A bipartisan delegation of 35 lawmakers recently sent a letter to National Cyber Director Sean Cairncross, urging the Office of the National Cyber Director (ONCD) to develop a federal-industry plan that prepares for a large increase in vulnerability disclosures discovered by advanced artificial intelligence (AI) systems.
The letter is in response to Anthropic’s recently announced Claude Mythos Preview. Mythos identified thousands of high-severity zero-day vulnerabilities in every major operating system and every major web browser and more than 99 percent of those vulnerabilities remained unpatched as of Anthropic’s April 7 announcement. The vulnerabilities were not found through human review or automated testing.
The lawmakers asked ONCD to support federal coordination and implementation and to convene government and industry for a coordinated response in coordination with the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency, the Department of Commerce, the National Institute of Standards and Technology, the Center for AI Standards and Innovation, the Office of Management and Budget, and the Office of the Federal Chief Information Officer.
The lawmakers also requested the plan assess existing efforts to identify critical software vulnerabilities, establish a framework to handle sensitive and risky AI-generated findings, monitor sudden increases in the capabilities of advanced AI models, and support defenders and critical infrastructure operators in finding, fixing, deploying, and verifying patches.