As AI rapidly develops, many are facing a tougher job market – and not just entry-level software engineers. International prize-winning ethical hacker Valentina Palmiotti has said that she would soon struggle to compete with systems like Claude Mythos, which, its creator Anthropic claims, has found 1,600 vulnerabilities in hundreds of different software programmes.
The rapid development of AI’s hacking capabilities is also a huge concern for countries across the world, as it becomes easier to find vulnerabilities in critical infrastructure.
In April, the AI Security Institute’s assessment of Anthropic’s Claude Mythos Preview described it as a “step up over previous frontier models.” The Institute noted that the model, when directed and given network access, “could execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously – tasks that would take human professionals days of work.”
World leaders are clearly taking note. In May, the Financial Times reported that Anthropic would brief the Financial Stability Board on the implications of its Claude Mythos AI model.
As experts from the LSE and Microsoft have warned, “If offensive cyber capability becomes a function of AI, then the country or company with the strongest frontier model will hold the strongest cyberweapon.”
One consistent theme of reporting on frontier AI is the pace of its development. The AI Security Institute noted that “On expert-level tasks — which no model could complete before April 2025 — Mythos Preview succeeds 73% of the time.” It also stated, however, that the model was bad at executing attacks in certain kinds of environments.
“AI’s capabilities in vulnerability research and exploitation are growing close to exponentially, with no obvious ceiling yet,” a spokesperson for Devcore, a Taiwanese cybersecurity company, told Resilience Media, referring more generally to frontier AI rather than to Mythos in particular.
In the case of Mythos, the bottom line, the AI Security Institute said in its assessment, was that it can “exploit systems with weak security posture”, increasing the urgency of “cybersecurity basics” such as regular security updates.
Mythos has reportedly found thousands of zero-day vulnerabilities – previously undiscovered security flaws – in major operating systems and web browsers.
Anthropic’s response has been Project Glasswing – granting exclusive access to Mythos for a small handful of companies like Google, Apple and Nvidia, who then have a head start over hostile actors in trying to detect and patch zero-day flaws.
But the company also seems to have been unable to prevent a small number of unauthorised users accessing Claude Mythos, which RUSI Research Fellow Dr Pia Hüsch has described as a “humiliation” for the company.
And while the companies included in Project Glasswing run some of the world’s most widely used products, smaller companies will not be given such a head start. These may be the most important vulnerabilities.
“What worries us most isn’t big platforms like Windows, Chrome, iOS, or Android, which have resources and patching pipelines,” Devcore’s spokesperson said. “It’s the quiet, overlooked systems: routers, printers, medical devices, financial terminals, connected components in everyday appliances.”
“Attackers don’t need to find every vulnerability, just one that works, and AI is already fast, cheap, and high-volume enough to make that dramatically easier,” the spokesperson added.
Previously, cybersecurity experts recognised that keeping cybersecurity exploits to zero was unachievable. Their strategy was focused on costs. “We aimed to make them so expensive that only actors with functionally unlimited budgets can afford them,” according to Mozilla, an Internet not-for-profit.
However, the cost of launching cyberattacks has now fallen.
“AI is throwing the offense-defense balance out of whack,” said Devcore. “The path from reverse engineering to a working exploit has gone from days to minutes. Many systems weren’t really secure before — they just weren’t worth attacking at scale.”
The result is that “Defenders face an ever-expanding attack surface that’s nearly impossible to fully patch.”
Of course, the converse is also true: AI also offers defenders new capabilities.
“If you’re still using traditional methods to monitor these [cyberthreats], this is not efficient enough or precise enough,” says Dr Shih-Hao Chang, an associate professor at National Taipei University of Technology and member of Taiwan’s Cybersecurity Research Center. That is where AI companies like Anthropic hope to build a business line. “If you have [frontier AI], it can help you to quickly collect information and analyse it,” he continued.
Indeed, Mozilla has highlighted that its new version of the Firefox browser includes fixes for 271 vulnerabilities it found from initial access to Mythos, which it gained through a collaboration with Anthropic. It is upbeat about what AI means for cybersecurity, declaring, even as the cost of attacks has fallen: “Defenders finally have a chance to win, decisively.”
“We’ve all long quietly acknowledged that bringing exploits to zero was an unrealistic goal,” Mozilla admitted. But with these new tools, it continued, it believes that this is now achievable. “The defects are finite, and we are entering a world where we can finally find them all.”
Whether Mozilla’s prediction is spot on or not, new AI tools clearly give new capabilities to defenders as well as attackers. The key question, then, is who has access to them.
Chang argues that close partners of the US like Taiwan, as well as large private companies like Google, should be given access to the most advanced security AI code.
“We are a very important partner. Just thinking about semiconductors,” he continued. “If [tech companies] don’t want to be affect[ed], they should share this AI tool with us. We want to use [it] to understand our internal problems more than just using current tools.”
It is unclear how feasible this would be, but one basic requirement would be interstate cooperation.
A recent paper by Royal United Services Institute (RUSI) offers a framework for secure third-party access to frontier AI, though its focus is on evaluation of the models themselves, rather than using them to stress-test cybersecurity.
But aside from gaining access to frontier models, countries can work to make their infrastructure as resilient as possible against a new generation of cyberthreats.
One core principle for this, says Chang, is avoiding single points of failure that could make the system easy to crash.
Another consideration is about whether sensitive data should have a pathway to internet access at all.
“The most effective way would be to take the networks that can be accessed from the rest of the internet offline and make them into their own private intranet, so that they’re effectively air gapped from the internet systems,” said William Hagestad, a retired lieutenant colonel in the US Marines and expert on Chinese cyberwarfare.
Hardening critical infrastructure against cyberattacks is easier said than done. Hagestad’s suggestion, he admitted, “may be almost impossible to, because the systems are interwoven and connected.”
More broadly, power plants, water systems and other critical infrastructure in many cases “haven’t been updated in years because of interoperability constraints and the possibility of cascading failures,” writes Gordon Goldstein, an adjunct senior fellow at the Council on Foreign Relations. Updating systems takes time, and can lead to interoperability and other issues which then lead to disruption.
“As such, critical infrastructure is highly vulnerable, and this fact is very difficult to change.”
