While the world waits to see if Anthropic’s Mythos model is really as scary as people say it is, the financial services industry in Japan is establishing a task force dedicated to addressing the cyber threat it poses.
On April 24, the people who manage the world’s fourth largest economy — Japan’s finance minister, the governor of its central bank, presidents of its three megabanks, and a senior executive of its stock exchange — gathered at the headquarters of Japan’s Financial Service Agency in Tokyo. There, they agreed to form a working group to address the fact that artificial intelligence (AI) may now be able to totally undermine the systems underpinning their industry.
According to Anthropic, during testing, the new Mythos model was able to identify previously unknown vulnerabilities in every browser and operating system (OS) it was presented with. It found both new and old issues — one that’s lasted for 27 years, undetected until now — and in one case chained together four vulnerabilities in an exploit chain. It’s little wonder, then, that in a press conference, finance minister Satsuki Katayama characterized the mere existence of Mythos as “a crisis that is already upon us.” At the same event, one of those Japanese bank executives put it in more concrete terms, saying, “If we were hit by an attack and customer information were leaked, we might have no choice but to shut down our systems and conduct all transactions in cash.”
Cybersecurity experts question whether Mythos really is such a crisis point. If it is, Japan and the rest of the world might be less equipped to handle it than the US. Though Anthropic met with Japan’s ruling Liberal Democratic Party (LDP) on April 20, it has thus far restricted access to Mythos to a tight circle of organizations distributed unequally around the globe.
Anthropic Gatekeeps its Tech From Global Orgs
Short of not building it in the first place, Anthropic has taken the second most responsible precaution possible for Mythos, providing access to only a select circle of high-value organizations for cybersecurity purposes.
Predictably, leaders of organizations not previously included in Anthropic’s VIP list have been clamoring for access. In an interview with Reuters, for instance, a major regulator at Germany’s central bank publicly pressured European banks to demand the same access afforded their American counterparts.
Were Anthropic to give into access creep, it would expose Mythos to unauthorized access in proportion. Case in point: the Mythos inner circle has already been undermined by individuals linked to an Anthropic contractor, who used leaked information about the company’s model naming conventions to simply guess its endpoint.
Alex Orleans, head of threat intelligence at Sublime Security, urges organizations to stop and think. “Most organizations seem to be experiencing some level of the Frankenstein reflex: Mythos as a capability feels new and frightening, which means everyone wants to get their hands on it. That doesn’t mean everyone would know what to do with it or even necessarily need it to address their current threat models,” he argues. For example, he adds, “You don’t necessarily need access to Mythos to understand that its most direct implications are related to potential exploitation of extant perimeter assets or vulnerability identification when it comes to in-development products.”
Proofpoint CSO Ryan Kalember suggests an even simpler resolution: Instead of worrying about who can and can’t touch Mythos, he says, “I think this gets solved on its own, because the other models will catch up.”
Anthropic could not immediately be reached for comment on this story.
How Serious a Threat is Mythos?
Few industries stand to lose more from cyber insecurities than the financial sector. The global financial system is buoyed only by the trust that the public has in institutions. Almost everything about that system — from the money supply at large, to the single number that represents your personal net worth — is little more than data recorded in systems protected by cybersecurity defenses.
“Banks have some of the most capable cybersecurity teams on the planet, and they have tended to not have a shortage of tools or capabilities,” Kalember says, acknowledging that the financial sector is unusually exposed to large-scale, long-tail risks. Using the US electric grid as a counterexample, he says, “The reason some critical infrastructure is not at greater risk is sometimes not even a technology question at all. It’s that all of this stuff is done municipally, or at a county level, or at a state level, or in some weird structure that actually makes the system very resilient, almost by an accident of its design. Banks are really not that way. There’s been tremendous consolidation in the financial sector, so it actually makes a ton of sense to work on making sure that they can be as protected as possible.”
Even with that being said, he suggests that organizations not overblow the Mythos threat. “I think there was a lot of excitement about the ability that Mythos had to do bug chaining, and to find some [weaknesses] that had not been really looked at for a while. But we’re not seeing EternalBlue or world-melting vulnerabilities fall out of it. And we are seeing lots and lots of similar vulnerabilities found by other models.”
Even if Mythos does unearth some huge number of CVEs, “I remember the days not that long ago where you’d see exploits in targeted attacks all the time,” he says. “The data right now is that in targeted attacks, we’re seeing two total CVEs being exploited, and they’re not ones that Mythos found. The vast, vast, vast majority of successful cyberattacks do not involve an exploit because the attacker doesn’t need the exploit, not because the exploit doesn’t exist.”
Lastly, with regard to Japan’s financial sector, Kalember adds, “Japanese banks historically do not run a ton of open source (OSS). They have also, historically, not had their source code out there. I know a lot of people at banks that have access to [advanced tools], and they’re scanning their own applications and obviously trying to patch as quickly as possible.”
