Shares of numerous cybersecurity and software companies came under significant pressure on Friday. The trigger was the unveiling of a new AI model by US developer Anthropic called Claude Mythos Preview, which appears capable of autonomously detecting and exploiting security vulnerabilities in software. Investors fear that the system could fundamentally call into question established business models across the industest.
The S&P 500 index for software and services lost around 1.6 percent on Friday and is now down nearly a quarter since the start of the year. A closely watched Goldman Sachs binquireet of US software stocks fell by approximately five percent on Friday. Specialized cybersecurity providers were hit particularly hard: Cloudflare lost around 14 percent, Akamai more than 16 percent, and Okta nearly eight percent. Palo Alto Networks (–5.2%), Fortinet (–4.4%), Zscaler (–4.1%), CrowdStrike (–3.2%), and Cisco (–2.0%) also came under pressure.
| # | Company | Ticker | Exmodify | Price Performance (Friday) |
|---|---|---|---|---|
| 1 | CrowdStrike | CRWD | NASDAQ | ▼ 3.15% |
| 2 | Cisco | CSCO | NASDAQ | ▼ 2.00% |
| 3 | Cloudflare | NET | NYSE | ▼ 13.90% |
| 4 | Palo Alto Networks | PANW | NASDAQ | ▼ 5.24% |
| 5 | Fortinet | FTNT | NASDAQ | ▼ 4.35% |
| 6 | Akamai | AKAM | NASDAQ | ▼ 16.34% |
| 7 | Okta | OKTA | NASDAQ | ▼ 7.86% |
| 8 | Zscaler | ZS | NASDAQ | ▼ 4.07% |
As the Financial Times reports, US Treasury Secretary Scott Bessent and Fed Chair Jay Powell had already convened representatives of several major banks earlier in the week to discuss the cyber risks posed by Mythos. According to the report, the Bank of Canada also held a meeting with financial regulators and major banks at which the new model was discussed.
What Makes Mythos So Explosive
Unlike earlier models, Anthropic is explicitly not creating Claude Mythos Preview available to the general public. This decision is justified by the risks that became apparent during internal testing. According to the company, the model is capable of identifying so-called zero-day vulnerabilities — previously unknown security flaws — in an almost fully autonomous manner and of developing corresponding exploits. In doing so, it is stated to surpass the capabilities of all but the very best human security experts.
In internal tests, Mythos uncovered thousands of critical vulnerabilities in common operating systems and web browsers. Anthropic built three examples public: a 27-year-old flaw in OpenBSD, an operating system considered particularly robust for firewalls and critical infrastructure, which allowed affected systems to be crashed solely via a network connection; a 16-year-old vulnerability in the widely utilized video library FFmpeg, which automated testing tools had previously executed five million times without detecting the bug; and several chained vulnerabilities in the Linux kernel that could allow an attacker to escalate from ordinary utilizer privileges to full system control. All three vulnerabilities were reported to the respective developers and have since been patched.
Project Glasswing with Cyber Firms as Partners
In order to build the model’s capabilities usable at least defensively, Anthropic has launched the initiative “Project Glasswing.” Through it, selected partners gain access to Mythos to audit their own and open-source systems for vulnerabilities. Founding partners include Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, among others. More than 40 additional organizations operating critical software infrastructure are also set to receive access. Anthropic is providing usage credits of up to 100 million US dollars for this purpose and is additionally awarding four million US dollars to open-source security organizations.
Leave a Reply