Full Transcript
Mythos is able to hack iOS devices. [music] These two guys used Mythos to find the exploit and then they, get this, drove it to Cupertino. Google stopped the world's first AI assisted mass [music] exploitation event. Do I have to tell you OpenClaw was involved? Beware the claw. By the way, Mythos is no longer the best hacking [music] model. You thought chatbots using m-dashes was bad? That wasn't even its final form. So, Claw and Mythos had just found its latest victim. It's Apple. Yeah, Apple. And of course, a Mac OS has a state-of-the-art security, one of the most secure software, highly regarded for that fact. So, here's what happened. There's this organization called Kalif, kalif.io. Their little tagline is hackers going to hack, be prepped. That's That's their tagline. They drove over to the Cupertino headquarters of Apple. Yes, they they drove there with a 55-page report. No, I'm not kidding. This was a 55-page report, like paper paper report, that they they drove to the Apple headquarters. They're also located in Palo Alto, so it wasn't that far of a drive, but still. Could this have been an email? Probably not. By the way, I know that might sound funny, but I think we're going to be seeing a lot more of that, how these disclosures get handled moving forward when when a bug or a vulnerability is discovered. I think it's going to be a little bit different from what we're used to. Okay, so what is it that they discovered? It's a data-only kernel local privilege escalation chain targeting a Mac OS 12.6.4.1 on Apple M5 hardware with memory integrity enforcement enabled. So, what this means is if you have one of those MacBook devices, you can start with an unprivileged local user account and then use this process that obviously they don't disclose, but to be able to just elevate to root administrator privilege, you've basically seized control of the computer. So, why is this a big deal? So, Michael Zalewski, who's a former Google security researcher, he he reviewed this work. He described this MIE, which is the memory integrity enforcement, he described as the culmination of an unprecedented design and engineering effort spanning half a decade. Right? So, the smartest people in cybersecurity working at Apple, at Google, right, over a decade, they worked very diligently and very hard to create this thing, to make it bulletproof. Then, those two guys plus Cloud Mitosis break it in five days. Five. So, that's an important point. So, Mitosis didn't autonomously find this. It did work alongside researchers. But, as you'll see, Mitosis is really enabling this to be taken to the next level. Exploits are being found in things we thought were secure. They are being found a lot faster. The The rate of finding these things is really beginning to accelerate. And a lot of cybersecurity experts are beginning to throw around this term called Bug Mitosisgeddon. So, Armageddon is this world-destroying event, the final battle between good and evil. So, that's what's coming and it's going to be called the Bug Mitosisgeddon. So, again, I said it before on this channel, make sure you're taking your cybersecurity just a little bit more seriously than before, cuz a lot of people are going to get pwned. It's beginning now, but as you'll see in a second, Dario Amodei is saying that really the big wave is not going to hit until about 6 to 12 months from now. It It's already happening, but we haven't seen anything yet compared to what we believe is going to happen. But, wait, if you're wondering how this Kalifi.io, how that company, that group of researchers, how did they get their hands on Mitosis? Well, they were part of Project Glasswing. Project Glasswing was Anthropic's rollout, I believe initially it was a 50 closely trusted organizations that got access to Cloud Mitosis to start testing and researching and finding a vulnerability. So, everything's working exactly as it should. Kalifi.io found this vulnerability, they printed it out on their local printer, and drove over in what I assume is their Tesla cars to Cupertino and handed that report to whomever the the Apple executives, their cybersecurity experts, etc. Now, Mythos has reportedly uncovered various exploits across major operating systems, major browsers, finding bugs that have survived decades and decades of human audits. Three days ago, just prior to this, Google announced that it thwarted what they were calling a mass exploitation event. There was a hacker group, again, AI-powered, that was going to commit this mass exploitation event, and Google was able to discover it, kind of step forward, and prevent it. And the Google story is perhaps even more scary because with the Apple story, what we're seeing is kind of everything working how it's supposed to be. It's It's the good guys, the defense. They found a bug, they reported the bug, and you know, hopefully the bug will soon be patched. The Google story is a little bit more darker, scarier, more nefarious, I guess, because it's the first confirmed case of attackers using AI to build a working zero-day exploit in the wild. So, zero-day, if you're not familiar with that term, it basically means it's some exploit that is unknown to the vendor. So, if you build some bank vault, and I know that there's some vulnerability, and you don't, if I as the bad guy discover it, you know, you don't have a chance to react, not yet. Right? Because once you find out, you're going to go to work trying to fix it, to to patch it up, and maybe you'll do it within 24 hours, or maybe it'll take longer, but the point is, the clock sort of number one, the clock starts to when you're going to patch it, and and number two, at least you're aware of it, so you can take some other precautions while you're working on a solution. Saying something is zero-day means you don't know about it, so I can do all sorts of things before you discover it. I you know, I can I can sit on that secret on that exploit, I can sell it to a million other people, and then on a certain day execute it, you know, against numerous targets. And the clock doesn't start until the first attack is discovered, right? When the first time that somebody figures out this exploit exists, one of the good guys, the defenders, they begin working to patch it or they, you know, maybe shut something down if it's exposed, etc. Day zero means dangerous. So, like those Khalif guys, when they found this exploit, that was a day zero exploit or zero day exploit. So, if they got their hands on somebody else's Apple technology, macOS, they could have used this and they did. They probably have used this for many months or or years until this was discovered. They didn't do it, they were the defenders, they're the good guys, but what Google stopped was a mass exploitation attack, the first recorded one where the bad guys using AI were about to do this. So, what did Google disclose? So, and the the reason I keep saying like how was this disclosed, who disclosed it? Keep that in mind because how things get disclosed, it is going to change, most likely, I'm guessing. So, Google Threat Intelligence Group, GTIG, on May 11th discovered that the first confirmed case of attackers using an AI model to build a zero-day exploit that was deployed in the wild. So, there's a popular, open-source, web-based administration tool. It has a certain two-factor authentication, right? Where you get some text to your phone or whatever the case. By the way, Google obviously didn't disclose what this tool was. It was a web administration tool. It targeted some Python functionality in there, some part of Python code that has some sort of two-factor authentication. So, if you type in those clues into your favorite large language model, it'll it'll give you some candidates and it'll probably point to one that probably this one we're talking about. That's important to understand because now, because of this disclosure, there's certain hints, breadcrumb trails that might allow the bad guys to figure out which tool we're talking about, to look at the open-source code, to potentially reverse engineer that to start attacking things that haven't been patched or updated or knowing how that exploit worked potentially maybe use the same idea against other code bases out there in the world. Notice how disclosing the fact now creates almost its own danger. So, what makes this very unique, what makes this the first of its kind is that Google is fairly sure that a large language model was used to create this exploit. Now, how they were certain why do they think this was large language model generated is kind of funny is because somewhere within the code of text, there were some things that were obviously hallucinated by large language model, right? So, it kind of derped out to hallucinate some stuff and based on that, they were able to figure out that okay, some portion of this all or most of it was written by a large language model. The thing that was hallucinated apparently is the CVSS, the common vulnerability scoring system. So, it's basically ranking how vulnerable a system is to these hacks from zero meaning none to 10. Nine or 10 is like critical. So, the attack script that was written in Python, it had that CVSS, that sort of rating of how vulnerable this thing was. And so, this attack script included this rating, which is very weird, right? So, real attackers, they're not going to rate their whatever CVSS score on their own malware. There's there's no no reason to, right? They're they're attacking a target. They're not filing some some paperwork compliant disclosure, right? So, this wasn't a human that added in there. What was it? It was obviously a large language model because they're trained on tons and tons of data. And so, if you're asking them, "Hey, you know, write a Python exploit for this vulnerability." You know, they know what that looks like. That includes that CVSS. So, I hope I'm making sense here. There's like a list of known exploits. Each has like ranking. These models are trained on them. So, when the hackers ask them to produce an attack script, it created brand new one, but it knows that you're supposed to add to this a CVSS thing from the list of known databases. So, it just made one up. It's kind of like if somebody just unearthed some dig site in Egypt in the pyramids or whatever. They unearthed a thing or at least they claimed that it was never before seen. First time that we've able to, you know, excavate this thing up. Right, it was some like remains of an ancient civilization, but on it it had some like a stamp of authenticity from, you know, the last few years. That's basically what the model did. So, Google was quick to mention that Gemini, their own large language model, that that wasn't what was used. They did point their finger at someone else from Google Cloud, one of their their blog post that posted about this specific thing. They said, "To facilitate these activities, actors are also experimenting with agentic tools such as Open Claw and One Claw alongside intentionally vulnerable testing environments. So, with this particular exploit, they were able to bypass the 2FA, the two-factor authentication, to just log into that web administration portal that was apparently very very popular and open-source. Interestingly, that they flagged Open Claw and One Claw. I haven't heard of One Claw, but it's probably in the same kind of domain as Open Claw. And also, it seems that they're sort of refining these AI-generated payloads within controlled settings to increase exploit reliability prior to deployment. At least according to Google who who found this issue. So, I want to dive just a little bit deeper into this whole thing because it's fascinating what they wrote up, but really fast, just so you understand the scale of this. So, it's not just Apple and Google, right? I hope that that makes sense. It's not like just the two biggest companies in in the world are affected and no one else. They're just the most recognizable names. As a John Holtquist, chief analysis that Google threat intelligence arm as he said, said, "It's here. The era of AI-driven vulnerability and exploitation is already here." And I think that makes sense. So, first of all, it's not just Claude Mythos. That was the one That was the for the first opening sort of salvo. But GPT-5.5, they have their own sort of behind-the-scenes cybersecurity version of it that trusted organizations are able to to use. That in a lot of ways is It seems like it's just as good, but it does seem like they have their own different focuses and strengths. So, it's not that Mythos is better or GPT-5.5 cybersecurity or whatever they're calling it That one's better. They tend to each discover different vulnerabilities. So, running them in tandem will give you kind of the broadest reach and the most vulnerabilities discovered. But here's the thing, which you might not know, is that there's another model that's better than both of them, at least by some measures. That might come as a surprise to a lot of people, and it was developed by Microsoft. Microsoft just beat Mythos and GPT-5.5 on the leaderboard. So, here's Cyber Gym. Here's the success rate. So, as you can see, Claude Mythos is up here, GPT-5.5 is here, but notice something that was released later than both of them and sits above them is M-Dash. What you might be saying is M-Dash. They're saying Mythos has been M-Dashed. That's the That's a good one. M-Dash is Microsoft, but it's not one model, it's a hundred plus models working in tandem. By the way, that's what I'll That That company we we mentioned it briefly, that's what they've been saying for a while now, that orchestration of a lot of different models working together will always beat out just one big smart model. I got to give them credit because they came out very early when Mythos came out. They've been saying this for for weeks. So, that's another big important point to remember, orchestration beats single model brute force. We also have Palo Alto Networks, cybersecurity experts. They've found seven times more bugs in in this month than any other month. They found 75 vulnerabilities in their own products in 1 month, which is seven times more than what they usually find. This happened after they got access to Claude Mythos and GPT 5.5 Cyber. So, they're estimating about a 3 to 5 month lead time before they're calling it the Vulpocalypse, which it's hard to say the Bugpocalypse is is a I feel better. This is like Vuln like vulnerability Vulpocalypse. So, we don't know what to call it, but but it's coming within months and it's a bad, I think is the point. By the way, Palo Alto Networks, they're the ones that that really published some interesting stuff about how GPT 5.5 Cyber and Claude Mythos, they both have their own sort of of focus and what they're good at, meaning they identify different types of vulnerabilities. So, this means that for the broadest coverage organizations should run them both in parallel. Recently, the CEO of JP Morgan and the CEO of Anthropic, so that's Jamie Dimon and Dario Amodei, so they met on a conference, I think facilitated by CNBC, I believe. So, Dario's warning that there's a 6 to 12 month window for these companies to patch up the thousands of vulnerabilities that are could be uncovered by Mythos and GPT 5.5 Cyber. And they need to do that before the Chinese AI catches up. So, quote by Dario, "The danger is just a some enormous increase in the amount of vulnerabilities, in the amount of breaches, in the financial damage that's done from ransomware on schools, hospitals, not to mention banks." And of course, all the US banks are in a massive patching mode. JP Morgan, Goldman Sachs, City, Bank of America, Morgan Stanley, they all have Glasswing access, meaning Claude Mythos, probably working with GPT 5.5 Cyber and OpenAI as well. So, this is happening and things are being patched at a rate that have never before seen in these industries. Japanese mega banks will also be getting access, I guess included in as part of project glass wing by the end of the month, end of May. Now, some people are still saying that this is just a mythos hype. There's something called a Barracuda, they launched a mythos hype index currently sitting at 94, so very, very high. They're saying there's a big gap between expectations and measurable outcomes. So, they're saying the predicted AI driven CVE surge has not materialized. CVE stands for common vulnerabilities and exposure. So, every publicly known security bug gets an ID, it gets a description. And so, this Barracuda that's that's tracking it, they're saying we're not seeing a massive increase in the amount of these bugs being registered in the CVE. Here's the thing. Now, I don't know. To me, it seems like the way that we disclose these things will have to change. Notice neither Apple nor Google even described the actual exploit, the actual vulnerability. They're very kind of cagey about it. Notice that the researchers that found Apple's vulnerability, for example, they they took a piece of paper and they drove it over to the headquarters. Why do you think that's happening? It's simple. If you give enough clues about the vulnerability, then everyone in the world that has access to not even the smartest models like mythos, but some of the other models could probably figure out what the exploit was. The act of disclosing it might actually trigger it to become more dangerous, for more people to try and use it. If people are reporting a 10x, 20x increase in the amount of vulnerabilities found, we know this is happening, right? If that a CVE chart isn't moving up, it doesn't mean that those bugs aren't found. It just means they're not officially disclosed. Think about it. Why would there be? Why would somebody post everything those is your day exploits right now? They're patching everything up. Just posting all of that would give it more of an opportunity for people with these AI models to hack and exploit these vulnerabilities. As a lot of people have already said, you should probably consider updating all your software, updating all your devices, and making sure nothing's out of date because it's very likely as these bugs are getting discovered, they're not being brought cast out there. First and foremost, what happens is the engineers at the company internally, they patch everything up. They push out their updates, right? and then maybe even notify other people that might have a similar vulnerabilities. They're not going to put all that knowledge out there for the bad guys to find. Not on day one. So, the people that are saying that this is just marketing for Anthropic, that doesn't make any sense to me. Isn't marketing for products that you release? Like if I release a product, and I want you to buy it, I'm going to tell you how awesome it is so that you can buy it. Isn't that what marketing is? If I say, "I have this product. It's too dangerous for you to have, so I'm not selling it to you." Is that marketing? What am I marketing? Now, you might say, "Oh, but they're marketing themselves so that people spend more money." But here's the thing, Anthropic is giving away a hundred million dollars of tokens for Project Glasswing. So, all those banks that are patching up all their vulnerabilities right now, Anthropic gave them a collectively a hundred million dollars in tokens. So, I don't know, maybe this is some sort of a long con game, long-term marketing, but to me it seems like number one, they're not selling the model. They're giving away usage of the model for free. And all these banks, after seeing all the exploits, are rapidly taking advantage of that to make sure that they don't get so pawned when this thing it becomes more commonplace. That doesn't strike me as marketing. Let me know if I'm missing something. Do you think Dario this is his approach to marketing a product by not releasing it and then paying for it so you you know, I mean if you want to charge anybody money it it it's probably the US banks, right? But wouldn't you think that that they have the money? They'll be fine. Just charge them a fee. No, they're providing for free the use of this model. Where's the marketing? Now I get that there's some long-term goodwill that will be built as you know, through doing this, but I I wouldn't call that marketing. And this is from Google Cloud from their blog post that they've published about finding this zero-day vulnerability. They're saying that adversaries are advancing their implementation of AI-enabled tooling. Moving beyond content generation and tool development into more sophisticated autonomous attack orchestration for malware commands. Threat actors have begun relying on LLMs for interactive system navigation and real-time decision-making. By integrating LLMs into malware operations, attackers can enable payloads to act autonomously, independently interacting with the victim environment or device, synthesizing system states and executing precise commands devoid of human supervision. Right? So these are autonomous agentic swarms that go in there and try to hack and do stuff on their own without immediate human supervision. Like this isn't 10 years in the future. This is this is a few days ago. We're we're here. A primary example of this evolution is a prompt spy, an Android backdoor first identified by ESET. And here they're using the Google Gemini API to facilitate persistence. And what's behind a lot of this or or at least some of it is the weaponization of open class skills. Now this whole thing is insane. It's a great read. I'll post it down below. They talk about how AI is used to hijack various news apps and splice in videos of fabricated content. So they use like real journalists have real pieces and then AI is used to splice in I'm not going to read what they're saying, but it's it's used to target a certain groups to create false narratives. And we also have our weaponized open claw skills. We've talked about this before. So, skills that are used, you know, skilled at MD initially used for claw code open claw used them quite a bit when they first came out there was a lot of people affected by these insecure pack ages that would expose people's APIs and do all sorts of nefarious things. Anyways, I hope this is giving you a glimpse into the future. Notice that everyone's saying kind of the same thing from JP Diamond, Dario Amodei, the people in Palo Alto Networks and the Isle Group and just Microsoft. They they all seem to be saying the same thing. This thing is here. Google researchers that we just read they're like, "It's here. It's now." You know, whether you want to call it the bug apocalypse or the vuln apocalypse or whatever they want to call it. It's a ramp ing up now with potentially a much bigger wave coming soon when the Chinese AI catches up and it will likely be open source. One of the common things that I've been observing since I started this channel is that there's just a large group of people, some segment of the people covering AI or talking about AI, that just no matter what happens they're like, "Nope. Nothing's happening. There's no progress. AI is an illusion." And it's just and just a little bit frustrating, but at some point it's like, "What will it take for people to realize that like stuff is changing." AI capabilities have been rapidly improving to the point now that it's threatening large companies, that it's threatening banks. What would it take for everyone to start believing that it's that's here, it's real? But make no mistake about it, top-tier Google engineers, cybersecurity experts are saying like, "It's real, it's here." Top people at Apple are saying it's real, it's here. People that are running the financial industry, the biggest of banks, they're saying it's real, it's here. The people that are doing cybersecurity research, they're saying it's real, it's here. And amidst all of this, there's people that are saying it's all hype. 94% is 100% pure hype. So, 94% is like almost pure hype. The Mythos Hype Index is it exists to answer a simple question with data rather than anecdotes. Is the predicted surge actually happening? In their opinion, it's not. Here's the number of exploits found with the Mozilla Firefox so and topic teamed up with them. This massive surge was that. And also the stuff that's being posted by Apple and Google, well, all the networks and their 7x increase in the number of vulnerabilities found in 1 month. So, on one side, we have a lot of very smart, very credible people that are saying, "Be careful. There's a bug apocalypse coming." On the other side, we have people that are saying, "Ah, it's just hype, it's just marketing." Both those groups can't be right at the same time. For me, personally, I plan on saying I told you so quite a bit over the next year or so, but whatever else is the case, do take some time to think about your personal cybersecurity. If you get hacked, are you limited in the amount of damage? What is the worst thing that can happen? How do you prevent it from happening? This might be a great time, kind of the calm before the storm, to maybe take some basic precautions. Make sure everything's updated, kind of keep your passwords a little bit more protected. Take that whole thing a little bit more seriously. If this is all just a marketing and hype, nothing bad will happen. You'll be that much more secure. But, if it indeed hits the fan, then you know, 6 months from now, just hit the thumbs up a button and make sure you're subscribed. Say something nice in the comments. That is all I ask. If you made it this far, thank you so much for watching. My name is Wes Roth. I'll see you in the next one.