AI finds 10,000 software flaws in a month

Anthropic's Claude Mythos found 10,000 critical software flaws in a month
Cloudflare and Mozilla reported massive increases in bug discovery rates
AI's rapid detection speed now outpaces human ability to patch bugs

Summarized by AI ⓘ

Mastering AI

SEE ALL

Feedpost Specials

AI Radio Hosts: A Five-Month Experiment Reveals Quirks, Not Revolution

LinkedIn News

India's AI boom fuels infrastructure race

Feedpost Specials

ChatGPT's New Financial Frontier: Your AI Money Manager Arrives!

What is the story about?

Discover how advanced AI is revolutionizing cybersecurity, with a new model finding over 10,000 critical software flaws in a single month. Learn about the rapid pace of AI-driven vulnerability discovery and its impact on digital security.

AI's Rapid Vulnerability Detection

The world of software security is experiencing a seismic shift with the advent of advanced artificial intelligence. Anthropic, a leading AI research firm,

has announced that its specialized cybersecurity AI model, Claude Mythos, has achieved an astonishing feat: identifying over 10,000 high- or critical-severity software vulnerabilities within a mere month. This remarkable achievement underscores a growing trend where AI systems are now capable of discovering security flaws at a pace that significantly outstrips the ability of human developers to patch them. This rapid detection capability was showcased as part of Anthropic's Project Glasswing, an initiative focused on enhancing the security of critical software against increasingly sophisticated AI models that can exploit vulnerabilities. The initial findings from this project reveal a powerful new tool in the ongoing battle to secure our digital infrastructure, providing crucial insights into the effectiveness of AI in proactive cybersecurity measures and setting a new benchmark for vulnerability discovery.

Key Partners' Findings

Evidence shared by Anthropic from collaborations with its partners and external testers highlights the profound impact of Claude Mythos. These organizations, responsible for maintaining software vital to the internet and other essential infrastructures, reported substantial increases in their bug-finding rates. For instance, Cloudflare utilized the AI model and discovered 2,000 bugs, with 400 of those categorized as high or critical severity across their core systems. Remarkably, Cloudflare's team noted that the AI's performance, including its low false-positive rate, was superior to human testers. Similarly, Mozilla's experience with Mythos Preview showed a significant uptick; they identified and fixed 271 vulnerabilities in Firefox 150, a figure more than ten times greater than what they found in Firefox 148 using an earlier version of Claude Opus. The UK AI Security Institute also reported that Mythos was the first AI model to successfully complete both their cyber attack simulations end-to-end, and one partner bank reported that the AI averted a fraudulent wire transfer of $1.5 million in real-time, showcasing its diverse and critical applications.

Open-Source Scans

Anthropic has extended the reach of Claude Mythos to critically important open-source projects, which form the backbone of much of the internet's functionality. Over the past few months, Mythos Preview has systematically scanned more than 1,000 such projects. This extensive analysis has uncovered approximately 6,202 high- or critical-severity vulnerabilities. To ensure accuracy and reliability, Anthropic has collaborated with six independent security research firms to meticulously assess 1,752 of these identified high or critical vulnerabilities. The results have been highly encouraging, with 90.6 percent of these confirmed as true positives, and a significant 62.4 percent of them being validated as either high or critical in severity. This demonstrates the AI's precision in identifying genuine security weaknesses within widely used open-source software, addressing a vast and often under-resourced area of cybersecurity.

Triage and Disclosure Challenges

The process of managing and disclosing the vulnerabilities discovered by Claude Mythos involves a complex and meticulous triage system. This crucial step involves quickly assessing, categorizing, and prioritizing security alerts to determine the urgency of a response. Anthropic or its partner cybersecurity firms first verify the existence and severity of each reported issue. Subsequently, they check for existing fixes before preparing detailed reports for the software maintainers. This thoroughness is vital, especially given that many open-source developers are already inundated with lower-quality bug reports, some of which are AI-generated. In fact, some maintainers have requested Anthropic to slow down the reporting process to allow sufficient time for developing fixes. On average, critical bugs identified by Mythos require about two weeks to be patched. Anthropic estimates it has formally reported 530 serious vulnerabilities, with an additional 827 pending disclosure. Of the reported vulnerabilities, 75 have been fixed, and 65 have resulted in public security advisories. This scenario highlights a growing challenge: AI can now uncover software flaws much faster than they can be resolved, placing immense pressure on the already strained cybersecurity ecosystem.