Claude Mythos Preview is a step up: A separate analysis from the UK’s AI Security Institute (AISI) evaluated Mythos Preview itself.The evaluations involved both capture-the-flag (CTF) challenges and more complex ranges designed to simulate multi-step attack scenarios, where the model outperformed other AI systems.Mythos Preview came out on top in a 32-step corporate network attack simulation spanning initial reconnaissance through to full network takeover, which the Institute estimates requires humans 20 hours to complete.AISI’s tests also showed that Mythos Preview is capable of autonomously attacking small, weakly defended enterprise systems once access is obtained. “Our testing shows that Mythos Preview can exploit systems with weak security posture, and more models with these capabilities will likely be developed,” AISI concluded.
What CISOs should do now: AISI’s recommendation to organizations is that they should strengthen fundamentals, including regular application of security updates, robust access controls, security configuration, and comprehensive logging.It advises, “Future frontier models will be more capable still, so investment now in cyber defence is vital. AI cyber capabilities are dual use; while they pose security challenges, they can also help deliver game-changing improvements in defence.”The CSA paper highlights three predictions for CISOs.Operationally: Expect a surge of patches from the approximate 40 vendors in the early access program, potentially mirroring recent periods where multiple supply chain incidents required response within a two-week window.Risk management: Business risk is shifting, requiring close engagement with stakeholders on risk planning and tolerance. The CISO’s ability to manage risk is becoming more constrained, with potential downstream effects on reporting and projections.Strategically: Conduct longer-term gap analysis and selectively overhaul key functions, including governance processes that enable faster technology onboarding and the deployment of AI-driven security controls.The report also elevates Mythos to a board-level issue, allowing CISOs to frame current capabilities and make the case for further investment.The bottom line, as the CSA paper concludes, is that “AI-based attacks represent a structural shift in how offense and defense work, and it will not change. The cost and capability floor to exploit discovery is dropping, the time between disclosure and weaponization is compressing toward zero, and capabilities that previously required nation-state resources are now becoming broadly accessible.”See also: “Cybersecurity in the age of instant software”
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4158117/anthropics-mythos-signals-a-structural-cybersecurity-shift.html
