The buzz around AI model Mythos and its power to outsmart cybersecurity defenses is alarming companies and vendors already struggling to fend off existing threats.<\/p>\n
The slow-walked release of Mythos<\/a> from Anthropic PBC\u2014combined with OpenAI\u2019s new model that can quickly spot software vulnerabilities\u2014risks disrupting how cybersecurity firms operate and how companies approach their defensive capabilities. <\/p>\n Together, their promised capabilities threaten businesses that are operating with tight cyber budgets, exposed weaknesses, and AI-enabled defenses already lagging behind attackers\u2019 capabilities. Even before Mythos, companies were battling increasingly sophisticated AI-powered phishing and deepfake campaigns<\/a>.<\/p>\n \u201cHopefully this whole announcement has made others think about how to use AI and to use it starting now,\u201d said Ellen Boehm, senior vice president of strategy and AI innovation at Keyfactor, a digital security company. \u201cIf we don\u2019t use it, the attackers will,\u201d she said. Boehm added that defenders need to get better at using such tools to bolster security teams, \u201cbecause that is what\u2019s being used to attack us.\u201d<\/p>\n Still, little is known about these models and it\u2019s challenging to separate hype from reality. Anthropic only offered access to a select group of vetted companies over concerns the tool may end up in the wrong hands. Top Trump officials quickly summoned Wall Street<\/a> leaders to urge them to prepare for the new types of cyber threats ahead.<\/p>\n Anthropic described Mythos\u2019s capabilities in an online post, saying that engineers with no formal security training asked the model to find vulnerabilities in a remote system and woke up the next day to find a complete toolkit to break into it. <\/p>\n The arrival of these new models means the cybersecurity industry is entering a profound transition period and so are their customers, said Jen Easterly, former director of the Cybersecurity and Infrastructure Security Agency. Models like Mythos make it much harder for boards and CEOs to think that AI strategy and cyber strategy are separate conversations, she said.<\/p>\n \u201cCyber and AI are inextricably linked,\u201d Easterly said. \u201cYou can\u2019t have effective cyber capabilities without AI, and you can\u2019t have AI be the engine of innovation and economic prosperity and national security unless these capabilities are built and designed to be secure.\u201d<\/p>\n Need for Speed<\/p>\n Defenders need to deploy AI-enabled cyber defenses just as quickly as attackers leverage the new capabilities. <\/p>\n Mythos is \u201ca good example of the kind of tool that defenders have to adopt as quickly as possible,\u201d said Justin Herring, partner at Mayer Brown and former cyber official at the New York Department of Financial Services. \u201cI know they\u2019re limiting the circulation of this, which is probably a good thing. But you don\u2019t want to be the organization that falls behind when you\u2019re dealing with attackers that can exploit the fact that you\u2019ve fallen behind at scale and at speed.\u201d<\/p>\n