Every one of the 16 apps that I’ve vibe coded has vulnerabilities that AI has inserted into its code, entirely by omission. Every security pass I make, including asking Claude/Codex to continue checking until they run through two consecutive passes without issues, yields vulnerabilities in the future.

Vulnerabilities that haven’t been identified or patched exist every app on your phone and every software on your laptop, including your operating systems, as well as on the surfaces that run telecom networks and the web.

Cybersecurity has always been an arms race - some people try to exploit vulnerabilities, and people try prevent them, and with time each has gotten better. Finding those bugs has always required rare, expensive human expertise and months of painstaking work. That is the only reason most of them stayed hidden for so long. There’s an entire industry that has evolved around bug-bounty programs, wherein security researchers get paid by companies for finding vulnerabilities in their software. Because if they won’t then someone else will, and use them to attack the tool.

Some vulnerabilities stay hidden forever, and often go for hundreds of thousands of dollars, depending on the rarity. Because vulnerabilities are patched once found, these are called “Zero Day” vulnerabilities, and are sold on the dark web. One example was the Whatsapp vulnerability that first brought Pegasus spyware to light in 2019. It exploited a previously unknown Whatsapp video calling vunerability.

Claude Mythos Preview (Mythos) changes this. It is an AI model that can read software code, identify hidden flaws, and figure out how to exploit them, entirely on its own, in hours, across thousands of software simultaneously. Anyone with access to it gets, effectively, an army of expert hackers available at the push of a button. Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.

Three examples from Anthropic:

• 27-year-old vulnerability in OpenBSD, which has a reputation as one of the most security-hardened operating systems in the world and is used to run firewalls and other critical infrastructure. The vulnerability allowed an attacker to remotely crash any machine running the operating system just by connecting to it

• A 16-year-old vulnerability in FFmpeg, which is used by innumerable tpieces of software to encode and decode video, in a line of code that automated testing tools had hit five million times without ever catching the problem.

• The model autonomously found and chained together several vulnerabilities in the Linux kernel, which is used to run most of the world’s servers, to allow an attacker to gain complete control of the machine.

These are mature battle hardened tools, not vibe coded. Cybersecurity will never be the same again.

The Mythos created bomb that is ticking

The internet is a space with shared interconnected infrastructure, and so the risk of vulnerabilities impacting multiple systems at once, or an exploit moving from surface to surface through trusted channels of interconnected communication means that there needs to be a coordinated response.

While everything is at risk, including the personal devices we use, particularly vulnerable are open source software systems that run the Internet, including servers, operating systems. The tooling of the Internet we have today is as safe as its weakest link, and Mythos is finding vulnerabilities everywhere.

Anthropic believes that Mythos is merely a sign of things to come, and explains how this is a step change in cybersecurity, because it changes the speed at which vulnerabilities can be discovered and exploited:

Over the past year, AI models have become increasingly effective at reading and reasoning about code—in particular, they show a striking ability to spot vulnerabilities and work out ways to exploit them. Claude Mythos Preview demonstrates a leap in these cyber skills—the vulnerabilities it has spotted have in some cases survived decades of human review and millions of automated security tests, and the exploits it develops are increasingly sophisticated.

The key problem here is that while discovery and attack is going to be swift, the defense is slow to respond because of how companies and institutions operate: security is compliance, and audits are often perfunctory and inadequate, and once the damage is done, they’re focused on protecting their reputation instead of warning affected parties. I recent got a content of court threat for MediaNama wanting to report on a verified data breach following a ransomware attack, based on a John Doe order from a court that in effect has been used to restrict public interest journalism.

Mythos exposes a major fault-line in cybersecurity: Vulnerabilities can now be surfaced at machine speed, while the systems responsible for fixing them still move through human, institutional timelines, often with the primary objective of protecting their reputation.

The politics of Mythos

Mythos is a both a weapon and a solution with geopolitical and business implications, so we need to look at it from a political lens:

First, the politics of who gets protected first: think back to the politics of how vaccines were distributed during COVID for an analogy: Anthropic is looking at this from a defense lens, but the ability to protect against this threat is not being distributed evenly. The partners that Anthropic has for Project Glasswing, which is an effort “to secure the world’s most critical software” include: Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. They have expanded access to 40 other organisations, but we don’t know who else is protected. While I understand the need to gradually expand the circle of trust, and this is a rational move, there’s clearly a hierarchy, and access to Mythos is being gated. Vulnerabilities are universal but the access needed to patch them is not.

Everyone else has to deal with significant uncertainties:

• What vulnerabilities does my software stack have?

• When will I be able to find it so that I can patch it?

• What if someone uses it for a malicious attack before I can patch it?

Second, who gets to weaponise it: A model that can find and exploit zero-days at scale is not only a defensive tool. It is a strategic capability that militaries will want. This explains why the US Department of War went after Anthropic: this is like cyber-nuclear-power. Can be used for good (improve software/produce electricity) or destruction (cyberattacks/nuclear weapons). This is where the difference between democracies and authoritarian regimes come in: if this were in China, then Anthropic would not have been able to refuse giving it to the government. Anthropic’s position is laudable, just as ChatGPT’s wasn’t. Claude’s Constitution  offers an explanation of why it held out:

Anthropic occupies a peculiar position in the AI landscape: we believe that AI might be one of the most world-altering and potentially dangerous technologies in human history, yet we are developing this very technology ourselves. We don’t think this is a contradiction; rather, it’s a calculated bet on our part—if powerful AI is coming regardless, Anthropic believes it’s better to have safety-focused labs at the frontier than to cede that ground to developers less focused on safety.

Another interesting note from Claude’s Constitution, which lists its core values as “Broadly safe”, “Broadly ethical”, “Compliant with Anthropic’s guidelines” and “Genuinely helpful”, and in order of priority. This explains the “why” of Project Glasswing, and Anthropic’s pushback against the US Government, though I must point out that they said in their February 26 statement that “mass domestic surveillance is incompatible with democratic values.”

Third, which country does this benefit: Anthropic says it has discussed Claude Mythos Preview with US government officials in relation to its “offensive and defensive cyber capabilities,” and adds that these capabilities are another reason why “the US and its allies must maintain a decisive lead in AI technology.”

This tells us that while Project Glasswing may secure parts of the global internet, because its partners run infrastructure everyone depends on. Strategic technologies do not distribute their benefits evenly, even when their risks are universal. The strategic benefit flows first to the US and its allies.

Mythos is built by a US company, access is gated by that company, and the capability is explicitly framed as part of maintaining technological lead. Meanwhile everyone is vulnerable.

I’m reminded of Sam Altman’s visit to India in 2023, wherein when asked, he said that the UN should regulate AI. I said then that UN is where regulations go to die, and if you want no regulation, you ask the UN to deal with it. Case in point are the discussions around using “ICT’s” (ugh) for cyberattacks at the UN, where I’m not sure where we’ve ended up, except for states defining norms (see point 34), but lacking the force of law.

Given the anarchy that is the UN, we’re left with companies choosing to “do no evil”, and their definition of good and evil.

The new equilibrium will be political before it is technical

We cannot patch every vulnerability, and preventive strategy is out the window. Eventually a new equilibrium will emerge in cybersecurity, because services like Mythos, when used correctly, as Anthropic is attempting to, will elevate cybersecurity all around.

The problem is that a tool that compresses attack timelines without compressing defense timelines increases systemic risk before it improves security.

Getting there will be messy, because of the abundance of vulnerability discovery, and driven by the politics of how we get there. Some services will clearly have to be sandboxed and retreat from the open Internet. The safest apps will be those that are device only.

In the meantime, digital public infrastructure remains vulnerable to powerful undiscovered attacks that target vulnerabilities that AI finds, and the larger your level of digitisation and dependence on tooling that isn’t protected by Mythos first, the greater the risk to core sectors, including critical infrastructure.

Speed of response, and informing affected parties (and not silencing reporting to restrict reputational damage), will be important to enable people to protect themselves.

Cybersecurity will have to move beyond mere compliance to defense, but defense is only as good as existing countermeasures, which is were access to frontier technologies comes in.

To go back to my COVID analogy, it’s important to watch who gets access to the vaccines first.

P.s.: vibe coding update: I’m now at 21 different projects, of which 16 are apps, 9 are fully functional on my device, two of which I use 20-50 times a day. Two failed and I have to try again, and 6 I have paused, and 4 I have barely begun. Of the online projects, play Tech Policy wordle at games.upthink.app.

I’m creating a “vibe coding for beginners” workshop that I’ll host in Delhi. If you’re interested, mail me at nikhil at medianama dot com with the subject “vibe coding workshop”, and I’ll inform you when I’m ready (probably end of next month)