I would guess ~75% chance that a Chinese lab releasing an open-source Mythos-level model would cause a significant wave of cyberattacks, to the extent that ordinary people would notice the impact on their lives.
This is a pretty rough guess just based on the cybersecurity community’s reaction to Mythos and Project Glasswing. There seems to be a consensus that Anthropic just releasing Mythos in April with no safeguards would have been extremely dangerous.
I’d expect a Chinese lab releasing a Mythos-level in, say, December would be worse in some respects because there is now much greater awareness of the capabilities of AI for cybercrime than there was pre-Mythos. Obviously, the existence of Mythos (and Mythos+n models) for cyberdefense will limit the impact in the OECD, but I don’t think by EOY there will have been much AI-driven hardening of cyberdefense in China/the developing world since they’re not included in initiatives like Project Glasswing. I’m thinking particularly of institutions like local governments, hospitals and utilities.
Main reasons I could be wrong:
1) The cybersecurity, Anthropic and the US government’s reaction to Mythos might have been a huge overreaction and it’s not so capable after all
2) Maybe cyberdefenders who don’t have access to Mythos will take the initiative to use the AIs they do have access to to improve cyberdefense over the next few months, and this will be enough
3) It could take time for awareness to spread among cybercriminals that GLM 5.x is Mythos-level and that you can circumvent any safeguards, and this will give time for cyberdefenders to use it to fix bugs.
Yeah, conditional on a Chinese lab releasing an open-source Mythos level model before December, I overall expect most people won’t notice anything. An uptick in stories of hacks in newspapers, sure, some billions of damage overall, sure—but, meh, a few billion of damage is small in the world economy, and small relative to the level of positive use the model would get.
I would guess ~75% chance that a Chinese lab releasing an open-source Mythos-level model would cause a significant wave of cyberattacks, to the extent that ordinary people would notice the impact on their lives.
This is a pretty rough guess just based on the cybersecurity community’s reaction to Mythos and Project Glasswing. There seems to be a consensus that Anthropic just releasing Mythos in April with no safeguards would have been extremely dangerous.
I’d expect a Chinese lab releasing a Mythos-level in, say, December would be worse in some respects because there is now much greater awareness of the capabilities of AI for cybercrime than there was pre-Mythos. Obviously, the existence of Mythos (and Mythos+n models) for cyberdefense will limit the impact in the OECD, but I don’t think by EOY there will have been much AI-driven hardening of cyberdefense in China/the developing world since they’re not included in initiatives like Project Glasswing. I’m thinking particularly of institutions like local governments, hospitals and utilities.
Main reasons I could be wrong:
1) The cybersecurity, Anthropic and the US government’s reaction to Mythos might have been a huge overreaction and it’s not so capable after all
2) Maybe cyberdefenders who don’t have access to Mythos will take the initiative to use the AIs they do have access to to improve cyberdefense over the next few months, and this will be enough
3) It could take time for awareness to spread among cybercriminals that GLM 5.x is Mythos-level and that you can circumvent any safeguards, and this will give time for cyberdefenders to use it to fix bugs.
Yeah, conditional on a Chinese lab releasing an open-source Mythos level model before December, I overall expect most people won’t notice anything. An uptick in stories of hacks in newspapers, sure, some billions of damage overall, sure—but, meh, a few billion of damage is small in the world economy, and small relative to the level of positive use the model would get.