An AI that thinks through attacks faster than humans can defend
Uma nova fronteira foi cruzada no campo da segurança digital: a Anthropic revelou que seu modelo de inteligência artificial Mythos é capaz de executar ataques cibernéticos complexos de forma autônoma, superando a capacidade de especialistas humanos. O anúncio provocou reuniões de emergência entre o Tesouro americano e os maiores bancos do mundo, com o CEO do Goldman Sachs alertando publicamente para um estado de vigilância elevada. Estamos diante de um momento em que a tecnologia avança mais rápido do que as defesas que a humanidade construiu ao longo de décadas — e a incerteza sobre o que vem a seguir é, em si mesma, uma forma de vulnerabilidade.
- O modelo Mythos, da Anthropic, completou sozinho um ataque cibernético de 32 etapas — algo inédito para qualquer sistema de IA — realizando em minutos o que profissionais experientes levariam dias para executar.
- O Instituto de Segurança de IA do Reino Unido classificou o Mythos como um salto qualitativo nas ameaças digitais, elevando o alarme para governos e instituições financeiras em escala global.
- O secretário do Tesouro dos EUA convocou uma reunião de emergência com os líderes dos bancos sistemicamente importantes do país, sinalizando que a vulnerabilidade do setor financeiro é agora uma questão de segurança nacional.
- Goldman Sachs já tem acesso ao modelo para estudo interno e está acelerando investimentos em resiliência de infraestrutura, enquanto trabalha com a Anthropic para entender como usar a tecnologia defensivamente.
- A grande incógnita permanece: os testes foram feitos em ambientes controlados e contra sistemas pequenos — ninguém sabe ainda se o Mythos conseguiria penetrar nas defesas de uma grande corporação ou banco.
O mundo financeiro acordou na semana passada com um alerta incomum: a Anthropic anunciou que seu mais recente modelo de inteligência artificial, o Mythos, atingiu um nível de sofisticação em programação que o coloca à frente de quase todos os especialistas humanos na identificação e exploração de vulnerabilidades de software. A declaração foi séria o suficiente para que David Solomon, CEO do Goldman Sachs, usasse sua conferência de resultados para avisar investidores que o banco opera em estado de alerta elevado.
Em testes supervisionados pelo Instituto de Segurança de IA do Reino Unido, o Mythos completou um ataque cibernético simulado de 32 etapas sem qualquer intervenção humana — uma primeira vez para qualquer sistema de IA. O que distingue esse modelo dos anteriores é sua independência: ele encadeia múltiplas etapas de ataque por conta própria, sem que alguém precise dirigir cada movimento. O instituto classificou o modelo como um avanço qualitativo na capacidade de ameaça digital.
Há ressalvas importantes. Os testes ocorreram em ambientes controlados, contra sistemas pequenos e pouco protegidos, e sem ferramentas defensivas ativas — o que torna o cenário real ainda incompleto. Mas a incerteza, por si só, já está movendo peças. O secretário do Tesouro americano convocou uma reunião de emergência em Washington com Solomon e outros líderes dos bancos sistemicamente importantes do país, com foco claro: essas instituições são os alvos que mais importam, e sua vulnerabilidade é uma questão de segurança nacional.
O Goldman Sachs não está esperando por mais dados. Solomon confirmou que o banco já estuda o Mythos internamente e acelera investimentos em resiliência de infraestrutura, trabalhando com a Anthropic e fornecedores de segurança para entender onde a tecnologia pode ser usada defensivamente. A questão que permanece em aberto é se as defesas do setor financeiro — construídas ao longo de décadas — resistirão a um adversário capaz de pensar em explorações de múltiplas etapas mais rápido do que qualquer equipe humana.
The financial world is bracing for a new kind of threat. Last week, the Anthropic company released a statement that landed like a warning siren across trading floors and government offices: their latest artificial intelligence model, called Mythos, has reached a level of coding sophistication that puts it ahead of nearly all human experts at finding and exploiting software vulnerabilities. The implications are stark enough that David Solomon, the chief executive of Goldman Sachs, used his earnings call on Monday to tell investors the bank is operating in a state of heightened alert.
The concern is not theoretical. In controlled tests overseen by the United Kingdom's AI Safety Institute, Mythos demonstrated a troubling autonomy. It completed a 32-step simulated cyberattack without human intervention—a first for any AI system. It performed tasks in minutes that would consume days of work from skilled security professionals. The institute classified the model as a qualitative leap forward in cyber threat capability. What makes this different from earlier language models is the sheer independence: Mythos can chain together multiple attack steps on its own, without someone at a keyboard directing each move.
There are important caveats. The tests that revealed these capabilities were conducted in controlled environments, and the AI was tested primarily against small, lightly defended systems. No one has yet confirmed whether Mythos could breach the fortified defenses of a major corporation or financial institution. The current testing framework lacks active defensive tools, which means the real-world picture remains incomplete. But the uncertainty itself is driving action.
The U.S. Treasury Department moved quickly. Scott Bessent, the Treasury secretary, convened an emergency meeting in Washington last week with Solomon and other leaders from the nation's systemically important banks—the institutions whose stability is woven into the fabric of global finance. The focus was clear: these are the targets that matter most, and their vulnerability is a national security concern.
Goldman Sachs is not waiting for more data. Solomon confirmed that the bank already has access to the Mythos model for internal study and is accelerating investments in infrastructure resilience. The bank is working directly with Anthropic and its security vendors to understand where the model's capabilities might be leveraged defensively, and where new protections are needed. It is a delicate balance—learning from the threat while building walls against it.
What remains unsettled is whether the financial sector's defenses, built over decades and tested against known attack patterns, will hold against an adversary that can think through multi-step exploits faster than any human team. The government and the banks are coordinating now, but the real test will come when—or if—someone with malicious intent gets their hands on this technology.
Citações Notáveis
We are working in close collaboration with Anthropic and all our security vendors to leverage frontier capabilities where possible— David Solomon, CEO of Goldman Sachs
AI models have reached a level of programming capability where they can surpass all but the most skilled humans in detecting and exploiting software vulnerabilities— Anthropic, in a statement released April 7
A Conversa do Hearth Outra perspectiva sobre a história
Why does a bank's CEO need to go on an earnings call and tell shareholders about a specific AI model? Isn't that usually handled quietly, behind closed doors?
Because this isn't a problem you can contain in a back room anymore. If Mythos can autonomously execute complex attacks, then every bank's board of directors needs to know their CEO is taking it seriously. Silence would signal negligence. The market needs to see action.
The tests showed it can break into small systems. Why is everyone treating it like it's already a threat to JPMorgan or Bank of America?
Because the gap between "can break into a small system" and "can break into a large one" might be narrower than we think. And we don't actually know. That uncertainty is the real danger. You can't wait for proof that a weapon works before you build your defenses.
So the Treasury calling an emergency meeting—that's not panic. That's what responsible government looks like?
Exactly. It's the moment when you stop treating something as a technical problem and start treating it as a systemic risk. When the Treasury gets involved, it means they're thinking about contagion—what happens if one bank falls, and the dominoes start.
Goldman Sachs says they're working with Anthropic to "leverage the capabilities where possible." That sounds like they want to use Mythos themselves.
They do. The irony is real. You can't defend against something you don't understand. So you study it, you learn its patterns, you build countermeasures. But yes, there's a risk in that too—the more people who have access, the more chances for it to leak or be misused.
What happens if they can't keep up? If the defenses don't work?
Then you're looking at a financial system that's vulnerable to attacks that move faster than human response teams can handle. That's not just a bank problem. That's a civilization problem.