The good news: Artificial intelligence (AI) models can uncover software bugs at never-before-seen rates.
The bad news, as the Wall Street Journal (WSJ) reported Tuesday (April 13), is that the volume of these discoveries could overwhelm smaller developers and open the door for hackers.
The report cited the example of Anthropic’s Mythos, which found thousands of bugs last month. The company is working with around 50 tech companies and organizations to ferret out and fix bugs, and has no plans to offer Mythos to the public.
“We need to know that we can release it safely, and it’s not exactly clear how we can do that with full confidence,” Logan Graham, the head of Anthropic’s Frontier Red Team, which evaluates AI for risks, told the WSJ.
Rival AI startup OpenAI is at work on a similar campaign, the report said. A source familiar with the company’s plans said this involves offering developers a security-centric version of its product that lets them patch systems before hackers discover the bugs.
Writing about this issue earlier this week, PYMNTS argued that the implications of Mythos’ ability to find old bugs are two-sided.
“On one hand, defenders such as banks, payment processors and infrastructure providers can use these tools to identify and patch weaknesses,” that report said. “On the other, the same capabilities could be leveraged by hackers, dramatically accelerating the discovery and exploitation of systemic flaws across the financial ecosystem.”
In reaction to the apparent danger to vital financial services infrastructure, the White House recently summoned representatives from banks, including JPMorgan Chase, Goldman Sachs, Citigroup, Bank of America and Morgan Stanley, and urged them to identify the systems-level vulnerabilities surfaced by the frontier AI model, according to a report last week.
In other cybersecurity news, PYMNTS wrote earlier this week about the growing demand for people who can negotiate with hackers.
“Ransomware has become a structured, global industry,” that report said. “Organized cybercriminal groups now operate with business-like efficiency. Attacks are no longer limited to encrypting files; they often involve ‘double extortion,’ where attackers threaten to leak stolen data if payment is not made.”
The PYMNTS Intelligence report “Vendors and Vulnerabilities: The Cyberattack Squeeze on Mid-Market Firms” found that hackers are increasingly targeting middle-market companies, which rely on third-party cloud providers, software-as-a-service platforms, managed service and logistics firms, which can leave them open to attack.