Security leaders warn new software must be rolled out with close co-ordination between the governments and businesses.

The roll-out of Anthropic’s Claude Mythos artificial intelligence tool is triggering a wave of software patches, with the potential to expose critical national infrastructure to cyber attack and sparking calls from cyber security leaders for greater co-ordination between the public and private sectors.

Businesses that have been given access to the new tool from the San Francisco-based group said that co-ordinated action “across the public and private sectors” was needed to help hospitals, banks and utilities exposed to the risks Mythos identified, FT mentions.

“The way I think about this is there is a world pre-Mythos and there is a world post-Mythos,” said Jeetu Patel, president and chief product officer at technology group Cisco, one of the handful of companies that have access to the model.

Also read India’s take on Mythos: FM Sitharaman Chairs Meeting On Mythos Impact On India’s Fintech Ecosystem

Anthropic plans to roll out Mythos gradually, after releasing to a select group of 40 companies, mostly in the US. This includes Amazon and Microsoft, and big banks like JPMorgan Chase.

This has resulted in some companies receiving more “patches” – software updates that resolve vulnerabilities identified by Mythos.

Bryan Preston, chief financial officer at US bank Fifth Third, told the FT that its IT supplier, Microsoft, had issued nearly 150 patches since Mythos was released.

The number of bugs Anthropic’s model found could lead to a “patch tsunami”, said Haider Pasha, vice-president and chief security officer of Emea at cyber security company Palo Alto Networks. This could be problematic for companies that want to maintain smooth operations, he said.

Earlier this month, Anthropic launched Mythos, which it claimed could identify cyber security vulnerabilities more quickly than humans.

Palo Alto Networks has said the technology will rapidly spread beyond the models created by US tech companies, which contain safeguards to stop it being used for malicious purposes, and could allow hackers to “develop autonomous attack agents unlike anything the industry has faced”, quotes FT. Pasha said frontier models like Mythos were significant for their capacity to “chain together vulnerabilities” to circumvent security.

Cyber security professionals have said software developers would have to be careful in the patches they release to customers.

Anthropic this week said it was looking into reports that a group of users had accessed Mythos via third parties. In recent days, central bankers, financial firms and regulators have called for early access to Mythos, but the start-up has refused to commit to a timeframe. Many businesses were vulnerable but critical infrastructure organisations were particularly tempting targets, said Cisco’s Patel. These systems are often running out-of-date software and are considered high-value targets.

“Patching is a challenge because you have to actually shut down your system sometimes and most companies can’t afford to shut down their system so they do it in a scheduled downtime to update the systems,” Patel said.