内容来源：https://www.sciencenews.org/article/cybersecurity-threat-new-ai-models

内容总结：

AI模型成网络安全新威胁？专家：攻击速度已从“年”缩短至“月”

人工智能技术的飞速发展正给全球网络安全带来前所未有的挑战。最新一代AI模型不仅能独立策划并执行对模拟企业网络的完全控制，甚至能像顶尖黑客一样寻找并利用操作系统和软件中的安全漏洞。这意味着，过去需要一整支黑客团队才能完成的攻击，如今一个黑客借助AI就能实现。

由澳大利亚、加拿大、新西兰、英国和美国组成的“五眼联盟”在6月22日发出严厉警告，指出最新AI技术“降低了恶意行为的门槛，并提高了攻击的速度和复杂性”。该联盟将威胁的时间框架从“年”缩短到了“月”。

其中，Anthropic公司的Mythos 5和OpenAI公司的GPT-5.5两款新模型已被证实具备高度自主的攻击能力。挪威 Simula 研究实验室的AI安全专家迈克尔·亚历山大·里格勒指出，这些模型极大地缩短了“发现漏洞”到“利用漏洞”的时间，因为整个流程可以实现自动化。攻击者不再需要雇佣两三百人的黑客团队，只需购买数百块GPU（用于运行AI的专用芯片）就能达到类似效果。

然而，里格勒也指出，围绕Mythos 5的恐慌“一半是实际危险，一半是营销策略”。他强调，安全威胁不仅来自模型本身，更来自于模型周围构成的完整系统，比如它是否连接网络、能否测试自身代码等。这些系统层面的风险同样至关重要。

面对日益高级的AI网络攻击，里格勒建议个人用户务必为不同服务设置不同密码、保持软件持续更新、并开启双重验证。而对于企业和公共机构，他则警告称“它们仍然落后”，必须严肃对待AI安全风险，不应认为威胁还很遥远。

中文翻译：

最新人工智能模型究竟构成多大的网络安全威胁？
我们采访了一位专家，探讨其中风险以及如何自我保护
人工智能在各方面都变得越来越强大，包括黑客攻击。如今，窃取他人身份、瘫痪敏感的银行和医疗系统、或劫持公司数据以勒索赎金，都比以往任何时候更容易。如果网络安全防御者没有做好准备，网络攻击者将会利用人工智能制造混乱。

“时间线不是几年，而是几个月，”跨国情报联盟“五眼联盟”在6月22日警告称。最新的人工智能技术“降低了恶意行为者的门槛，并提升了攻击的速度和复杂性。”五眼联盟是一个可追溯至二战时期的秘密联盟，由澳大利亚、加拿大、新西兰、英国和美国组成，共同搜集情报或应对安全威胁。

两个新模型——Anthropic的Mythos 5和OpenAI的GPT-5.5——已被证明能够独立策划并完全接管一个模拟的企业网络。这意味着，单个黑客就能完成过去需要一整个团队才能做到的事情，挪威奥斯陆Simula研究实验室的AI安全专家迈克尔·亚历山大·里格勒表示。这些模型还能以专家级水平发现并利用操作系统、浏览器及其他软件中的安全漏洞，这可能会让防御者疲于修补漏洞。

五眼联盟发布警告之前，美国政府以国家安全为由，禁止Anthropic让外国公民接触Mythos 5和另一款新模型Fable 5。Mythos 5此前仅提供给网络防御者，用于在技术落入恶意行为者之手前帮助识别和修复任何漏洞。Fable 5则是同一模型的变体，加入了额外的安全措施，以防止其在网络犯罪中被滥用，仅向公众开放了几天。

那么，由人工智能驱动的网络攻击是否真的迫在眉睫？还是这更多是企业的姿态和营销炒作？《科学新闻》就这些风险与现实情况采访了里格勒。以下访谈内容经过编辑，以求简洁明了。

《科学新闻》：最新的人工智能模型尤其危险吗？
里格勒：在过去的几个月里，我们听到了很多关于Mythos及其危险性的讨论。我同意人工智能确实存在很多安全风险。随着这些模型能力的提升，从发现问题到利用问题的时间变得非常短，因为你基本上可以自动化整个流程。但这并不是什么新鲜事……不仅仅是新模型构成安全威胁，已经存在的其他模型也是如此。如果你知道如何使用它们，就能做出相当糟糕的事情。

仔细想想，这其实很合乎逻辑。像Claude Code这样的工具使编程变得高效得多。你可以自动化整个过程。你可以同时使用数百个人工智能代理来探索不同的安全漏洞。以前，你需要雇佣一个两三百人的黑客团队来进行有组织的网络犯罪。现在，你或许只需要购买300块GPU（用于运行人工智能的专用计算机芯片），就能做类似的事情。

《科学新闻》：那么，为什么对Mythos有这么多担忧？
里格勒：我认为这既是营销，也是真实的危险。如果你说：“我掌握着某种非常危险的东西，我们不能发布它。”很多人就会对此产生浓厚兴趣，并想成为能接触它的小圈子的一员……这有点像一场秀，而且（美国政府与Anthropic）关注错了问题。

《科学新闻》：应该关注的问题是什么？
里格勒：人工智能对安全是一个巨大的风险……但（安全风险）不仅仅是模型本身的问题。还涉及模型周围的一切。你给它提供什么样的工具，它是否能访问互联网，它是否能测试自己的代码。所以，围绕它的整个系统也非常重要。

在我们的测试中（将小型人工智能模型与各种工具相结合的系统），我们制造了一个系统，例如，它可以黑进你的网站，找到你网站的安全漏洞，同时也能黑进你的网络，尝试在那里找到安全漏洞。它还能攻破另一个AI，并让它做不该做的事情。它相当灵活。

《科学新闻》：网络安全防御者将能使用与攻击者相同的工具，这算不算是好消息？
里格勒：对自己系统安全性的测试将会更加高效。我认为，最终它会自行达到平衡。这又会变成一场猫鼠游戏：谁先找到漏洞，谁先堵住它，或者谁先利用它。只是速度比我们现在看到的要快得多。

《科学新闻》：人们能做些什么来保护自己免受复杂的人工智能网络攻击？
里格勒：对于不同的服务，要更加谨慎地使用不同的密码。始终保持你的软件更新，使用双重身份验证。所有那些可能有点麻烦但能提高安全性的措施，我都建议你去做。

《科学新闻》：公司和公共机构呢？
里格勒：当我与不同公司或公共部门的安全专家交谈时，他们仍然落后。有些人非常害怕，而有些人则完全不当回事。他们必须认真对待人工智能的安全风险，不要认为那是很遥远的事情。

英文来源：

How big a cybersecurity threat are the latest AI models, really?
We spoke to an expert about what the risks are and how we can protect ourselves
Artificial intelligence is getting better at everything, including hacking. It’s becoming easier than ever before to steal someone’s identity, cripple sensitive banking and health care systems, or hold a company’s data ransom. And if cybersecurity defenders aren’t ready, cyber attackers will exploit AI to wreak havoc.
“The timeline is not years, it is months,” the multinational intelligence group Five Eyes warned June 22. The newest AI technology “lowers barriers for malicious actors and increases the speed and complexity of attacks.” Five Eyes is a secretive alliance dating back to World War II in which Australia, Canada, New Zealand, the United Kingdom and the United States work together to gather intelligence or respond to security threats.
Two new models, Anthropic’s Mythos 5 and OpenAI’s GPT-5.5, have each proven capable of independently planning and carrying out a full takeover of a simulated corporate network. That means a single hacker could do what once required a large team, says AI security expert Michael Alexander Riegler of Simula Research Laboratory in Oslo, Norway. These models can also find and exploit security holes in operating systems, browsers and other software at an expert level, which could leave defenders scrambling to patch vulnerabilities.
The Five Eyes warning comes on the heels of the U.S. government barring Anthropic from allowing foreign nationals access to Mythos 5 and another new model, Fable 5, citing national security concerns. Mythos 5 had been made available only for cyber defenders to help identify and fix any vulnerabilities before the tech landed in the hands of bad actors. Fable 5, a version of the same model loaded with extra safeguards geared toward preventing its misuse in cybercrime, was available to the general public for only a few days.
So are AI-fueled cyberattacks really an imminent threat? Or is this more corporate posturing and marketing hype? Science News asked Riegler about the risks and the reality. This interview has been edited for length and clarity.
SN: Are the latest AI models especially dangerous?
Riegler: In the last months, we heard a lot about Mythos and how dangerous it is. And I agree that AI has a lot of security risks. When the capability goes up for these models, the time from finding any issue to exploiting it gets really short, because you can basically automate the whole pipeline. But it’s not something really new…. [It’s] not just the latest models [that] are a security threat, but also other models that are already available. If you know how to use them, you can … do quite bad stuff.
It’s logical if you think about it. Tools like Claude Code make it much, much more efficient to code. You can automate the process. You could use several hundred [AI] agents at the same time to explore different security holes. Before, you needed to hire a group of two to three hundred hackers [for organized cybercrime]. Now you maybe just have to buy 300 GPUs [specialized computer chips used to run AI] and you can do similar things.
SN: So why all the concern about Mythos?
Riegler: I think it’s as much marketing as a real danger. If you say, “I’m sitting on something that is so dangerous, we cannot release it,” a lot of people will get really interested in that and want to be part of this group that has access…. It’s a bit of a show, and [the U.S. government and Anthropic] are focusing on the wrong problem.
SN: What is the right problem to focus on?
Riegler: AI is a huge risk for security…. But [the security risk] is not just about the model. It’s also about everything around the model. What kind of tools you provide it, if it has access to internet, if it can test its own code. So the whole system around it is also very important.
In our tests [with systems combining small AI models and various tools], we made a system that could, for example, hack your website and find security holes in your website, but also hack your network and try to find security holes there. Or it could break another AI and get it to do things it shouldn’t do. It’s quite flexible.
SN: Is there an upside to the fact that cybersecurity defenders will have access to the same tools as attackers?
Riegler: The testing of the security of your own system will be more efficient. I think, in the end, it will balance itself out. It will be again this cat-and-mouse game of who finds the hole first, who closes it first, or who exploits it first. Just at a much higher speed than we see now.
SN: What can people do to protect themselves from sophisticated AI-enabled cyberattacks?
Riegler: Be even more careful about using different passwords for different services. Have your software up to date all the time, use two-factor authentication. Everything you do that is maybe a bit bothersome, but increases security, I would recommend you to do.
SN: What about companies and public agencies?
Riegler: When I talk to security experts in different companies or the public sector, they’re still behind. Some of them are very scared, others are not at all. They have to take AI security risks seriously and not think that it’s something far in the future.