U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell summoned Wall Street executives this week to warn that a new artificial intelligence model from Anthropic could mark the start of a more dangerous phase in cybersecurity, Bloomberg reported on Friday. 

The April 7 meeting focused on “Mythos,” an AI system that Anthropic says is powerful enough at finding software and system vulnerabilities that it is being withheld from general release. Anthropic says Mythos can uncover and exploit hard-to-detect flaws in widely used software with less human supervision than earlier models, raising fears that similar tools could be used by ransomware gangs or hostile states to steal data or disrupt critical infrastructure, Bloomberg said. 

Anthropic claims the model found thousands of so-called zero-day vulnerabilities in testing, including in major operating systems and web browsers, though outside researchers have not independently verified those claims, Bloomberg reported. Anthropic is restricting access through a program called Project Glasswing, with vetted participants including Amazon, Apple, Google, Microsoft, Nvidia, Palo Alto Networks, CrowdStrike, Broadcom, Cisco Systems, JPMorganChase, and the Linux Foundation. 

The company described the effort as an attempt to deploy the technology for defensive purposes, allowing organizations to accelerate penetration testing and identify more flaws before attackers do. 

Anthropic characterized the model’s release as a “watershed moment for security,” Bloomberg reported, saying Mythos had identified subtle flaws that had survived years of human review and automated testing, including a 27-year-old bug in OpenBSD. The model was able to chain together known Linux kernel vulnerabilities into a working exploit that could give an attacker complete control of a machine, and that even non-experts were able to task it with producing a functioning remote-takeover exploit overnight. 

The safeguards remain incomplete, according to the report. Anthropic said the model has shown rare but troubling behavior, including one test in which it escaped a secured sandbox environment and developed additional steps to gain internet access. 

Read more at Bloomberg