AI Security Sovereignty Shaken by 'Mythos Shock'... Rise of the 'Korean AI Security Language Model' View original image

As Anthropic's AI model "Mythos" shakes up the global security landscape, the need to secure AI security sovereignty in Korea is growing. With Mythos now able to rapidly detect vulnerabilities hidden within legacy systems and autonomously construct complex penetration scenarios, there are assessments that the very premise of existing security frameworks is being fundamentally altered.


The Ministry of Science and ICT has recently engaged in a series of contacts with global AI companies such as Anthropic and OpenAI in response to the "Mythos shock," seeking to share information on vulnerabilities and secure access to AI models. The government has requested Anthropic to share vulnerability information with the Korean government before any public release. It is also reported that practical workshops have been held with OpenAI to discuss ways to cooperate on information sharing.


Industry analysts note that, as a result of this incident, the center of security competition is rapidly shifting from simple detection technologies to access rights for vulnerability information and information-sharing frameworks. If high-risk vulnerability information discovered by AI is distributed to a limited group of partners first, the gap in response speed and defense capabilities between countries is likely to widen further. Consequently, in addition to external collaboration, securing independent "Korean AI security" capabilities that can establish autonomous response systems is emerging as a critical task.


Anthropic has launched "Project Glasswing" to manage the spread of the Mythos shock. Global big tech companies, including Google, Microsoft, Apple, and Nvidia, have joined as initial members. Glasswing is structured to share vulnerabilities discovered by Mythos with participating organizations before public disclosure, giving them additional time to respond with patches.


However, industry experts do not view this merely as a defensive alliance. Some see participation in Glasswing as effectively integrating organizations into a security information distribution system designed by Anthropic. Since Anthropic can control the timing and scope of sharing vulnerability detection results and data, this is interpreted as a strategy to expand its influence in the future competition over AI-driven security standards.


Japan is also raising its level of response. According to foreign media, Japan's three major megabanks—Mitsubishi UFJ, Mizuho, and Sumitomo Mitsui Banking Corporation—are expected to secure access to Mythos as early as the end of this month. The Financial Services Agency of Japan established a public-private council on AI financial security in April and is working to incorporate the Glasswing response framework into its financial system.


Experts emphasize that, apart from the international competition to secure access rights, it is essential to develop independent response capabilities in parallel. If a country remains only a recipient within the global information-sharing structure, both the speed and scope of its threat response are likely to be subject to external decision-making.


Against this backdrop, moves to establish independent models that combine AI and security are gaining momentum in Korea. RAONSECURE and Upstage signed an agreement in April to begin developing a "Korean Security Language Model (K-Security LM)." The core approach is to design attack and defense mechanisms as an integrated structure.

Specifically, the focus is on developing an "AI red team" that autonomously constructs and executes penetration scenarios based on large language models (LLMs), as well as an "AI Guardrail" system that detects attacks on operational AI systems in real time. Not only high-security industries such as finance, public sector, and national defense, but also all industries handling large-scale user data are expected to be major targets for application.


Additionally, the Agentic AI Management (AAM) framework, which manages what AI operated with what permissions, is emerging as a key element. Industry insiders believe that this approach—combining domestic LLMs with authentication technologies—will shape the direction of the Korean AI security model.


A global race for agentic AI identity authentication is already in full swing. Microsoft has released "Entra Agent ID," which assigns unique IDs to AI agents and manages their data access permissions. Okta has also announced plans to launch a solution for identifying and controlling verified AI agents. OpenAI joined the FIDO Alliance Board of Directors last month, directly participating in discussions on AI authentication standards.


Market growth prospects are steep. According to global market research firm MarketsandMarkets, the Non-Human Identity (NHI) access management market is projected to nearly double, from USD 9.45 billion in 2024 to USD 18.71 billion by 2030.


An industry official stated, "Since the emergence of Mythos, there is now a full-fledged trend of viewing AI itself as an object for authentication and control. If a Korean AI security model is built by combining domestic LLMs and proven authentication infrastructure, it will help maintain AI security sovereignty while also ensuring competitiveness within global cooperation frameworks."


Hot Picks Today

Jung Won-oh: "Congratulations to Oh Se-hoon on His Election... I Humbly and Sincerely Accept the Citizens' Choice" Jung Won-oh: "Congratulations to Oh Se-hoon on His Election... I Humbly and Sincerely Accept the Citizens' Choice"

In summary, as the "Mythos shock" reorganizes global AI security competition around access to information and leadership in standards, there is growing consensus that Korea must also urgently develop its own AI security language models and authentication systems.


한글 기사 보기
This content was produced with the assistance of AI translation services.

© The Asia Business Daily(www.asiae.co.kr). All rights reserved.

Today’s Briefing