内容来源：https://www.wired.com/story/anthropic-mythos-preview-project-glasswing/

内容总结：

AI安全新挑战：Anthropic联合科技巨头启动"玻璃翼计划"应对Claude Mythos网络安全冲击

在3月底消息泄露后，人工智能公司Anthropic于本周二正式宣布推出其强大的新模型Claude Mythos预览版，并同步发起名为"玻璃翼计划"的行业联盟，以应对该模型及更广泛的AI能力进步对网络安全带来的深刻影响。

该联盟集结了微软、苹果、谷歌、亚马逊云科技、Linux基金会、思科、英伟达、博通等超过40家科技、网络安全、关键基础设施及金融机构。这些成员将获得该模型的非公开访问权限。此举旨在为核心技术平台的开发者提供时间，利用Mythos预览版测试自身系统，以缓解该模型在模拟攻击中可能发现或利用的漏洞与攻击链。

Anthropic强调，召集此联盟更广泛的目的，是紧急启动对全行业AI能力已处于颠覆全球现有软件安全与数字防御实践"临界点"的探索。公司前沿红队负责人洛根·格雷厄姆指出，核心信息并非关于模型或Anthropic本身，而是必须为未来6至24个月内这些能力广泛普及的世界做好准备，届时许多现行安全假设可能失效。

Anthropic首席执行官达里奥·阿莫代伊在项目发布视频中表示，Claude Mythos预览版是一次"特别大的飞跃"。该模型并非专门针对网络安全训练，但其卓越的代码能力产生了强大的网络安全分析"副作用"。他强调，更强大的模型将持续涌现，行业必须制定应对计划。

格雷厄姆透露，Mythos预览版不仅能发现漏洞、生成潜在攻击链与概念验证，还能进行更高级的漏洞利用开发、渗透测试、终端安全评估、系统错误配置搜寻以及无需源代码的软件二进制评估。该模型已能完成资深安全研究员的工作，这意味着其发布方式必须极其审慎，否则可能显著助长攻击者能力。

项目采用分阶段发布策略，从行业协作阶段开始，借鉴了协调漏洞披露的原则，即为开发者预留修复时间。Anthropic表示，模型使用已开始发现数千个关键漏洞，包括一些在受严格审查的代码中也被反复遗漏的、存在数十年的漏洞。

尽管联盟中包含竞争对手，但各方均展现出合作姿态。谷歌安全工程副总裁希瑟·阿德金斯表示，AI为网络防御带来新挑战与新机遇。微软全球首席信息安全官伊戈尔·齐甘斯基认为，在网络安全突破纯人力限制的阶段，负责任地利用AI大规模提升安全、降低风险是前所未有的机遇，早期接入有助于更好地保护客户与自身。

格雷厄姆坦言，其团队深感全球协作的紧迫性。"玻璃翼计划"仅是起点，若仅局限于少数公司使用模型则将失败，必须发展成为更宏大的体系。当前最紧要的任务是厘清所有待解问题并找到答案。

中文翻译：

继三月底Anthropic公司开发出强大新版Claude模型的消息泄露后，该公司于本周二正式发布Mythos预览版，同时宣布成立名为"玻璃翼计划"的行业联盟，以应对新模型带来的网络安全影响，并更广泛地探讨人工智能领域日新月异的能力发展。

该联盟成员包括微软、苹果、谷歌以及亚马逊云服务、Linux基金会、思科、英伟达、博通等超过40家科技、网络安全、关键基础设施和金融机构。这些成员将获得尚未公开发布的模型优先访问权。此举部分目的是让全球基础技术平台的开发者有时间在其自有系统上测试Mythos预览版，从而在模拟攻击中修补该模型可能发现的漏洞与攻击链。更广泛而言，Anthropic强调召集此次行动旨在紧急探索全行业人工智能能力如何处于颠覆全球现有软件安全与数字防御实践的临界点。

"核心信息在于这不仅是关于某个模型或Anthropic公司，"该公司前沿红队负责人洛根·格雷厄姆向《连线》杂志表示，"我们必须为6个月、12个月、24个月后这些能力广泛普及的世界做好准备。安全领域的许多规则都将改变，现代安全范式所基于的诸多假设可能被彻底颠覆。"

多家公司研发训练的模型正日益擅长发现代码漏洞并提出修复方案——或攻击策略。这催生了新一代安全领域的经典攻防博弈：工具既能助力防御者，也可能助长恶意行为，使曾经成本过高或过于复杂而难以实施的攻击变得触手可及。

"Claude Mythos预览版实现了巨大飞跃，"Anthropic首席执行官达里奥·阿莫代伊在玻璃翼计划启动视频中表示，"我们并未专门训练其网络安全能力，而是着力提升其代码能力。但作为精于代码的副产品，它在网络安全方面同样表现出色。"他补充道："更强大的模型将陆续从我们及其他公司诞生，因此我们确实需要制定应对方案。"

格雷厄姆指出，除漏洞发现（包括生成潜在攻击链与概念验证）外，Mythos预览版还能进行更高级的漏洞利用开发、渗透测试、终端安全评估、系统错误配置排查，以及无需源代码的软件二进制文件评估。

通过采用分阶段发布策略（从行业协作阶段开始），格雷厄姆表示Anthropic借鉴了协调漏洞披露原则——即在公开讨论前给予开发者修复漏洞的时间。

"我们目睹Mythos预览版完成了资深安全研究员才能完成的任务，"格雷厄姆说，"这对如何发布此类能力具有重大意义。若处理不当，可能显著加速攻击者的行动。"

包括Anthropic部分竞争对手在内的玻璃翼计划合作伙伴在启动声明中均展现出协作姿态。

"谷歌乐见这项跨行业网络安全倡议的推进，"谷歌安全工程副总裁希瑟·阿德金斯在声明中表示，"我们始终认为人工智能既带来网络安全新挑战，也开辟了防御新机遇。"

互联网基础设施组件维护方与基础技术平台开发商对此次合作也表现出浓厚兴趣，特别是考虑到Anthropic透露Mythos预览版已发现数千个关键漏洞，其中甚至包含某些存在数十年、在经受最严格审查的代码中仍被反复遗漏的缺陷。

"当网络安全突破纯人力限制的时代来临，负责任地运用人工智能提升安全水平、大规模降低风险的历史机遇前所未有，"微软全球首席信息安全官伊戈尔·齐甘斯基在声明中表示，"加入玻璃翼计划并获得Claude Mythos预览版访问权，使我们能及早识别并化解风险，增强安全与开发解决方案，从而更好地保护客户和微软。"

格雷厄姆表示，其所在的前沿研究团队深感全球协作的紧迫性与必要性。

"联盟当前最重要的任务或许是厘清所有待解问题并寻求答案，"格雷厄姆强调，"玻璃翼计划仅是起点。若仅限少数公司使用模型，计划必将失败。它必须发展成更宏大的体系。"

英文来源：

Following leaked revelations at the end of March that Anthropic had developed a powerful new Claude model, the company formally announced Mythos Preview on Tuesday along with news of an industry consortium it has convened, known as Project Glasswing, to grapple with the cybersecurity implications of the new model and advancing capabilities more generally across the AI field.
The group includes Microsoft, Apple, and Google as well as Amazon Web Services, the Linux Foundation, Cisco, Nvidia, Broadcom, and more than 40 other tech, cybersecurity, critical infrastructure, and financial organizations that will have private access to the model, which is not yet being generally released. The idea, in part, is simply to give the developers of the world's foundational tech platforms time to turn Mythos Preview on their own systems so they can mitigate vulnerabilities and exploit chains that the model develops in simulated attacks. More broadly, Anthropic emphasizes that the purpose of convening the effort is to kickstart urgent exploration of how AI capabilities across the industry are on the precipice, the company says, of upending current software security and digital defense practices around the world.
“The real message is that this is not about the model or Anthropic,” Logan Graham, the company's frontier red team lead, tells WIRED. “We need to prepare now for a world where these capabilities are broadly available in 6, 12, 24 months. Many things would be different about security. Many of the assumptions that we’ve built the modern security paradigms on might break.”
Models developed and trained by multiple companies have increasingly been able to find vulnerabilities in code and propose mitigations—or strategies for exploitation. This creates a next generation of security's classic cat-and-mouse game in which a tool can aid defenders but can also fuel bad actors and make it easier to carry out attacks that were once too expensive or complex to be practical.
“Claude Mythos preview is a particularly big jump,” Anthropic CEO Dario Amodei said on Tuesday in a Project Glasswing launch video. “We haven't trained it specifically to be good at cyber. We trained it to be good at code, but as a side effect of being good at code, it's also good at cyber.” He adds in the video that “more powerful models are going to come from us and from others. And so we do need a plan to respond to this.”
Anthropic's Graham notes that in addition to vulnerability discovery—including producing potential attack chains and proofs of concept—Mythos Preview is capable of more advanced exploit development, penetration testing, endpoint security assessment, hunting for system misconfigurations, and evaluating software binaries without access to its source code.
In carrying out a staggered release of Mythos Preview, beginning with an industry collaboration phase, Graham says that Anthropic sought to draw on tenets of coordinated vulnerability disclosure, the process of giving developers time to patch a bug before it is publicly discussed.
“We've seen Mythos Preview accomplish things that a senior security researcher would be able to accomplish,” Graham says. “This has very big implications then for how capabilities like this should be released. Done not carefully, this could be a meaningfully accelerant for attackers.”
Project Glasswing partners, including some of Anthropic's competitors, struck a collaborative tone in statements as part of the launch.
“Google is pleased to see this cross-industry cybersecurity initiative coming together,” Heather Adkins, Google's vice president of security engineering, says in a statement. “We have long believed that AI poses new challenges and opens new opportunities in cyber defense.”
Those who maintain components of internet infrastructure and firms that develop foundational tech platforms also seem enthusiastic about the collaboration, especially given that Anthropic says use of Mythos Preview has already started to uncover thousands of critical vulnerabilities, including some decades-old bugs that have been repeatedly missed or overlooked in even the most scrutinized code.
“As we enter a phase where cybersecurity is no longer bound by purely human capacity, the opportunity to use AI responsibly to improve security and reduce risk at scale is unprecedented,” Microsoft's global CISO, Igor Tsyganskiy, says in a statement. “Joining Project Glasswing, with access to Claude Mythos Preview, allows us to identify and mitigate risk early and augment our security and development solutions so we can better protect customers and Microsoft.”
Graham says his team at Anthropic, a frontier research group, feels the urgency and the need for global collaboration.
“Probably the most important thing the group needs to do is figure out all the questions that need answers and then figure out the answers,” Graham says. “Project Glasswing is the starting point. It will fail if it’s just a handful of companies using a model. It has to grow into something even larger.”