MI5 is racing to bolster the defences of Britain’s most critical companies against the hacking threat posed by a powerful new wave of AI.
Experts at the Security Service have been in contact with energy, water and communications companies to warn them about Mythos, an AI tool that has been deemed by its developer Anthropic to be too dangerous for general release.
A source said: “They [MI5] have been asking critical companies to be fully aware of the threat. They are making those responsible aware that the threat has evolved.”
Companies which own Critical National Infrastructure (CNI) include National Grid, BT, water companies and the nuclear power giant EDF. MI5 is responsible for protecting their security.
Kanishka Narayan, the AI minister, did not name names but confirmed that such companies had been put on alert about the AI tool, which was developed by the Silicon Valley giant Anthropic.
Mr Narayan said ministers had gained a “deep understanding” of Mythos via the AI Security Institute, an official testing lab, which has shared its findings with GCHQ specialists.
He said: “As a result of that deep understanding, the first thing we are able to do is protect critical national infrastructure and call private businesses as well. We were able to take action and we’ll continue to do that in future as well.”
The details of any measures taken are being kept secret. However, the work signals an escalation of the official response to Mythos. The Telegraph previously revealed talks between the Bank of England and critical companies in the financial sector.
The Telegraph also understands that Richard Horne, the chief executive GCHQ’s National Cyber Security Centre (NCSC), intends to address the risks at a security conference in Glasgow this week.
Officials have been working with the National Protective Security Authority, part of MI5 that is charged with protecting critical industries. Security sources said the latest advice was being shared with relevant businesses so they can shore up their defences.
‘Step up’
According to Anthropic, Mythos is capable of finding new vulnerabilities in computer networks with little human oversight. It has already found thousands of flaws that could open up devastating cyber attacks.
Anthropic has so far held back from a public launch of Mythos because of such fears. It has created an industry group, called Project Glasswing, made up of tech giants, including Apple and Microsoft, and Wall Street banks. The companies will have early access to the technology so they can fix any flaws they find.
The UK has also had access to Mythos through the AI Security Institute. The lab warned last week that Mythos was a “step up” on past AI and could undertake attacks that might normally take a human professional days of work.
However, companies have been privately clamouring for access to the tool. Pip White, Anthropic’s UK chief, said last week that British businesses would be invited to join Glasswing “in the very near term”.
Mr Narayan said it was important to pursue the opportunities created by the latest AI and protect systems from it.
He said: “We need to say this very seriously. We need to have the best frontier AI capability today.
“I’d encourage all firms to move both quickly and seriously in making sure that they’re protected, as well as making the most of the opportunities of AI adoption.”
Britain’s critical infrastructure owners will need to use Mythos to thoroughly test their own defences and uncover bugs that could be exploited by criminals. Banks including Barclays, Lloyds and NatWest have asked Anthropic for access.
Hackers previously targeted drinking water supplies, although they failed to cause any outages. In one Irish case, Iranian cyber-attackers knocked out supplies to one region for several days.
A government spokesman said: “The UK government is aware of the potential risks posed by emerging technologies and we remain vigilant against any potential threats.”
