You said you’re concerned about Mythos—we talked to the experts

We asked, you answered.

In a recent IT Brew poll, we asked if you were concerned about the potential of LLMs like Claude Mythos Preview to enable cyberattackers to exploit vulnerabilities, and 66% of you said “yes.”

There’s a good reason for potential threats such as these models to be top-of-mind for IT pros, said Heath Mullins, chief evangelist at ExtraHop. New models can quickly analyze and interpret massive amounts of data, enabling attackers to infiltrate systems more easily.

But Mullins said he’s more worried about the one-third of IT Brew’s respondents who said they weren’t bothered by the potential for exploits.

“I don’t understand how you could not be concerned about something that has the ability to create such an impact upon not only your organization, but your day-to-day life,” Mullins told IT Brew.

Trigger finger. When Claude Mythos Preview leaked in March, it set off a firestorm of concerns across the cybersecurity industry. In April, Rich Mogull, chief analyst at CSA, told IT Brew that advanced AI models will amplify and evolve the back-and-forth between attackers and defenders.

“What Mythos is capable of today without help is available using other models with more expertise, and then eventually those capabilities are going to become more automated and more widely available,” Mogull said.

The issue is less whether or not threat actors can use the technology, James Shank, director of threat operations at Expel, told IT Brew, and more about “whether or not the defenders can respond quickly enough to alleviate the concerns that are introduced by the acceleration of vulnerability discovery and exploit development.”

“Functionally, what [LLMs] change about security dynamics is the velocity of exploit development and the cost of the discovery of vulnerabilities, and when you change those two dynamics with any sort of economic activity, you fundamentally change the rates of deployments and you change the speed at which things happen,” Shank said. “That’s going to be, in my mind, where these changes have the most impact on security outcomes across enterprises and corporate networks.”

Figure it out. For IT pros faced with the demands of integrating models like Mythos into their systems, it can be hard to determine which data to protect from attackers, as well as which permissions to grant. As always,it requires doing the basic, under-the-hood work to set up the proper parameters and guardrails, Mullins said: “You really need to establish a cadence to reduce opportunities for model shift hallucinations and duplicitous data.”