AI And Cybersecurity: A Glass Half-Empty/Half-Full Proposition, Where The Glass Is Holding Nitroglycerin
from the yikes dept
First, some of the good news: certain AI models—currently Anthropic’s Mythos, but surely others are well on their way if they haven’t already arrived—turn out to be really good at finding cybersecurity vulnerabilities. As Anthropic itself reported:
During our testing, we found that Mythos Preview is capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so. The vulnerabilities it finds are often subtle or difficult to detect. Many of them are ten or twenty years old, with the oldest we have found so far being a now-patched 27-year-old bug in OpenBSD—an operating system known primarily for its security.
That’s quite the tool, if it can help find vulnerabilities so that they can be patched.
But it’s also quite the tool to help find vulnerabilities so that they can be exploited. Like so many tools, including technological tools, whether they are good or bad depends entirely in how they are used. A hammer is a really helpful tool for building things, but it also smashes windows. And with this news, AI now has the capability for some really destructive uses.
To try to prevent them, Anthropic is working with some of the largest tech companies in the world to let them use a preview of its model on their own software to help QA them and proactively patch vulnerabilities. As Casey Newton reports:
Anthropic announced Mythos alongside Project Glasswing, an initiative with more than 40 of the world’s biggest tech companies that will see Anthropic grant early access to the model to find and patch vulnerabilities across many of the world’s most important systems. Launch partners in the coalition include Apple, Google, Microsoft, Cisco and Broadcom.
They’ll be tasked with scanning and patching their own systems along with the critical open-source systems that modern digital infrastructure depends on. Anthropic is giving participants $100 million in usage credits for Mythos, and donating another $4 million to open-source security efforts.
This sounds like a great program. It also should be noted that the Mythos model is not consumer-grade AI; it takes expensive, dedicated infrastructure to run, which means that, at least for the moment, there’s not an imminent danger of it being misused. But trouble is nevertheless brewing, and someday it will be here, which raises certain questions, like:
(A) What about other AI models, which will inevitably be similarly powerful? What if they are produced by less ethical companies, who would have no compunction against rogue actors using their systems in destructive ways that Project Glasswing won’t have intercepted?
(B) And what about every single legacy technology system in use, which Project Glasswing is unlikely to be able to retroactively fix? Large, resourced companies may be able to weather the on-coming storm, but what about your local dentist office? Or a hospital? Municipal IT systems? Networked technology is everywhere, and these smaller businesses and institutions are likely to both have older, unpatched technology and also fewer resources to update and secure them, or deal with the consequences of a hack, which can be devastating for the business or the people they serve.
On the other hand, there does seem to be one other bit of good news with this revelation: governments, including that of the United States, have often engaged in the dubious practice of hording zero-days, or collecting information about vulnerabilities that they then kept secret so that they could exploit them themselves by using them on an adversary. For those unfamiliar, “zero-day” refers to a vulnerability that has yet to be disclosed, which is why it’s on “day zero,” or before the first day of it being a known vulnerability that could now be fixed.
Mythos’s capabilities would seem to obviate this strategy, because suddenly the stash of unknown vulnerabilities isn’t really going to be such a secret, since anyone using the model will be able to find them. Mythos’s existence changes the balance of interests, where the stronger national security play by the government would be to disclose any discovered vulnerability to the vendor as soon as possible so that they can be patched and our nation’s systems more secured. Arguably that was always the better national security play, but now there’s definitely no upside to trying to keep them secret because it now definitely needs to be presumed that adversaries will be able to find and exploit them. They’ll have the tools.
With these AI models we’re going to need to presume that everyone is going to have the tools to know about every vulnerability. Up to now there has been at least the illusion of some security, because vulnerabilities couldn’t be exploited if no one knew about them, and finding vulnerabilities is hard. But now that it will be easy, the risk to the nation’s cybersecurity is greater than we have ever before contended with.
It is also not really a great harbinger that we know about Mythos because… a copy of the software got leaked. It’s just the software that was leaked and not the models it uses to tune its “reasoning,” which means that anyone trying to now build their own Mythos is still missing an important piece if they want to mimic its full capabilities, but they would have a lot. Which is probably why Anthropic has been sending DMCA takedown notices to have the leaked software removed from the Internet.
But doing so raises a related issue: the role of copyright law when it comes to “vibe coding,” or “having an AI system write the software rather than a programmer, just by instructing it on what to do. It’s especially important in light of the cybersecurity concerns always raised by software (and including vibe-coded software, as we’re having to trust that what’s produced does not have vulnerabilities). Copyright requires a human author, which raises the question: can software written by an AI be copyrightable? The answer would appear to be no, unless there was a great deal of creative effort on the part of a human being to instruct the AI or modify the output. But as Ed Lee chronicled, per Anthropic itself, even its own software (“pretty much 100%”) is being written by AI. And if that’s the case, then Anthropic has no business sending takedown notices for its software because DMCA takedown notices are only for demanding the removal of copyrighted works, which, it would appear, Anthropic’s own code does not qualify for.
But maybe it’s better if software stops being subject to copyright. “Vibe coding,” is becoming increasingly efficient, to the point that there is likely no need for copyright to incentivize its authorship. Instead, what public policy really needs to emphasize is that whatever software is produced is secure software. But in many ways copyright obstructs that goal, like through its lengthy terms, which mean that while a copyright holder might not still be maintaining its older software, no one else can maintain and patch it either, without potentially infringing the software’s copyright. Or through its privileged secrecy (unusually for copyright, when it comes to software you don’t actually have to disclose all the actual code to register a copyright in it!) and other powers to lock out security research efforts, like through Section 1201 of the DMCA, when such efforts aren’t specifically supported by the developer–assuming the developer supports any security testing at all, as right now there aren’t necessarily the incentives to make them care about it. Instead public policy has given them the ability, like with copyright, to escape oversight of the security of their software products, even as those products end up embedded in more and more of our lives.
It’s time to change that focus and get copyright out of the way of making software security our top policy priority.
And fast.
Filed Under: ai, claude, claude code, copyright, cybersecurity, mythos, project glasswing, vulnerabilities, zero days
Companies: anthropic
Comments on “AI And Cybersecurity: A Glass Half-Empty/Half-Full Proposition, Where The Glass Is Holding Nitroglycerin”
So honest question. If you believe that copyright is unneeded why don’t you remove all copyright statements from your website?
Considering that anthropic dmcaed people who showed or shared their AI written code, currently it seems the only time AI removes copyright is when it’s big companies taking things from the little guys.
Re: What...?
I’m not even sure what websites you are referring to. And it’s hardly new for us to be critical of copyright law around here – there are thousands of posts along these lines that you can go read!
Re:
See how fucking dumb you sound?
Re:
Techdirt has no copyright statements. Everything we publish that is our original work is automatically dedicated to the public domain and people are free to do what they want with it.
Re:
That’s not what the article said. The article said:
which is more like “maybe software doesn’t need copyright”.
I sure hope so.
There are other takes on Anthropic's hype...
See Pivot to AI‘s take on this.
Also consider that running other tech companies’ proprietary software through Mythos amounts to providing training data for Anthropic, and parts of it will be reproduced in Claude Code output.
Re:
For some “end of humanity” hype, there’s this column…
https://www.latimes.com/california/story/2026-04-10/chabria-column-anthropic-claude-mythos-preview
Re:
This is untrue. Almost all of Anthropic’s enterprise agreements do not allow Anthropic to use inputs as training data.
It’s true that people using the free account do feed that info back into training data, and on Pro accounts, users have to opt out of providing training data. But Max accounts do not. And I can guarantee that the contracts Anthropic is signing with big tech companies for Project Glasswing absolutely have provisions barring the use of inputs for training.
These companies have lawyers who are not stupid.
So don’t spread misinfo.
So, SO much hype and bullshit
First, all of the claims about Anthropic’s tool made by Anthropic should be discarded immediately. The company is run by a self-promoting psycho who is every bit as much of a sociopath as Sam Altman, only in a partly different way.
Second, if you gave this much money and effort and CPU power and whatever to actual qualified security researchers, you’d get better results. Of course you would: they know where to look and WHY to look.
Third, “vibe coding” is assinine. It’s something done only by morons who are too stupid and lazy to program, but want to call themselves programmers. It’s the same as calling yourself a chess master, not because you’ve demonstrated that expertise in competition, but because you used a very good chess program and made the moves it gave you.
Fourth, “vibe coding” is also unethical. How does the model generate code? By using all the code that it scraped from the entire Internet, included copyrighted code, GPL’d code, MIT’d code, BSD’d code, public domain code, etc. Does the model respect the license terms for each individual piece of code? Of course not. It doesn’t even try. Which means anyone using the model can’t respect the license terms, they don’t even have a way to know what they were or what they apply to.
Fifth, “vibe coding” is also stupid. It overlooks the fact that some of the code out there is deliberately malicious — in fact, quite a bit of it. There are fake code repositories all over the place that have not-quite-copies of legitimate packages. There’s malicious code in real code repositories because attackers have managed to place it there. There’s malicious code in the supply chains of various legitimate packages, because it’s an increasingly-popular and highly effective attack vector. (See “npm” for an example.) Then there’s a lot, A LOT, of broken code that’s not deliberately malicious but is a security threat because someone made an honest mistake. And did Anthropic — or anyone else in this space — bother to check all this code before they ingested it? Did they make any attempt to curate the input data before they fed it to their model?
No. Of course not, because they’re lazy, stupid, and greedy. They’re too busy trying to get VCs to throw another billion at them. So they didn’t bother. Which means that an ever-increasing amount of malicious code has gone into their model, they don’t know which, they don’t know where, they don’t know how — and so they’re powerless to know when the model is going to dutifully spit it back out. And the idiots doing “vibe coding” aren’t going to notice it: they’ll just blindly use it.
This isn’t a prediction. it’s an observation. And the attackers who have long since demonstrated the diligence, the patience, and the attention to detail required to insert malicious code in sensitive places have made the same observation.
IMO Mythos is theater. Especially given that Anthropic is the one bragging about what it can/can’t do and claiming it’s super ultra dangerous. We saw the same play out with OpenAI. Given that it is in Anthropics best interest to play this up, I will believe the hype about it when it gets proven by third-party security experts.
Re:
Honestly, even if it is, we probably need to start preparing now. The current crop of public models have already found their share of exploits, and this isn’t something that can be fixed overnight. It’s only ever going to get worse- the only question is how fast
Re: At most...
…This capability is coming. From all AI developers.
But the announcement was from Anthropic’s own red team, which, if it were just marketing hype, would blow up on them, because the red team is security-focused, not sales-focused.
And Project Glasswing would not be happening if there were not a legitimate issue. It’s costing Anthropic real money to support it.
Re: Re:
Anthropic’s “real money”? From a company that (citing its CFO) earned only $5B and got $60B of funding, it’s mostly Amazon’s and Google’s money. And Anthropic has launched Mythos with very large AI-boosters companies (and not a single university or open-source community), and many have already pour billions into Anthropic disastrous finances.
But since nobody has publicly tested the tool, or exactly knows how much this very expansive tool ($50 per run and about one thousand runs to find a 27y old and tricky bug in OpenBSD) is autonomous (and doesn’t require hundreds hours of human expertise), it’s hard to know if this is about finding bugs or raising sales before filling its S-1 document for the IPO (as Anthropic is already weirdly calculating ARR on four weeks x 13 instead of every month x 12 only for API subscriptions, and announce $30B of ARR now when it was only $14B two months ago).
Re: Re: Re: Game this out...
Say Anthropic is overhyping Mythos’s abilities.
How is that going to work out well for them when all these huge companies involved with Glasswing find out it can’t deliver?
Even if Mythos cannot currently do what Anthropic’s security researchers said YET, AI is clearly going in that direction, because it already can do some degree of vulnerability-spotting. So we’d best get ready.
But there is far more reason to believe Anthropic’s reports are right than not.
Re: Re: Re:2
That’s a very logical take.
Cathy...
I think it depends on 2 things:
Honest, I don’t see 2 coming, since there’s Glasswing.
1 is… Ehhh.
🤷
PS: Have you looked up AI2027? If you haven’t, consider it.
Offensive security literature often sounds like marketing; at least Anthropic’s article didn’t end with “And that’s why you should use our service.” But what’s making people (or at least me) suspicious is that its conclusion is that Mythos is so powerful it shouldn’t be released, which not only sounds like serious humblebragging, but also makes it hard to verify their claims.
Now, I don’t doubt the vulnerabilities they found (the author of one of the pieces of vulnerable code even pointed it out). To most people, the language of the announcement makes the findings sound revolutionary or overly hyped, but again, that’s not really different from articles on other bug finding tools. New tools have been finding previously undiscovered bugs before LLMs, and they are interesting, even if they perform worse in other cases, because if you can combine multiple methods, you will likely find more bugs. If you put Mythos in this context, it would be more sensible (and honestly, I think LLMs have the potential to find non-crashing bugs, which this experiment unfortunately did not try).
Sooo, are we about to lose the internet? Is my computer gonna be insta-hacked by just being online?
I can’t figure out what the reality will be for the average user here. This is impossible to wrap my head around but this feels apocalyptic. Maddening. Driving my anxiety up the wall.
Re:
No, AI magically fixes all the problems it causes. It will even lower your electeic bill and allow you to even find RAM or a GPU, and at much lower costs than ever before.
Personally, I would have used another nitrogen compound instead of nitroglycerin
The headline, and the announcement is the kind of AI doomerism that the website has warned against.
Sure, it doesn’t make sense that the people making AI would make that argument, but here we are.
Re: The right substance
I don’t think Techdirt has ever said there are no downsides to AI.
In any case cybersecurity is an issue to content with regardless of whether “AI” is what finds vulnerabilities or not, because as long as ANY computing technology evolves in power then there will be more capability to find them, even if that capability doesn’t come in the form of AI. And we need to be prepared for when that vulnerability-spotting power is in the hands of people who would want to find them to exploit them.
Also, while I’m open to there being a better substance for my analogy, nitroglycerin is still pretty apt. It’s a substance that can appear benign, but can easily become explosively destructive when we’re not careful.
Re: Re:
I know the anti-doomer arguments admit to downsides of AI, but warn against making exaggerated claims. My point is that saying a piece of software is too dangerous to be released to the public is such an exaggeration.
I made the original post while eating asparagus, but I think a more appropriate substance is ammonia, which is dangerous, including in some surprising ways, but also useful, and most people can legally get them in some form.
Also, many chemicals and other products are restricted by law, for good reason. But whatever problems I have with LLMs, they are still software, and the need to restrict their distribution must meet a higher bar. Anthropic is free not to make their model public, but if I said “I have such a convincing argument that I can’t reveal it, except in restricted settings that I control” you would be right in calling me out on it.
Mythos is NOT good. It’s not even ‘AI’. They run code checkers and have the results checked BY HUMANS.
Thats why it costs A SHTTON OF MONEY to run while finding the same bugs any other, cheap check would find.
Stop being so gullible ffs. Or even better: stop reporting on this AI SHIT altogether.
No one fucking said that.
Aside from that, blah blah blah, how goddamn insightful you are.
That doesn’t mean it can’t be misused, it just means only governments and big corporations can afford to misuse it.