“When Anthropic announced a new model called Mythos, the company didn't tout hyperrealistic video clips or stellar math smarts. Instead, it shared a bug report.
Mythos has apparently found thousands of "high-severity vulnerabilities" in "every major operating system and web browser," the company said. Uh oh.
Anthropic feared that releasing this new model on the open market could result in severe consequences for economies, nation-state security and more. So 40 companies that power our digital lives, including Apple, Google and Amazon, will get early access to find security weaknesses in their systems -- and patch them before hackers take notice.
Despite the potential Anthropic hype, this is AI's future.
"Whether or not Mythos is a hacker superweapon really is immaterial to the conversation," says Dave Lewis, global advisory chief information-security officer at the password-manager developer 1Password. "If it's not this model, it'll be another one in five minutes."
Over a dozen industry heavyweights, including Lewis, co-authored a brief explaining Mythos's impact. Corporate security leaders will need to "prepare to respond to more incidents" -- and worry about how their employees will even deal with this sudden cascade of security concerns.
The U.K.'s AI Security Institute, after testing Mythos, found the model could exploit vulnerabilities on its own, quickly executing tasks that would take a human days.
It's OK to feel helpless, since much of the burden isn't on us but on the companies that make our day-to-day software. We can, however, take steps to protect ourselves. And it all starts with software updates.
Update ASAP and automatically
You will likely see fixes start regularly appearing in the form of updates to your most-used devices, says Katie Moussouris, chief executive of cybersecurity firm Luta Security. Don't put them off.
The longer you wait to update, the more time "bad guys could reverse-engineer the patch and figure out what the hole is," she explained. And once they do, you could get hacked.
This is especially important for your mobile and desktop operating systems, as well as your browser. Set your devices to update automatically, so you don't have to think about it. Just be on the lookout in case your device or browser needs your permission to update and reboot.
Find your device's expiration date
Nearly every gadget now has an end-of-life date. After that date, companies stop supplying new features, bug fixes and, yes, critical security updates."If it's outside of a maintenance support window, you're going to need new devices unfortunately," says Moussouris. You might love that cute little phone you've had for years, but if its maker no longer loves it, it could be a liability.
A website called Endoflife.date is a good resource for popular mobile devices. You can check other devices, such as Ring cameras or Chromebooks, by searching for their "end of life" date.
Expect outages
If you're worried that the maker of your favorite app or smart-home gadget isn't part of Anthropic's initial Mythos testing group, don't fret. The patches of the big companies and open-source projects will trickle down to most services, says Moussouris.
That's why next year on the internet might be a bit bumpy, Moussouris says. "We're going to see a traffic jam of patch releases and system downtimes as companies try to apply these patches."
OK, there isn't much you can do about an outage. Except breathe, and wait it out.
Fortify your logins
To be extra careful, and better brace yourself for the breaches, you need to improve your passwords. If hackers grab a list of passwords from one company, they'll attempt to re-use those passwords on other platforms, Moussouris warned.
A password manager will help you create and save long, unique -- in fact, gibberish -- passwords. Your device might have a manager built in, and by all means use it. But for one that works across platforms and includes features like family vault sharing, I recommend 1Password (starting at $29 a year) or Dashlane (starting at $65 a year).
Then, there's "two-factor" or "multifactor" authentication. With a password in hand, a hacker wouldn't be able to get in without this second code required for access. You can get codes via text message or from an app like Google Authenticator.
Try passkeys
A new way to log in, called passkeys, is even more secure: They are stored in your password manager, respond to face or fingerprint scan, replace both your password and multifactor code and, most important, only work on legitimate websites. Passkeys aren't duped by a well-designed fake login page.
Passkeys are available on a growing number of services, such as Google, Wells Fargo and Ring. If an app or website you regularly use offers to set up a login passkey, click "yes." (You can also find passkey options in the app or website's security settings.)
And as always, refrain from clicking on links in suspicious emails, and downloading free cheat codes, pirated movies and unfamiliar software, where malware can linger.
Create a special code word for family
If software becomes vulnerable, more of your personal information could fall into the wrong hands. Which means "social engineering" attacks could rise too, where hackers know enough about you to con you out of money.
They can also use your family members against you -- or at least "deepfake" versions of them. AI can spit out audio that sounds shockingly real, as I learned in an experiment last year. Hackers will call and play these voices to create an emotionally charged situation where you're more likely to fall for trickery.
Lewis suggests creating a code word, a special password shared among loved ones. So when your relative calls claiming they've been kidnapped, you'll know to hang up if they can't name your first pet.” [1]
1. Critical Software Updates Loom. Don't Ignore Them. --- Anthropic's newest AI model is a hacker's dream. Take these cybersecurity tips seriously now. Nguyen, Nicole. Wall Street Journal, Eastern edition; New York, N.Y.. 21 Apr 2026: A11.
Komentarų nėra:
Rašyti komentarą