Vulnerabilities

AI’s rapid evolution creates a shrinking three-to-five-month window for organizations to defend against sophisticated AI-driven exploits. Advanced AI models can now identify and exploit unknown software vulnerabilities at an alarming rate. While some companies are thwarting attacks, threat actors are actively using AI. This necessitates industry-wide innovation in detection and defense. Companies are collaborating to test AI models for vulnerabilities to remediate them before they are weaponized.

Mythos, Anthropic’s AI model, has sparked concerns about AI-driven cybercrime due to its reported ability to find numerous software vulnerabilities. However, cybersecurity experts confirm similar capabilities exist in existing AI models, achievable through sophisticated orchestration. While Mythos highlights the increasing scale of vulnerability discovery, the core threat is already present, intensifying the AI arms race between companies like Anthropic and OpenAI.

Anthropic CEO Dario Amodei warns of a rapidly closing window to address AI-discovered software vulnerabilities. His company’s new AI, Mythos, found tens of thousands of flaws, some dating back decades. Amodei estimates geopolitical adversaries are 6-12 months behind Anthropic’s AI, leaving a similar timeframe to patch these vulnerabilities before exploitation. He stresses the need for responsible AI development and regulation, comparing it to automotive safety standards. Anthropic is cautiously deploying Mythos while expanding its financial AI services.

Anthropic’s Project Glasswing, initially concerning a dangerous AI model, has seen a political pivot. CEO Dario Amodei met with White House officials, fostering productive discussions. This shift is driven by Anthropic’s Mythos AI cybersecurity capabilities, which have discovered thousands of critical vulnerabilities. Despite a federal judge’s injunction allowing engagement with non-military agencies, the Pentagon dispute continues. Civilian agencies are keen to leverage Mythos for defense, viewing its dual-use potential as crucial for national security.

At Google Singapore, Google Cloud’s Mark Johnston highlighted the ongoing struggle for cybersecurity defenders. He revealed that 69% of APAC breaches are detected by external parties, underscoring detection weaknesses. Google Cloud is leveraging AI to improve defenses, but acknowledges AI also empowers attackers. Initiatives like Project Zero’s “Big Sleep” use AI for vulnerability discovery. While promising, AI automation introduces risks and requires human oversight. Budget constraints and the need for partners offering scalable solutions pose challenges for CISOs. Post-quantum cryptography deployment is underway.

Zhou Hongyi, founder of 360, addressed concerns about Nvidia’s H20 AI chip security at a Beijing conference, following reports of Chinese regulatory scrutiny. While acknowledging the difficulty of detecting hardware backdoors, Zhou stated software-related vulnerabilities are inevitable. He distinguished between intentional backdoors and unintentional vulnerabilities, suggesting China’s suspicions are reasonable given past US government requests to Nvidia. Despite this, Zhou believes Nvidia likely has no deliberate malicious intent and proposed a third-party security audit to address concerns. Nvidia denies any backdoors in its chips.