[Editor’s Note: The following is an example of a post we propose, in future, to keep in a private section of the site, since it is an opinion piece, rather than a description of how an AI tool has been used in practice. We are posting it publicly for a limited time to allow club members to consider whether they support use of a private, subscriber-only, section of the site for articles such as this.]

It may not be faster than a speeding bullet, nor able to jump over tall buildings, but Anthropic’s latest large language model, Claude Mythos, is superhuman in a domain that could pose an existential risk to humans: computer hacking.

Background

Anthropic recently announced Mythos, a significantly more powerful version of its Claude large language model than its earlier Sonnet and Opus generations. Significantly, Anthropic has not released the model to the general public. The company deems the model’s ability to identify and exploit software vulnerabilities too dangerous to risk falling into the hands of cyber-attackers.

Claude Mythos has been able not only to identify vulnerabilities in critical, open-source software, that remained undetected by human cyber-security experts for decades, but to generate sophisticated ways of exploiting these vulnerabilities, allowing it to gain unauthorized control of systems, or cause them to crash.

It has found literally thousands of previously undetected vulnerabilities in software critical for running the technological world in which we all live.

A ‘Mythos Moment’ has arrived.

Project Glasswing

Instead of releasing Mythos widely, Anthropic is releasing a version, Mythos Preview, to a select group of software-based companies, via a consortium named Project Glasswing. The aim is to give these companies a head start in patching these vulnerabilities before nefarious organizations or rogue governments gain access to a model of comparable hacking ability.

The creation of Claude Mythos provides a glimpse into the future we face, as AI models become more and more powerful. We should count ourselves fortunate that this Mythos Moment occurred in a domain which can be contained and mitigated, and in the hands of an organization that has acted responsibly and thoughtfully.

What do you think?

These developments raise many issues. Here are just some of them, formulated as questions you might consider yourself. Let us know in the comments how you would answer them.

Did Anthropic make the right move in restricting access to a small consortium of major software-based companies?

What about all the other companies that are not part of Project Glasswing; how should they respond to being denied access?

Does Anthropic’s approach provide a template for how governments should approach regulation of powerful models in the future, that is, restrict access until risks have been fully evaluated?

Does it make sense for the Pentagon to deny the Defense Department access to this latest version of Claude because of a dispute with Anthropic over its use in mass surveillance and autonomous weapon systems?

How can one branch of the government be trying to gain access to Claude Mythos, in order to protect its systems from cyber-attacks, while another branch is declaring Anthropic to be a supply chain risk?

Should work on ‘open-access’ models be restricted before they achieve the capabilities of Claude Mythos?