result is that many known vulnerabilities go unpatched (fixed) by users for a year or more—many are not fixed at all—because there is a financial incentive for users to protect themselves as slowly as possible.
The financial incentive for attackers, meanwhile, is accelerating. When someone finds a way to access a machine or a network, that access becomes an asset that can be sold. The speed at which this is happening has increased tremendously in recent years. In 2022, when the world learned about ChatGPT, it usually took about one business day (eight hours or more) for access to be delivered to a buyer. That’s pretty fast for selling stolen goods – but now, less than four years later, it takes just over 20 seconds. This isn’t the result of an AI with mythical credentials coming up with genius-level exploits – it’s the more boring, but perhaps equally important, business of automation bringing together buyers and sellers of exploits as quickly as if they were trading on an exchange. Automation has created the fastest and most efficient market for crime that has ever existed.
What happens after access is granted has also changed. Until recently, most cyberattacks involved doing something with the compromised system immediately—stealing it, shutting it down, breaking it. The other option is to wait, explore, find things out. By 2023, only about a quarter of attacks were this patient, but now almost all are: after exploiting a system, nine times out of ten, attackers will now wait, gathering information. What this means is that a large amount of AI-enabled hacking that people worry about Mythos has, in fact, already happened.
The next few years will be important for cyber security. Experts are optimistic about the capacity of AI models to test and secure new software, but it’s often older stuff that’s the problem: Mythos found a vulnerability in a secure operating system that had existed, undetected, for 27 years. Companies may feel tempted to use AI to find all the possible vulnerabilities in their products and issue patches for them – their legal departments may advise them to do so – but if only a small minority of users install those patches, they will simply broadcast many new vulnerabilities for criminals to exploit. That may be part of why Anthropic is so nervous about Mythos’ capabilities—not because it’s a skeleton key to every computer system in the world, but because many of those doors were already open.
(Further reading: How HE took over the British government)
Content from our partners
