I’ve been getting more and more curious about the risk from Anthropic’s Claude Mythos Preview. So I pulled the system card, a whoppingly inefficient 244-page document that devotes just seven pages to the claim that the model is too dangerous to release. In fact, the 23MB of PDF I had to download was 20MB of wasted time and space. Compressing the PDF to 3MB meant I lost exactly nothing.

Foreshadowing, I guess.

Spoiler alert: the crucial seven pages out of 244 do not contain the word “fuzzer” once. That’s like a seven page vacation brochure for Hawaii that leaves out the word beaches.

Also, the crucial seven pages out of 244 do not contain the expected acronyms CVSS, CWE or CVE, they do not have comparison baseline, an independent reproduction, or the word “thousands.” I’ll get back to all of that in a minute. — Read More

LLM Agents can Autonomously Exploit One-day Vulnerabilities demonstrated that frontier models can exploit known vulnerabilities when given appropriate tooling. And if you have used Claude Code, there is no doubt you’ve either used it or have seen how well it can reverse engineer.

However, Benchmarking Practices in LLM-driven Offensive Security surveyed multiple papers in this space and found that only around 25% evaluated local or small models. The majority relied on GPT-4 or similar cloud-hosted frontier models, often with CTF-style challenges where hints were embedded in the prompt.

In this work, I defined a set of simple challenges to give a locally hosted model a single HTTP request tool that pointed to Juice Shop. The amount of guidance varies by challenge, and some provide only an endpoint and a goal. Whereas others include step-by-step instructions, but in all cases, the model must craft and execute the actual payloads. As it goes on, there are caveats that are added and anecdotal notes. — Read More

InfoSec has a bad habit of acting like history started this morning. Something new lands, the industry loses its mind for a week, vendors start talking like the old rules no longer apply, and half the industry suddenly forgets how organizations actually get compromised.

We are doing that again with Mythos.

Mythos is legitimately impressive. It is very good at finding bugs, useful for exploit development, and materially improves the speed and quality of vulnerability research work. Anyone pretending otherwise is coping. But the conversation around it is already drifting into the same bad pattern this industry falls into every time a new offensive capability shows up: people fixate on the most technically dramatic part of the story and lose sight of what actually matters operationally.

That is the problem. The question is not whether Mythos is good at bug hunting and helping write exploits, it clearly is. The question is what that means for most defenders right now, and the answer is not “drop everything, autonomous zero-day machines are now the main thing compromising your environment.”

For most organizations, the bigger problem is still much more boring and damaging: ransomware crews, extortion operations, stolen credentials, phishing, exposed edge services, weak identity controls, stale appliances, known vulnerabilities, bad segmentation, and environments where once somebody gets in, they can move far too easily. Mythos does not replace that reality, it lands on top of it. If you miss that, you end up having the wrong conversation and spending your time talking about AI-generated zero-day storms while attackers keep getting paid through the same doors defenders left open last quarter. — Read More

Last week, Anthropic announced it was restricting the initial release of its Mythos Preview model to “a limited group of critical industry partners,” giving them time to prepare for a model that it said is “strikingly capable at computer security tasks.” Now, the UK government’s AI Security Institute (AISI) has published an initial evaluation of the model’s cyberattack capabilities that adds some independent public verification to those Anthropic reports.

AISI’s findings show that Mythos isn’t significantly different from other recent frontier models in tests of individual cybersecurity-related tasks. But Mythos could set itself apart from previous models through its ability to effectively chain these tasks into the multistep series of attacks necessary to fully infiltrate some systems. — Read More

Last week, a coalition of CISOs, SANS, OWASP, and the Cloud Security Alliance published a strategy briefing called “The AI Vulnerability Storm: Building a ‘Mythos-ready’ Security Program.” If you haven’t read it yet, you should. The author list alone is stacked: Gadi Evron, Rob T. Lee, Jen Easterly, Bruce Schneier, Chris Inglis, Heather Adkins, Rob Joyce. It’s the kind of document that doesn’t happen unless people are genuinely worried.

The headline is hard to ignore. Anthropic’s Claude Mythos can autonomously discover thousands of zero-day vulnerabilities across major operating systems and browsers. A 72% exploit success rate. It found a 27-year-old OpenBSD bug nobody caught. Where Opus 4.6 generated two working Firefox exploits, Mythos generated 181 under identical conditions. The time between vulnerability discovery and a working exploit now looks like hours, not weeks.

The briefing lays out a 90-day plan for CISOs. — Read More

OpenAI laid out a new plan on Tuesday to expand access to AI models with advanced cyber capabilities while implementing controls on who can use them.

Why it matters: The roadmap coincides with the release of a new model variant, GPT-5.4-Cyber, designed to assist with defensive cybersecurity tasks and be more permissive for vetted users. — Read More

The cybersecurity industry is obsessing over Anthropic’s new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has launched Project Glasswing to run the model against a whole slew of public domain and proprietary software, with the aim of finding and patching all the vulnerabilities before hackers get their hands on the model and exploit them.

… This is very much a PR play by Anthropic—and it worked. Lots of reporters are breathlessly repeating Anthropic’s talking points, without engaging with them critically. OpenAI, presumably pissed that Anthropic’s new model has gotten so much positive press and wanting to grab some of the spotlight for itself, announced its model is just as scary, and won’t be released to the general public, either. — Read More

The rapid expansion of artificial intelligence (AI) is raising concerns about its potential to transform cybercrime. Beyond empowering novice offenders, AI stands to intensify the scale and sophistication of attacks by seasoned cybercriminals. This paper examines the evolving relationship between cybercriminals and AI using a unique dataset from a cyber threat intelligence platform. Analyzing more than 160 cybercrime forum conversations collected over seven months, our research reveals how cybercriminals understand AI and discuss how they can exploit its capabilities. Their exchanges reflect growing curiosity about AI’s criminal applications through legal tools and dedicated criminal tools, but also doubts and anxieties about AI’s effectiveness and its effects on their business models and operational security. The study documents attempts to misuse legitimate AI tools and develop bespoke models tailored for illicit purposes. Combining the diffusion of innovation framework with thematic analysis, the paper provides an in-depth view of emerging AI-enabled cybercrime and offers practical insights for law enforcement and policymakers. — Read More

#cyber

PentAGI is an innovative tool for automated security testing that leverages cutting-edge artificial intelligence technologies. The project is designed for information security professionals, researchers, and enthusiasts who need a powerful and flexible solution for conducting penetration tests. — Read More

#cyber

AI is rapidly changing how software is written, deployed, and used. Trends point to a future where AIs can write custom software quickly and easily: “instant software.” Taken to an extreme, it might become easier for a user to have an AI write an application on demand—a spreadsheet, for example—and delete it when you’re done using it than to buy one commercially. Future systems could include a mix: both traditional long-term software and ephemeral instant software that is constantly being written, deployed, modified, and deleted.

AI is changing cybersecurity as well. In particular, AI systems are getting better at finding and patching vulnerabilities in code. This has implications for both attackers and defenders, depending on the ways this and related technologies improve.

In this essay, I want to take an optimistic view of AI’s progress, and to speculate what AI-dominated cybersecurity in an age of instant software might look like. There are a number of unknowns that will factor into how the arms race between attacker and defender might play out. — Read More