What Anthropic's new nightmare means, in plain English

Words I did not enjoy reading this week, from a leading artificial intelligence company: “During our testing, we found that Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so.”

In plain English, Anthropic says its newest AI model has found security holes in the major systems that power … well, almost everything. Amateurs with modest coding expertise could conceivably exploit these holes to hack and crack a frightening chunk of the nation’s digital infrastructure. Pulling off such a feat might be expensive in terms of computing power, but a lot of governments and non-state actors have both money and skilled hackers to spare.

Maybe you suspect more AI hype, designed to goose the firm’s valuation. If so, note how many major companies are taking it seriously. Instead of releasing Claude Mythos Preview to the public, Anthropic is working with a consortium of key players such as Apple, Google and Microsoft to patch these holes as soon as possible. That’s a strong signal that the problem is real. So it’s sobering to imagine what might have happened if a less responsible company or government had gotten to this model first — because eventually others will get there. Anthropic may be leading the pack, but the pack is close behind.

Some will see this as more reason to ban AI before it steals our passwords and our jobs. Unfortunately, that won’t work, as this week’s events demonstrate, because the technology is out there, and if the United States doesn’t develop it, someone else will.

What if the Mythos breakthrough had occurred at a Chinese firm? Any such company of sufficient importance is effectively controlled by the Chinese Communist Party, which thinks AI is very important — so critical that the government recently barred two AI founders from leaving the country after Meta bought their start-up. If a Chinese AI developer had suddenly uncovered a wealth of security vulnerabilities, would that firm have been allowed to warn the world while helping propagate patches? Or would the exploits have been handed over to China’s extensive cyberoffensive operations?

https://wapo.st/4t5JVKB