\n<\/p>\n
CSA last month urged companies in Singapore to strengthen cybersecurity measures, citing the potential for increased risks from frontier AI models.<\/span><\/p>\n The advisory came days after Anthropic previewed Mythos amid a wave of hype over its capabilities.\u00a0<\/span><\/p>\n The UK\u2019s AI Security Institute has found that Mythos is more capable of being used for complex cyberattacks than other AI tools such as OpenAI\u2019s ChatGPT or Google\u2019s Gemini.<\/span><\/p>\n In its release of Mythos, Anthropic said it had already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser.<\/span><\/p>\n Responding to a question from MP Louis Chua (WP-Sengkang), Mr Tan said that the government does not have access to Mythos.<\/p>\n Anthropic released it only to a limited set of partners under a controlled preview, and authorities are not aware of any local bank that has been granted access, he said.<\/p>\n \u201cMore broadly, we do not assume that we will always have early access to every frontier model,\u201d he added.<\/p>\n Instead, the authorities maintain close working relationships with various partners, including major AI labs and cybersecurity firms, to track developments, as well as assess safety and security implications, he said.<\/p>\n “We are working with partners who have access to Mythos to better understand its capabilities and implications,” Mr Tan added.<\/p>\n He added that CSA works closely with relevant government agencies and industry experts to exchange insights on the threats and mitigation measures. It is also reviewing standards and obligations for CII owners\u00a0to account for the faster attack timelines that AI enables.<\/p>\n Mr Tan said that he has finished visiting all 11 CII sectors.<\/p>\n “I’m very heartened that all the senior leadership \u2013 from chief executives to board members \u2013 are aware of the risk and are taking steps. So they are not taking this lightly,” said in response to a supplementary question from Mr Chua on how the government is directly supporting CII providers.<\/p>\n “They are putting in place not just processes, investments, to secure themselves and their systems, but also proactively thinking about how to secure their AI users in their organisations.”<\/p>\n Under the Cybersecurity Act, CSA has the authority to direct and enforce action where necessary.<\/p>\n “On Mythos, specifically, without direct access, we cannot test the model ourselves. But we assess the risk based on published evaluations, threat intelligence and our ongoing engagement with the major AI labs,” Mr Tan said.<\/p>\n \u201cWhere credible evidence emerges of a material risk to systems of national\u00a0consequence, we work with and advise CII owners to patch and harden their systems. This is the approach we have used to date, and we will continue to do so.\u201d<\/p>\n Responding to a supplementary question from MP Edward Chia (PAP-Holland-Bukit Timah) on how the government will ensure that small- and medium\u2011sized enterprises (SME) would not be left behind<\/span>, Mr Tan said different resources have been deployed to support them.<\/p>\n These include a “self-check” on their systems and guidelines on how to deploy AI solutions within their organisations.\u00a0<\/p>\n Mr Tan also cited initiatives like the SMEs Go Digital Programme, where authorities work with industry partners providing these technology solutions and pre-approve them for support. “We make sure that basic cybersecurity hygiene is baked into those systems,” he said.<\/p>\n Ultimately, the issue is not any single model like Mythos, said Mr Tan.<\/p>\n He added: “The underlying shift is broader and the risks are real. We are treating them with the seriousness they deserve.”<\/p>\n<\/div>\n