The Ministry of Science and ICT (MSIT) said Wednesday that it held a roundtable with experts from industry, academia and research institutes to discuss responses to cybersecurity projects by global artificial intelligence (AI) firms, including the "Mithos Shock."
The meeting comes as the public and private sectors are putting their heads together to map out a response direction ahead of a meeting on the 11th between Michael Sellitto, Anthropic's global head of policy, and Ryu Je-myung, the MSIT's second vice minister.
The roundtable followed a request on Dec. 14 for Chief Information Security Officers (CISOs) at roughly 30,000 companies nationwide to check their security readiness, and the distribution on Dec. 30 of "Corporate Response Guidelines for AI-Based Cyberattacks and CEO Codes of Conduct." The MSIT said the meeting was intended "to fully hear opinions from experts in each field on the security impact of high-performance AI models and future countermeasures."
Participants included companies taking part in the independent foundation model development project (Dokpamo) such as SK Telecom, Upstage and Motif Technologies, along with major AI firms, academic experts in AI security including the president of the Korea Institute of Information Security and Cryptology, heads of major information security companies including the president of the Korea Information Security Industry Association, and CISOs from leading companies.
Views on the impact of AI security models were divided, with some arguing they will bring significant changes to the cybersecurity field and others saying concerns are excessive and overestimated. Still, participants shared the view that "with the emergence of high-performance AI-based cybersecurity services such as Mithos, it is time for the public and private sectors to jointly seek short- and long-term responses."
Actual cases of AI-based vulnerability assessments were also shared. The Korea Internet & Security Agency (KISA) conducted simulated hacking on domestic companies using Anthropic's latest AI model as part of an AI security check, and found seven vulnerabilities in just over 10 minutes.
Choi Woo-hyuk, director general of the MSIT's information protection and network policy bureau, said at a background briefing, "After consultations with one domestic company, we conducted various scenario attacks using Anthropic's 'Claude Opus 4.7' model, and seven vulnerabilities were actually discovered." He added, "It performed in just over 10 minutes what would have taken a human hacker several days."
Mid- to Long-Term Response Plan to Take Shape in Late May to Early June
Security experts from industry, academia and research institutes have reached a consensus that, in the short term, existing general-purpose AI models should be used to enhance response capabilities, while in the mid to long term, an independent AI model specialized for cybersecurity is needed.
Examples cited as short-term countermeasures include the "Early Warning" service provided by the U.K.'s National Cyber Security Centre (NCSC) and mandatory security patch application for high-risk companies. The idea is to combine existing AI models with security technologies, even if they are not as powerful as Mithos, while building an early detection system for cyber threats against companies and organizations.
Choi also said, "We are continuing discussions so that Korean companies and institutions can participate in 'Project Glasswing,' a consortium Anthropic has formed with major big tech firms to manage the risks of the Mithos model."
As for a Plan B in case Korea's participation in Glasswing falls through or is delayed, he added, "For now, we have distributed a code of conduct to CISOs at each company," and said, "We plan to review it comprehensively in the process of discussing mid- to long-term response measures."
For the mid to long term, participants also agreed that strengthening the competitiveness of independent AI models and developing security-specialized models are essential, on the premise of "second and third Mithos Shocks." Choi said, "Various possibilities are open, such as developing a security-specialized model based on Dokpamo, or further advancing the security functions of Dokpamo."
The MSIT plans to continue follow-up discussions with the security industry and release a related mid- to long-term response plan late this month or early next month.
