Skip to content

The AI Tool That Scared Anthropic & What it Means for Your Agency

Stock Photo (26)

When the company that built an AI tool won't release it to the public. What happened, and why insurance agencies need to pay attention...

By Lamar Garrett | Redbird Security

Last month, Anthropic, one of the most prominent AI companies in the world, built something that alarmed even them.

Their new model, called Claude Mythos, found thousands of previously unknown vulnerabilities in the world's most critical software. Operating systems, web browsers, infrastructure code that runs banks, hospitals, and yes, insurance agencies. One of those flaws had been hiding in plain sight for 27 years. Mythos found it in almost no time at all.

Instead of a public release, companies like Apple, Microsoft, Google, CrowdStrike, and Amazon were given access under a program called Project Glasswing. They assembled a coalition to find issues and patch them.

This opened Pandora’s box because cybersecurity researchers are already saying the same class of vulnerabilities Mythos uncovered can be found using AI tools that are available right now to anyone who knows how to use them.

Most agencies think: "This doesn't apply to me. My clients' data lives in the carrier portal."

That's the gap attackers count on. A compromised laptop or a single phishing email gives an attacker a window into everything you access, not just what you store. They don't need to break into the carrier. They just need to break into you. And state and federal regulations don’t ask where the data lived. They ask whether you took reasonable steps to protect access to it.

The window to get ahead of this is narrow. Three places to start:

  • Patch religiously. AI tools are now finding decades-old flaws at machine speed in everything. That includes browsers and email. If your systems aren't current, you're a target.
  • Lock down access. Multi-factor authentication everywhere is non-negotiable and if you want to go further, enable number matching in your authenticator. It stops push bombing and costs nothing.
  • Run Endpoint Detection. Antivirus is no longer good enough and some carriers along with cyber insurance are now requiring endpoint detection.

The threat landscape didn't gradually shift. It lurched. The agencies that recognize that now are the ones that won't be explaining a breach to their clients, or their E&O carrier, later.

REDBIRD SECURITY is PIA's endorsed provider of Cybersecurity and IT Services

Redbird Security is available to PIA members for brief consults regarding your agency’s technological needs. Got a quick question for an IT expert who understands agency work flows?

Contact Lamar Garrrett | lamar@redbirdsecurity.com

Categories

Archives

Scroll To Top