New AI models bring new cyber risks

Despite the rapid rate at which the major AI providers release new models to consumers, one made an unusual decision this month. Anthropic announced a new model, and didn’t make it publicly available. The reason soon became clear: their new Claude Mythos model was potentially too good at finding security vulnerabilities.

Rather than releasing the model to the public, Anthropic have developed ‘Project Glasswing’, a collaboration with the world’s largest technology companies and banks. Through this collaboration, Anthropic has claimed that Claude Mythos was able to identify thousands of previously unknown vulnerabilities, including in every major operating system and web browser. The risks are supposedly clear – should models like this get into the hands of cyber criminals, systems around the world could be crippled in a matter of hours.

While this narrative was initially met with some scepticism, those who have tested Claude Mythos have been impressed. The UK’s AI Security Institute evaluated the performance of Mythos and found it demonstrated a significant step-up from previous frontier models, with an ability to identify vulnerabilities and plan and execute multi-stage attacks to a level of proficiency comparable with human professionals in a fraction of the time.

The implications of such capabilities are so profound that the UK government has published an open letter to businesses specifically as a consequence of Anthropic’s work; an unusual step in response to an individual software release.

Such capability has caused excitement and concern within the cybersecurity community, as well as a little scepticism. Banks in the US were summoned to meetings to discuss the risks. Regulators in the UK have been engaging in similar discussions, with a general acceptance that AI elevates cybersecurity risks substantially.

However, the opportunity to identify and patch vulnerabilities at a scale not hitherto seen also presents an opportunity for cybersecurity professionals and organisations of all shapes and sizes to improve their security posture and take rapid action to reduce the risk of a breach. OpenAI has also released its own model focused specifically on the security sector – GPT-5.4-Cyber. Access to this has been reserved only for those who can demonstrate their credentials as defenders of cybersecurity.

Collaborations like Project Glasswing are also showing how organisations – often competitors – can come together successfully and work towards a common goal of tightening defences. That being said, questions are being raised about whether AI companies like Anthropic and OpenAI can really stop such models from getting into the wrong hands, as was rumoured to have happened with Mythos.

Cyber Resilience Pledge

The ongoing cat and mouse game between cyber defenders and attackers is now taking place at breakneck speed. And yet, the steps that businesses should take – as encouraged by the UK government – remain rooted in familiarity:

• Treat cyber security as a board-level risk, embracing the Cyber Governance Code of Practice.
• Adopt the fundamentals of cyber security through schemes like Cyber Essentials, and require it throughout the supply chain.
• Subscribe to updates from National Cyber Security Centre (NCSC), including their early warning service.

To formalise organisations’ commitment to undertake these steps, the UK government has launched a new Cyber Resilience Pledge. Companies are invited to sign the pledge and commit to actions relating to each of the three areas above, as well as encouraging supply chains to also sign the pledge, and publishing the declaration on the company website.

While the motives behind this are strong, it is not without challenges. Not all organisations may feel comfortable publishing the declaration on their website, though encouraging a more open dialogue around security postures should be encouraged.

It has also frequently been noted that enforcing Cyber Essentials in supply chains involving overseas businesses is likely to pose significant challenges, given the lack of legal standing of the certification.

In such instances, we would always recommend an awareness of comparable standards globally, such as the National Institute of Standards and Techology’s Cybersecurity Framework. The pledge’s supporting documentation does suggest that the decision not to require Cyber Essentials for all suppliers should involve the board and ensure that “adequate assurance is obtained through other means”.

Insights from Cyber UK conference

A series of other interesting stories have emerged from Cyber UK – the UK government’s annual cyber security conference – which took place in Glasgow on 21-23 April.

Passkeys – something that first mentioned in a cyber roundup in 2023 – are now considered by NCSC to be the preferred solution for logging into websites and systems.

A form of cryptography that involves pairing keys between the system and your device, passkeys are significantly more secure than passwords, are faster, and are less dependent on users or websites remembering or storing login information. Crucially, they are resistant to phishing, as you can’t simply hand over your passkey by mistake.

The NCSC’s view on this is reinforced by new research that asserts passkey technology is typically more secure than two-step verification. The recommendation to choose passkey technology over traditional passwords demonstrates a decisive move towards more sophisticated login capabilities that are resistant to the most common techniques used by cyber criminals.

In April the NCSC has issued new guidance on what is known in security circles as ‘cross domain solutions’ – the ability for organisations to move information between different areas, with different security postures. It also partnered with 15 international agencies to create advice on how to best protect against cyber-attack techniques commonly used by China-linked threat actors.

Geopolitically motivated hacks continue

Noteworthy cyber incidents in April affected targets as wide-ranging as:

• the FBI Director,
• the European Commission,
• anyone using unpatched TP-Link routers,
• social networking sites Mastodon and Bluesky,
• Booking.com,
• the open-source JavaScript library Axios, and
• Peppa Pig owners Hasbro. 

It seems that no organisation is immune to the risks of cyber attacks. The only thing that appears to be in common across these attacks is the likelihood that most, if not all, have geopolitical motivations.

With the US’s role in the Middle East coming under significant scrutiny and the ongoing war in Ukraine, there is a growing appetite for malicious groups to attack Western companies and bodies.

The attack on Axios, meanwhile, appears to have been instigated by a hacker in North Korea, using a technique we’ve discussed previously that involves maliciously inserting code into open-source projects. It once again highlights the challenges of protecting supply chains that place a heavy reliance on open-source solutions.

As Dr Richard Horne, CEO of the NCSC, observed in his Cyber UK keynote, the combination of technological advances and geopolitical tensions creates a ‘perfect storm’ for UK businesses. Inaction is no longer an option, and cyber security is everyone’s responsibility.