It should be obvious just how dangerous the Anthropic Mythos Preview is.
But it probably isn't for most people. So here are a few pointers.
Anthropic Mythos Preview finds vulnerabilities in software and systems. Vulnerabilities aren't immediate attacks, but they can be used to direct which attacks could succeed. If you know where and what a vulnerability is, then you can create an attack that will take advantage of that vulnerability. A single vulnerability may not be sufficient to create an attack. You may need several vulnerabilities in order to successfully penetrate a system. And, depending upon what your target is, you may require a number of vulnerabilities to penetrate the operating system, and then a number of vulnerabilities to penetrate the internal application software. so not every vulnerability, or even every collection of a dozen vulnerabilities, may get you what you want.
But if you have a thousand vulnerabilities, or 10,000, or more, then the opportunities to directly attack anything you want rise exponentially.
Anthropic has said very little about Mythos Preview. Fifty technology companies are currently contracted to use it. We do not know how many vulnerabilities Anthropic has collected, via Mythos, so far. But it is extremely likely to have found a great many vulnerabilities in the most commonly used software and systems.
One vulnerability is said to be thirty years old. I believe it. So far finding bugs in software has been a very hit and miss business. Yes, for any widely used software, millions of people have used it, and probably tens of thousands of people who have some knowledge of how to probe or poke at the internals of software. Bugs and vulnerabilities have been discovered. But many times the number that have been discovered probably lie undiscovered. A thirty year old bug in software has probably been installed on millions and millions of systems. Possibly into the billions. And if you think that the various upgrades of software will have ensured that that bug is long dead, you don't know anything at all about software development.
Anthropic has, so far, behaved with probate and morality. There is a reasonable expectation that it will continue to do so, at least for the foreseeable future. (The foreseeable future, in terms of high technology, tends to be about eighteen months.)
But just consider for a moment the power that this kind of information gives a company. In the present situation, Anthropic has handed the information or at least the capability over to fifty high technology companies. But it could easily have kept the results to itself. It could have sold that database of vulnerabilities to any nation state for pretty much any amount of money. These days artificial intelligence companies are looking for massive amounts of funding. $10 billion could probably buy you a few new data centres and power plants to power them in some interesting places.
But, of course, the most money could be made by selling the information to some people, and not selling it to others. You could reduce the number of companies that you sold the information two, and probably raise the price considerably. How much would Meta be willing to pay for the ability to install its software, secretly, on pretty much any telephone and computer in the world? How much would Elon Musk pay for that capability? How much would the United States pay for the capability to penetrate vulnerabilities in Russia and China? How much would China be willing to pay to return the favor?
And, of course, it's not just money. How about actual power? The ability to penetrate is slightly different from the ability to install software. However, when you know so, so many vulnerabilities, you should be able to install control software on just about every computer that there is. And when you control all the world's computers ...
AI topic and series
Introduction and ToC: https://fibrecookery.blogspot.com/2026/01/ai-000-intro-table-of-contents.html
No comments:
Post a Comment