Tips Tuesday – Anthropic’s New Mythos AI Model Changes Everything

Tips Tuesday - Anthropic’s New Mythos AI Model Changes Everything

There’s only one news item to report this week.

And it involves every online connection you have and can indirectly impact your website security.

Do not skim over this news!!

This is not a one-time thing. This is the way things will be from now on.

Today’s post is to help you get in the know and keep yourself, your site, and your family safe.

Anthropic’s New Mythos AI Model Changes Everything

Last week, Anthropic announced its new AI model, Mythos.

But they will not be releasing it to the public because it is FAR too dangerous.

It cost $10 million to train and is 10-20 times bigger than any AI model available from any entity.

Mythos has obliterated every AI benchmark by 200%.

It can even “break out of its cage” to take actions on its own and it knows when it is being monitored.

Cybersecurity Shockwaves

Mythos found multiple Zero-Day vulnerabilities in every major software that they fed it.

That software includes:

  • Microsoft – powers practically every business computer on the planet
  • Apple – powers most cell phones and has largest app store
  • Google – cloud storage and software, and Android devices and apps
  • Amazon Web Services – the most used cloud storage globally
  • Nvidia – makes AI chips and software
  • Broadcom – secures data transfer
  • Cisco – runs the hardware/software for internet hubs and telecommunication
  • CrowdStrike – top cybersecurity company for critical systems – government, military, infrastructure, and more
  • Palo Alto Networks – top cybersecurity for businesses
  • Linux Foundation – hub for 90% of open source software development

The Glasswing Project

To help prevent the catastrophe such a powerful AI model could cause if released, Anthropic has created the Glasswing Project

Every one of the above named tech giants, plus JP Morgan, have become founding members of it.

Anthropic has made their Mythos Preview version available to them and they “will use Mythos Preview as part of their defensive security work; Anthropic will share what we learn so the whole industry can benefit.”

Anthropic is “committing up to $100M in usage credits for Mythos Preview across these efforts, as well as $4M in direct donations to open-source security organizations.”

This means that all of these rival companies will be working together, and sharing their findings and code vulnerabilities and fixes, to help all of them defend against the oncoming AI hackathon that is looming.

This is Just the Beginning

Anthropic is not the only company that has devoted tens of millions of dollars to train a monster AI.

OpenAI now says they have one too. (Considering Sam Altman’s previous knee-jerk reactions, I’m not sure I believe this is any more than hype, or a “me too” response – for now.)

I 100% guarantee you that China, the UAE, and other countries are developing their own monster AIs that will rival or exceed Mythos before this year is out. And thanks so much to our President for selling them the most powerful U.S. made AI chips to do it.

Stay On Top of Big Updates

It’s going to take time for all of these major softwares to find and fix the vulnerabilities.

And they will be rolling out updates as they do.

It’s critically important that you add those updates as soon as they are available.

That includes updates on your:

  • Computer / laptop – power down for full purge, don’t just restart.
  • Computer software
  • Browser – this means closing the browser fully more often so it can update on the next launch
  • Phone – power off for full purge after update
  • Phone apps – though they will likely update in the background. 
  • iPad or other tablets – same as phone
  • Router – unplug and reboot to receive updates or check with the manufacturer/provider. Do this for all extender hubs too.

Update IoTs

The Internet of Things (IoTs) have always been easy targets for hackers.

And they are going to go after these things harder as the big targets above secure their softwares.

You will need to check how to update these things for yourself:

  • Router / wi-fi – this is the biggest target
  • Home security system
  • Listening devices like Alexa
  • Smart TV or smart device connected to it, like a Fire Stick or Apple TV
  • Apps that are in the Smart TV or device
  • All other Smart devices like thermostat, refrigerator, microwave

FYI, you will likely never know if these things have been hacked, as they will still work the way you use them.

Close Tabs

For years, cross site scripting (XSS) has been THE most common vulnerability with all websites. And it is now an even bigger threat than ever.

To combat this issue, close all browser tabs that you are not actively using to do the one thing you are trying to accomplish at that moment.

If you need to login into a site, ensure no other tabs are open. And log out of that site when finished. Don’t just close the tab.

Consider using 2 different browsers. Here’s an example:

  • I run my whole back office on Workspace, so I have 3 tabs open in Chrome while logged into that account for email, Docs, and my calendar.
  • I use the Brave browser for everything else, including client work.
  • I log out of Workspace and close Chrome when I’m off the clock.

This practice reduces the possibility of XSS hacking and protects my business and yours.

Reduce Exposure

I swear, it seems like every business I trade with has their own app now.

I guarantee that it is vibe coded junk with no security.

Get that crap off your phone!!

Use their website or online forms. At least you’ll have your browser to help identify security issues that may infect your computer.

Banking or other monetary apps – there is NO WAY I would have these on my phone!!!! That’s especially true of the new services that are connected to all of your bills to show you where you are spending your money.

Home security systems – it’s almost impossible to find one that is not connected to wi-fi via your router. But don’t expect that connection, or the app you use to be secure. And for Pete’s sake, seriously reconsider having indoor cameras or a digital lock on your doors.

Update Passwords

Ensure you are using super strong passwords for every online account you have.

Do not use the same password for different accounts.

Be super careful who you share those passwords with.

Change your password after you give someone temporary access.

Remove anyone from your account that doesn’t need constant access.

Rotate your passwords at least once a year.

2FA

Two-factor authentication may help.

I’m NOT a big fan of tokens that are sent to a phone.

But, if you have an email app on your phone, that negates the security of sending the token that way too.

There are conflicting studies everywhere that show 2FA is good as well as worthless.

You’ll have to make up your own mind about it.

I Can’t Protect You From Yourself

I’ve been telling you for years that you need to get super serious about cybersecurity.

A day of cybersecurity reckoning is now at hand.

I will do everything in my power to help keep your website secure.

But, if you are negligent with your personal cybersecurity and your devices get hacked, which infiltrates your wi-fi router, and then the hacker has access to your computer – nothing you touch with your computer will be safe from an attack – that includes your website.

Bottom line – if you think all of the above is a hassle, just wait until your whole online life gets hacked!

Cybersecurity as Saas

The Glasswing Project is only the first step toward securing critically important, and widely used hardware, software, and connections.

It will not be enough.

In the near future, I see new AI companies popping up that specifically offer AI attack mitigation.

That mitigation will cost billions of dollars.

And you know that cost will be passed on to us, the users of that infrastructure and software.

Contact Your Representative

The Treasury Department and Federal Reserve have called special meetings over the Mythos announcement.

But, there also need to be state and federal regulations and guidelines that require companies who provide hardware, software, and apps to keep their wares up to date.

I guarantee that many of those companies will not spend the money to buy the forensic help they need to keep their stuff safe. They will lean more toward paying you some kind of pro-rated refund after an attack to placate your inconvenience.

It’s like clean water laws. They will keep dumping it into the river until enough folks scream about stopping it.

Please contact your state and local representatives to get on this now.

10 Comments

  1. MaAnna, this is one of the scariest things I’ve ever read. It doesn’t get more real than this. Wow.

    I appreciate the heads-up and advice.

  2. Hi MaAnna, can you clarify what you mean by – power down for full purge, don’t just restart. Do you mean turn off completely, wait a few moments, then turn on?

  3. Thanks MaAnna, this is the main reason I dont allow apps on my phone, use pay apps, use cloud storage, etc. I’m an external drive and backup kind of guy.

Leave a Reply

Your email address will not be published. Required fields are marked *