Anthropic found thousands of zero-days — Fed discusses threat with banks
Anthropic found thousands of zero-day vulnerabilities in all major operating systems and web browsers using its new AI model Mythos. The Federal Reserve and the
AI-model Mythos from Anthropic discovered thousands of unknown zero-day vulnerabilities in all major operating systems and browsers. The discovery caused alarm at the government level — the Federal Reserve and U.S. Department of Treasury have already contacted the heads of the country's largest banks to urgently discuss the threat.
How Mythos Works
The model is capable of automatically finding critical vulnerabilities that attackers can exploit to gain unauthorized access to systems. Mythos analyzes source code, configurations, and architecture of operating systems and browsers, identifying weak spots that even experienced security specialists have overlooked for years. The vulnerabilities span all major platforms — from Windows and macOS to various Linux distributions, as well as all popular browsers: Chrome, Firefox, Safari, and Edge. These are not minor issues, but critical vulnerabilities in operating system kernels, making them potentially catastrophic in the hands of malicious actors.
State and Financial System Response
The Federal Reserve and U.S. Department of Treasury assessed the discovery as a critical threat to national security and financial stability. Without protection from these vulnerabilities, banking systems, critical infrastructure management systems, and government networks are open to massive cyberattacks. Urgent meetings were held with the heads of the country's largest banks to discuss immediate measures to reduce risk. Banks received a detailed list of vulnerabilities and recommendations for strengthening the protection of critical systems.
"If an adversary creates a similar model, the consequences could be
catastrophic for the financial system and national security," — regulators are quoted as saying.
What Needs to Be Done Immediately
Anthropic gives the industry a temporary window of 6-12 months to develop and deploy patches. During this time, companies must take critically important actions:
- Deploy patches for Windows, macOS, and Linux on all corporate systems
- Update browsers and web applications used by employees and clients
- Conduct an audit of the corporate network and identify outdated systems
- Train personnel to recognize exploitation attempts
- Install monitoring and attack detection systems
What This Means
The discovery of Mythos demonstrates that AI can now work in cybersecurity significantly more efficiently than humans. For business, this means an urgent review of protection strategies and significant increases in investment in infrastructure upgrades. For developers, it signals the need for radically new approaches to code security at the architecture level, not just at the update level.