The recent decision by Anthropic to temporarily withhold public release of its powerful new artificial intelligence model, Claude Mythos (Mythos), is a stark reminder of how cybersecurity must rapidly evolve to keep pace with AI.
It is reported that Mythos can autonomously identify and exploit software and network vulnerabilities at a scale and speed previously unavailable to risk actors. In order to address this risk, Canadian regulators, banks and government officials are convening emergency discussions and engaging directly with Anthropic to understand the risks posed by this new class of AI-enabled cyberattack.
What is especially concerning is not just the capability of Mythos itself, but what it reveals about the fragility of modern digital infrastructure. Information technology providers have historically been reluctant to undertake robust architectural remediation. AI models like Mythos can capitalize on that liability, discovering and exploiting unknown vulnerabilities across operating systems, browsers, and enterprise software for which no patch is available (often referred to as "zero-day vulnerabilities").
For businesses, the takeaway is clear: where operations are increasingly reliant on third-party information technology providers, the security postures of these actors directly affects your risk exposure. Now is the time to ask pointed questions of your vendors, including for example:
- Are the vendors conducting regular and robust third-party security assessments?
- How are they preparing for AI-enabled attacks?
- Do they have plans beyond routine patching to address systemic vulnerabilities?
The cost of failing to evaluate and adapt far outweighs the cost of investing upfront in resilience. Organizations should accordingly seek assurances from their information technology providers about their modern security preparedness, governance controls, and incident response capabilities. In a new era of cyber risk driven by artificial intelligence, asking hard questions of your vendors today is a practical step to avoid material liability tomorrow.
