Abstract created by Sensible Solutions AI
In abstract:
- Macworld explores how superior AI fashions like Anthropic’s Mythos are revolutionizing cybersecurity by figuring out software program vulnerabilities at unprecedented scale.
- Main tech corporations together with Apple, Google, and Microsoft are collaborating by means of Mission Glasswing to leverage AI for proactive safety enhancements.
- Mythos found 271 further vulnerabilities in Firefox after discovering preliminary flaws, suggesting Apple units might change into considerably safer inside two years.
Software program safety is a nightmare. You’ve most likely observed that each few weeks, there’s an replace in your Apple units that patches dozens of vulnerabilities, and it by no means appears to cease. Trendy software program is so complicated and so interconnected with different software program that it’s virtually unattainable to maintain up with the threats.
The “assault floor” of any system is the overall quantity of potential areas of assault. It’s all of the code a hacker might discover a gap in to compromise your system, program, software program, or service. And with the rising measurement and scope of code, along with expanded libraries, APIs, and middleware, the assault floor of recent code is huge.
It’s the job of safety engineers at corporations like Apple to search out and repair all of the potential safety flaws, but it surely’s a job too huge. Hackers solely should discover a single unknown flaw, whereas the safety engineers have to search out and repair all of them.
This offers the attackers a serious benefit. It has meant that software program safety has change into much less about an try to shut each gap than it’s about elevating the bar for attackers–making exploits so tough and costly that they not less than change into uncommon.
However all that’s about to alter.
AI coding brokers are altering the foundations
AI coding brokers have gotten actually good. In truth, in lots of areas, they’re higher than your common programmer, and in some areas higher than all however one of the best consultants. Anthropic’s AI mannequin Opus and the Claude Code device are thought-about among the many greatest. The oldsters at Mozilla used Opus 4.6 to scan by means of the Firefox codebase and located 22 security-sensitive bugs.
Take into consideration that. This can be a browser firm with a crew of consultants whose job is to search out and repair vulnerabilities, and this AI agent was capable of finding issues that led to 22 extra.
Anthropic has let some builders check an early model of Mythos.
Anthropic
It goes additional. Anthropic’s subsequent mannequin is Mythos. It’s not launched but, however the firm says it’s significantly better at code evaluation and producing the present Opus 4.7 mannequin. So Anthropic put it to the check. Dubbed Mission Glasswing, Anthropic gave safety researchers at Apple, Google, Microsoft, Cisco, the Linux Basis, Amazon Net Companies, and some others early entry to the Mythos mannequin, together with a fund to spend on discovering and fixing safety holes.
How good is Glasswing? That very same crew that used Opus 4.6 to search out and repair 22 safety bugs in Firefox then received entry to the Mythos preview. Firefox model 150 has fixes for 271 vulnerabilities discovered by it. That’s proper, after Opus discovered 22 safety bugs, Mythos discovered 271 extra!
Firefox says “only one such bug” would have been trigger for critical alarm in 2025, and “so many directly make you cease to wonder if it’s even attainable to maintain up.”
Leveling the taking part in discipline
The Mythos AI mannequin is such coder that Anthropic is ensuring crucial corporations get an opportunity to make use of it earlier than it’s launched, particularly to check its capacity to search out and repair software program safety vulnerabilities.
It’s so good, in reality, that it could possibly be harmful. Dangerous actors can already use public instruments on code repositories like GitHub to search out vulnerabilities and exploit them, somewhat than repair them. Think about them gaining access to a a lot, significantly better AI agent. You may see why Anthropic feels Mythos is simply too harmful to launch to the general public proper now, and why it’s working with a restricted variety of crucial corporations to offer entry to allow them to shore up their software program first.
Quickly, iOS updates might patch tons of of safety vulnerabilities earlier than hackers get an opportunity to take advantage of them.
Foundry
Ultimately, AI coding brokers pretty much as good as Mythos, or higher, will likely be extensively out there. That’s a safety nightmare, proper? Fairly the other. It means safety engineers on the world’s largest corporations are now not at a large drawback.
Presently, there’s a lot code and a lot software program interoperability in all our units that it’s unattainable to safe all of them. Hackers have on a regular basis on this planet and solely have to search out one flaw. Safety researchers are restricted in quantity and have to repair issues earlier than they’re exploited. However AI brokers can function at scale. They may give the world’s largest software program distributors the equal of 1000’s of professional safety programmers with the capability to scrutinize every part earlier than it’s launched to the general public.
Sure, superior AI coding brokers let the dangerous guys function at a higher scale, however additionally they let the great guys discover and repair issues simply as effectively. It’s a bonus they’ve by no means had earlier than, and with the flexibility to work on code earlier than it’s launched, the “protection” within the cybersecurity race may very well acquire an enormous benefit over the “offense” for as soon as.
Mix this with the flexibility for safety researchers to work with the handful of corporations able to making AI coding brokers this superior, to construct in safeguards that make their public variations much less helpful for dangerous actors, and we could possibly be getting into a golden age of cybersecurity.
AI might assist Apple make the iPhone safer than ever.
Britta O’Boyle
What’s subsequent for Apple customers
The previous couple of main OS updates from Apple have been loaded with safety updates. There have been dozens of fixes in iOS 26.3 and dozens extra in 26.4.
Within the quick time period, we will count on the OS 27 updates this fall to shut extra safety holes than ever earlier than, and possibly some OS 26 updates to carry these fixes to older units. I wouldn’t be stunned to search out that, someday within the subsequent six months, we get an OS replace from Apple that has 100 or extra safety fixes.
We’re in a scary transition interval the place AI helps the hackers as a lot because it’s serving to the software program creators. However this transition will likely be fleeting as outdated software program libraries, the muse for a lot fashionable software program, is shored up.
Inside a 12 months or two, our units, software program, and the companies we use must be safer than ever, not less than on a technical stage. Now if we might simply get individuals to cease utilizing “123456” and “admin” as their passwords.
