2026年4月10日 / 美国东部时间下午6:42 / 哥伦比亚广播公司新闻
Anthropic最新的名为Mythos的人工智能技术,在发现软件漏洞方面能力极强,以至于该公司不敢公开发布该模型,以防其落入不法分子之手。
这家开发了Claude人工智能聊天机器人的公司本周在其官网的一篇文章中表示,这款新工具已经在“每一个主流操作系统和网页浏览器”中发现了数千个安全弱点。
尽管这项能力对保护关键系统而言可能是一大福音,但也引发了人们的担忧:黑客可能会利用Mythos攻击银行、医院、政府系统以及众多其他组织的IT基础设施。
应对“风暴”
Anthropic并未将Mythos公之于众,而是将这项技术分享给了亚马逊、苹果、思科、摩根大通和英伟达等少数几家大型企业,以便它们测试该模型,强化自身系统以抵御网络攻击。据Anthropic介绍,这项名为“玻璃翼计划”的工作旨在帮助关键企业在黑客掌握Mythos或类似人工智能模型之前,加固自身的防御能力。
与此同时,安全专家表示,围绕Mythos的担忧证明了人工智能如果被用于作恶将会带来的危险。
“我们需要将此视为一个警钟:风暴并非即将来临——风暴已经到来,”网络安全人工智能公司Assail的首席执行官艾丽莎·瓦伦蒂娜·奈特在接受哥伦比亚广播公司新闻采访时表示。“我们必须做好准备,因为过去人类黑客入侵我们的网络时,我们就已经跟不上他们的步伐了。如今如果他们使用人工智能,我们肯定更跟不上,因为人工智能的速度快得惊人,能力也更强。”
Mythos的能力也引发了联邦官员的担忧。美国财政部长斯科特·贝森特和美联储主席杰罗姆·鲍威尔于周二与顶级银行首席执行官举行了闭门会议,讨论Mythos以及其他由人工智能引发的新兴网络安全风险。据哥伦比亚广播公司新闻了解,Anthropic还向美国高级政府官员和主要行业利益相关者简要介绍了Mythos的功能。
另据消息,国际货币基金组织总裁克里斯塔利娜·格奥尔基耶娃在定于周日播出的《与玛格丽特·布伦南直面国家》节目采访中表示,全球尚无能力“保护国际货币体系免受大规模网络风险的冲击”。
“风险一直在呈指数级增长,”格奥尔基耶娃说。“是的,我们感到担忧。我们非常希望看到人们更多地关注在人工智能时代保护金融稳定所需的防护措施。”
Anthropic未回复置评请求。不过在其发布的文章中,该公司强调了滥用Mythos这类工具的风险。“其对经济、公共安全和国家安全造成的后果可能会非常严重,”该公司表示。
最薄弱的环节
这些严厉的警告掩盖了另一个令人不安的现实:黑客已经能够使用先进的人工智能模型,并将其用于各种恶意目的,包括创建能够在无需人类干预的情况下发起攻击的自主“代理程序”。
据网络安全专家介绍,此类攻击范围广泛,从传播恶意软件、实施身份盗窃诈骗,到制作深度伪造视频和发动勒索软件攻击。
“支持人工智能的工具甚至让低技能的威胁行为者也能执行高速、大规模的行动,而高级对手则利用人工智能来提升精准度、扩大自动化规模并压缩攻击时间线,”普华永道在最近的一份报告中指出。
这家管理咨询公司补充道:“2025年,人工智能公司发布一项新功能到威胁行为者将其武器化之间的时间大幅缩短,我们预计这一趋势在2026年可能会加速。”
其他人工智能工具虽然在暴露软件安全软肋方面尚未达到Mythos的水平,但已经在加大对消费者、企业和政府的风险。例如,圣路易斯健康科学与药科大学首席信息官扎克·刘易斯表示,黑客正在利用人工智能来优化所谓的网络钓鱼攻击,以窃取机密信息。
“它被用于为特定人群量身定制对话、沟通和钓鱼邮件,让这些内容变得更加难以识别和检测,让人难以分辨真伪,”他在接受哥伦比亚广播公司新闻采访时说道。
“一旦(Mythos)公开发布,我们将会看到更多的漏洞,可能还会有更多的攻击,”刘易斯说。“网络攻击肯定会增加,除非我们能够几乎实时地修复所有这些漏洞。”
奈特解释说,人工智能比人类更擅长发现软件漏洞,因为它可以快速扫描数千行代码并检测出问题,而人类未必擅长此道。
“人类是安全领域最薄弱的环节,”奈特指出。“我们在编写代码时有可能会犯错,源代码中的漏洞有可能永远都不会被人类发现。”
符合Anthropic的品牌形象?
一些安全专家对Anthropic逐步推出Mythos的动机提出了质疑,猜测这种有限发布的策略可能旨在吸引其他潜在客户。
与此同时,据《华尔街日报》报道,Anthropic和其竞争对手OpenAI都有望在今年年底前进行首次公开募股——人工智能安全平台Mindgard的创始人兼首席科学官彼得·加拉汉表示,这可能是推动媒体报道的一个动机。
“我怀疑Anthropic可能将此作为一种营销手段,或许是为了首次公开募股,”他说。
哥伦比亚商学院营销学讲师马莱克·本·斯利曼指出,Anthropic一直通过公开强调人工智能安全、突出其为技术设定的防护界限,来与OpenAI和其他竞争对手区分品牌形象。Anthropic推迟发布Mythos并启动“玻璃翼计划”的决定,与这一形象相符。
“在面临艰难决策时,Anthropic实际上始终坚守了自己的价值观,”他说。“精心策划Mythos的发布,确实能让他们看起来是负责任人工智能的守护者,但这同时也是一个绝佳的营销和宣传工具。”
Anthropic’s Mythos AI can spot weaknesses in almost every computer on earth. Uh-oh.
April 10, 2026 / 6:42 PM EDT / CBS News
Anthropic’s latest AI technology, called Mythos, is so powerful at revealing software vulnerabilities that the company is afraid to release the model publicly lest it fall into the hands of bad actors.
The company, the developer behind the Claude AI chatbot, said in a post on its website this week that the new tool has already uncovered thousands of weak points in “every major operating system and web browser.”
Although that capability could prove to be a boon for protecting critical systems, it is also stirring concerns that hackers could exploit Mythos to attack the IT infrastructure at banks, hospitals, government systems and many other organizations.
Preparing for the “storm”
Rather than releasing Mythos to the public, Anthropic is sharing the tech with a select group of major companies, including Amazon, Apple, Cisco, JPMorgan Chase and Nvidia, so they can test the model and strengthen their own systems against cyberattacks. Called Project Glasswing, the effort is aimed at helping key companies harden their defenses before hackers get access to Mythos or similar AI models, according to Anthropic.
At the same time, security experts said, the concerns around Mythos attest to the dangers of AI if it is weaponized for harm.
“What we need to do is look at this as a wake-up call to say, the storm isn’t coming — the storm is here,” Alissa Valentina Knight, CEO of cybersecurity AI company Assail, told CBS News. “We need to prepare ourselves, because we couldn’t keep up with the bad guys when it was humans hacking into our networks. We certainly can’t keep up now if they’re using AI because it’s so much devastatingly faster and more capable.”
Mythos’ capabilities are also sparking concern among federal officials. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell met with top bank CEOs in a closed-door meeting on Tuesday to discuss Mythos and other emerging cybersecurity risks stemming from AI. Anthropic also briefed senior U.S. government officials and key industry stakeholders on Mythos’s capabilities, CBS News has learned.
Separately, IMF Managing Director Kristalina Georgieva said in an interview set to air Sunday on “Face the Nation with Margaret Brennan” that the world does not have the ability “to protect the international monetary system against massive cyber risks.”
“The risks have been growing exponentially,” Georgieva said. “Yes, we are concerned. We are very keen to see more attention to the guardrails that are necessary to protect financial stability in the world of AI.”
Anthropic didn’t return a request for comment. In its post, however, the company underscored the risks of misusing tools like Mythos. “The fallout — for economies, public safety, and national security — could be severe,” the company said.
The weakest link
Such stark warnings mask another troubling reality: Hackers already have access to advanced AI models and are using them for a range of malign purposes, including to create autonomous “agents” capable of carrying out attacks without human intervention.
Such attacks range from spreading malware and executing identity theft scams to producing deepfake videos and launching ransomware attacks, according to cybersecurity experts.
“AI-enabled tooling has empowered even low-skilled threat actors to execute high-speed, high-volume operations, whilst advanced adversaries are using AI to sharpen precision, scale automation and compress attack timelines,” PwC said in a recent report.
“The time between the public release of a new capability by an AI company and its weaponization by threat actors shrank dramatically [in 2025], a trend we assess will likely accelerate in 2026,” the management consulting firm added,
Other AI tools, while not yet as effective as Mythos in exposing the soft underbelly in software, are already amplifying the risks to consumers, businesses and governments. For instance, hackers are tapping AI to sharpen so-called phishing attacks aimed at prying loose confidential information, said Zach Lewis, the chief information officer at the University of Health Sciences and Pharmacy in St. Louis.
“It’s been used to really script those dialogues, those conversations, those phishing emails, to specific people — and really customize them to make them a lot more difficult to detect and identify if these are fake or not,” he told CBS News.
“Once [Mythos] drops, we’re going to see a lot more vulnerabilities, probably a lot more attacks,” Lewis said. “Cyberattacks are definitely going to increase until we get to a point where we’re patching up all those vulnerabilities almost in real time.”
AI is more effective than humans at finding software bugs because it can quickly scan thousands of lines of code and detect problems, something people are not necessarily good at, Knight explained.
“Humans are the weakest link in security,” Knight noted. “Humans have the ability to make mistakes when we’re writing code. It’s possible for vulnerabilities in source code to have never been found by humans.”
On brand for Anthropic?
Some security experts questioned the motives behind Anthropic’s incremental approach to rolling out Mythos, speculating that the limited release could be aimed at stirring intrest from other prospective customers.
Meanwhile, both Anthropic and rival OpenAI are expected to launch initial public offerings by the end of the year, according to the Wall Street Journal — a possible incentive to drum up headlines, said Peter Garraghan, founder and Chief Science Officer at Mindgard, an AI security platform.
“I suspect Anthropic may be using this as a marketing ploy, perhaps towards IPO,” he said.
Anthropic has sought to distinguish its brand from OpenAI and other rivals by publicly emphasizing AI safety, highlighting its guardrails for keeping the technology in line. Anthropic’s decision to hold off on releasing Mythos and launching Project Glasswing aligns with that image, noted Columbia Business School marketing lecturer Malek Ben Sliman.
“When facing the tough decisions, Anthropic has actually been true to its values,” he said. Curating the release of Mythos “does allow them to look to be the protectors of this responsible AI, but it also is a great marketing and advertising tool.”
发表回复