SCOTT SIMON, HOST:
U.S. government's asserting a new level of control over AI. Earlier this month it banned foreigners from using two of Anthropic's most powerful new models. It partially reversed the ban yesterday but retains control over which companies have access. Meanwhile, Anthropic's rival OpenAI said yesterday that it had agreed to let the administration screen users of its newest model. NPR's tech correspondent John Ruwitch joins us. John, thanks so much for being with us.
JOHN RUWITCH, BYLINE: Sure thing, Scott.
SIMON: And how powerful are these new AI models?
RUWITCH: Yeah. I've talked with a couple of people who've used related models, and they say they are really powerful. The AI model that kind of kicked all this off is called Mythos. It's from Anthropic. It's not public yet, but a small number of tech companies have been getting exclusive access to a preview version. That includes companies like Google, Microsoft. It also includes Cisco. I spoke with the head of security at Cisco, Anthony Grieco.
ANTHONY GRIECO: AI is a game changer for security, period. The world is changing. Mythos has amped up that change.
RUWITCH: He's talking about cybersecurity, of course. That's one of the things that Mythos was designed to be good at. And what it does is find vulnerabilities in software and help fix them. These are the kind of vulnerabilities that hackers might want to exploit. Grieco says his team had Mythos scan 1.8 billion lines of code across several coding languages, and he says it did that deftly.
GRIECO: And allowed us to cover that amount of territory and amount of complexity in just eight weeks, which would have otherwise taken humans mixed with machines and tools eight-plus years to do.
SIMON: I mean, John, eight years of work in just eight weeks is astounding, but it also creates some concern, doesn't it?
RUWITCH: Yeah. These are double-edged swords, right? So good guys can use tools like this to find and fix problems. Bad guys could use them to find and exploit holes, to hijack networks or steal data, that kind of thing. In fact, that's happening actually already with widely available, less powerful AI tools. There's been an explosion in the number of AI-assisted cyberattacks, and, you know, fear of that getting supercharged could be what's behind the administration's shift from being pretty hands-off about AI to wanting more control.
SIMON: So are AI models being seen now as a potential national security risk?
RUWITCH: Yeah. It seems like the cutting-edge ones might be. I mean, Anthropic, in early June, put out two AI models that were based on Mythos. They were weaker. Now, they had guardrails built in so they couldn't do the most powerful cyber stuff. Within days, though, the Trump administration told Anthropic it knew of a way that those safeguards could be circumvented, and so it slapped an export ban on those models, basically, meaning no foreigners could use them, including Anthropic employees. So the company took them offline.
Fast-forward to Friday, the Commerce Department partially lifted the export ban on one of those two models. According to a letter from the commerce secretary that NPR has seen, it's now allowing a small list of American companies, including their foreign staffers, to use the model. In a statement emailed to NPR, Anthropic said it was pleased with this change, and it'll continue to work with the government.
SIMON: And is working with the government now a new expectation?
RUWITCH: Yeah. It seems to be. OpenAI said just yesterday also that it had let the government vet a list of companies that would have access to its latest and greatest model. You know, the company said this was the strongest path to broader availability of the model in the coming weeks but that this kind of vetting should not be the norm long term.
SIMON: You've been talking to cybersecurity experts. What do they see in the future for these tools?
RUWITCH: Yeah. The tools are powerful. Some think these models will tilt the balance in their sort of arms race against hackers. Lee Klarich is with Palo Alto Networks, a cybersecurity company that's had access to some of these models. He says there's a wave now of companies like his finding and fixing vulnerabilities.
LEE KLARICH: And then as we come down the other side of that as an industry, we'll actually go to a level where we are - have more secure software than we've had before because we're finding and fixing things before they ever get released in the first place.
RUWITCH: That may be the case. It may be a little optimistic, but experts say, you know, this now AI-enabled cat-and-mouse game between cyberattackers and defenders is not ending anytime soon.
SIMON: John Ruwitch. Thanks so much. And we want to note, Anthropic, Microsoft and Google are all financial supporters of NPR. Transcript provided by NPR, Copyright NPR.
NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.
