AI Sec Watch

The article argues that AI systems aren't necessarily introducing entirely new security problems, but rather making existing vulnerabilities worse and easier to exploit. AI amplifies old bugs rather than creating fundamentally new ones.

Claude Mythos is Anthropic's latest AI model that can outperform humans at hacking and cybersecurity tasks, including finding and exploiting dormant bugs in old code. Anthropic restricted access to 12 major tech companies and 40+ organizations responsible for critical software through an initiative called Project Glasswing (a program designed to help secure important systems), rather than releasing it publicly, due to concerns from regulators, financial institutions, and government officials about potential risks to digital security.

Researchers discovered that two widely-used encryption schemes for secure database searches (m-ORE and om-ORE, which allow multiple parties to query encrypted data without revealing the queries or data) can be attacked by a malicious client and server working together to insert fake records into the database. The team developed a new scheme called MORES that fixes this vulnerability while also making searches about one-third faster and more efficient than the older schemes.

This research paper examines macro-level collaborative leakage, which occurs when individually harmless data pieces reveal sensitive information when combined together. The authors conducted mathematical analyses to understand why this happens and found that the problem stems from how risk data (data that don't directly expose private information) correlate with sensitive information. While Gaussian distribution (a common bell-curve statistical pattern) can help prevent this type of leakage, the paper concludes that this protection is limited and more comprehensive security mechanisms are needed.

This research proposes HeteroFed, a framework for federated learning (a distributed machine learning approach where multiple devices train a shared model without sending raw data to a central server) that addresses privacy and performance challenges in edge intelligence scenarios. The framework uses four main techniques: personalized model construction for different devices, dynamic gradient clipping (limiting how much model parameters can change), adaptive noise addition for privacy protection, and improved model aggregation to maintain accuracy despite privacy protections.

The White House is working to authorize a modified version of Anthropic's Claude Mythos model, an AI system that can identify cybersecurity vulnerabilities (weaknesses in software that attackers could exploit), for use by federal agencies. The move comes despite the Department of Defense maintaining a ban on contracting with Anthropic, and raises questions about what safety modifications and controls would be needed before deploying such a powerful AI tool in government.

Nvidia currently dominates AI chip manufacturing, but startups are raising record funding to compete with alternative designs optimized for AI inference (deploying trained models in real applications). Investors are increasingly backing these new companies, with $8.3 billion raised globally in 2026, because they argue that purpose-built chip architectures can deliver significant energy and cost savings compared to Nvidia's GPUs, which were originally designed for gaming.

Anthropic created Claude Mythos, an AI model so skilled at finding and exploiting software vulnerabilities (weaknesses in code that attackers can abuse) that the company restricted its access to about 50 large organizations instead of releasing it publicly. While this approach seems responsible, critics argue we lack key information to evaluate whether Mythos truly works as well as claimed, including how often it incorrectly flags safe code as vulnerable, and whether it can find bugs in less common software like medical devices or industrial control systems.

Palo Alto Networks is participating in Project Glasswing, an AI-based initiative led by Anthropic that uses Claude Mythos (an advanced AI model) to discover zero-day vulnerabilities (security flaws unknown to software makers) in operating systems and browsers across the industry. The company is also addressing the cybersecurity gap in AI deployments through recent acquisitions, including Protect AI for securing language models and AI agents, CyberArk for identity security, Chronosphere for managing AI-generated data, and Koi for protecting against risks from autonomous AI agents on user devices.