We have already discussed about ‘Mythos‘ the new AI model by Anthropic in an earlier post.
‘Mythos’ has not been released to the public but it is already called a “Cybersecurity reckoner” because it has unleashed a huge number of vulnerabilities in browsers and operating systems under ‘Project Glasswing’. The vulnerabilities detected in browsers and operating systems can be used by attackers to cause damage to everyday systems. This is one of the primary reasons why Mythos has not been released to the public as yet.
Mythos was released only to a small group of companies known as ‘Project Glasswing’ to test it out and understand its power. Some of the companies in Project Glasswing which were involved in testing it were ‘Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase etc’.
There are some key metrics when working with Mythos and discovering vulnerabilities. They are:
a. vulnerabilities being discovered
b. time taken by the attackers to be exploit the vulnerabilities
c. time taken by companies to patch the vulnerabilities
This is explained by this graphic created by Claude:
Time taken for the vulnerability to be converted to a working attack – approximately 5 days by hackers (Source: Claude) However the same vulnerability can be converted to an attack by Mythos in a matter of hours.
Industry patch time to fix these vulnerabilities – about 32 days
The gap between the time a vulnerability is being exploited by attackers(approx. 5 days) to the time it takes to patch the vulnerability is known as the “kill zone”.
This time is used by hackers to gain access to the system by making use of the vulnerability. This is represented in this graphic by Claude:
One of the ways in which “Kill Zone” time can be reduced is reducing the patch time which means that cybersecurity teams have to work much faster than ever to eliminate vulnerabilities.
This post is for alphabet ‘W’ for BlogchatterA2Z by @b