Anthropic’s Mythos and the Rise of AI-Powered Cyberattacks

 

AI’s advancing capabilities, particularly across large language models, code generation, and reinforcement learning, have opened up powerful new methods for both cybersecurity attacks and defenses. These models now demonstrate coding and analytical capabilities strong enough to support both automated vulnerability discovery and automated exploit development.

AI-powered scanning tools can identify potential zero-day vulnerabilities in open-source libraries, firmware, and applications far faster than traditional manual audits. In effect, an AI “super-researcher” can achieve in hours what might take human teams months or years. That capability benefits defenders when used to find and fix vulnerabilities faster, but it can equally benefit attackers who can identify and weaponize those same vulnerabilities just as quickly.

Anthropic’s leaked draft announcement for its next-generation model, Claude “Mythos,” explicitly cautioned that if today’s models can already identify and help exploit software vulnerabilities, a more capable system like Mythos could significantly accelerate both the discovery and misuse of security flaws. Stephen’s original framing is strongest when it stays centered here: the concern is not simply Mythos itself, but what Mythos signals about the speed and scale of the next wave of AI-enabled attacks.

At RSAC 2026, industry veterans revealed that some security firms have already developed autonomous hacking agents in controlled environments. Around the same time, reports surfaced that Chinese state-sponsored hackers had weaponized an AI code model in an attack described as one of the first large-scale cyberattacks launched with minimal human intervention. Together, these developments reinforce the same message: AI agents are moving from theoretical risk to operational reality.

Newer AI models such as Mythos greatly accelerate the speed at which attackers can discover and exploit vulnerabilities while still lacking the controls necessary to reliably prevent malicious use.

1. Anatomy of an Attack
2. From Cybersecurity to Cyber Resilience
   

Risks

Cutting-edge AI capabilities are no longer confined to elite hackers or well-funded nation-states. They are increasingly accessible to everyday cybercriminals. That democratization expands the pool of potential attackers and enables more actors to conduct more sophisticated attacks at greater speed. For organizations, this means a threat landscape in which more adversaries can launch more attacks more quickly, forcing defenders to handle a higher volume of incidents.

Perhaps the biggest risk is the speed and scale of AI-driven vulnerability discovery and exploitation. Previously, malicious actors might require days or weeks to identify, validate, and exploit vulnerabilities. Many organizations already struggled to mitigate risk within that window, often taking weeks or months to respond. AI-enhanced automation compresses that timeline even further, allowing attackers to uncover and weaponize vulnerabilities another order of magnitude faster.

AI-driven attacks may also become harder to detect. For example, polymorphic malware can continually modify its code and behavior to evade traditional signature-based detection and even some behavioral controls.

Organizations with Significant Public Exposure

Organizations whose business models rely on serving many individual customers, such as retail, e-commerce, and other B2C environments, often hold large volumes of customer data and financial transactions. That makes them prime targets for attacks aimed at stealing personal information, payment data, or enabling fraud. They also tend to operate public-facing websites, mobile apps, and customer portals, creating a broad, internet-accessible attack surface that threat actors can continuously probe for vulnerabilities or misconfigurations.

Customer trust is paramount in these environments. A major data breach can lead to reputational damage, regulatory penalties, and class-action litigation. In addition to threats faced by all organizations, B2C firms must also contend with account takeovers, credential stuffing, and payment fraud.

The necessity of operating public-facing websites and mobile applications creates an attack surface that is easy for threat actors to reach. Attackers have always used automation, but the rise of AI means B2C firms must now contend with an almost continuous stream of newly discovered vulnerabilities that can be exploited in near real time. 

Other Organizations

Organizations should expect attackers to use AI and respond accordingly. Fighting fire with fire is increasingly necessary. Just as attackers can use AI to accelerate discovery, triage, and exploitation, defenders can use AI and machine learning to identify vulnerabilities earlier, detect anomalies faster, and automate detection and response for repeatable use cases.

Today, the lowest-hanging fruit for AI-enhanced attacks remains publicly exposed websites and applications. Organizations with that exposure should prioritize strong account controls, data security, secure development, proactive vulnerability discovery and remediation, application delivery and firewalling, and comprehensive monitoring and detection.

Beyond those protections, all organizations, whether they have substantial public exposure or not, should follow zero trust principles, manage third-party risk, perform risk-based vulnerability management, evolve monitoring practices, and maintain a well-practiced incident response plan.

All of these defensive measures can and should be augmented with AI to help defenders keep pace with AI-driven attacks.

Organizations with Significant Public Exposure

To maintain customer trust, the top priorities for B2C organizations are the controls that protect customer accounts, customer data, and the infrastructure those users interact with.

Strong account controls

Mandatory multi-factor authentication for staff and customers significantly reduces risk from password-related attacks, including password guessing and password spraying. While these attacks can be effective without AI, AI can enhance them by using leaked and publicly available data to predict user-specific passwords and adapt attack patterns in real time to reduce detection. Requiring MFA increases attacker effort and often forces adversaries to rely on techniques that are more complex, less scalable, or easier to detect.

Strict access permissions also help. Least-privilege access for customers, administrators, and service accounts, session tokens bound to individual users or device characteristics, and the detection of abnormal access patterns can all reduce breach scope while increasing the amount of effort required for successful exploitation.

Data security

Ensuring that all customer interactions occur over encrypted channels such as HTTPS, encrypting sensitive data such as session tokens, and using strong hashing algorithms for password storage all contribute to protecting what is often the most important asset in a B2C organization: customer data.

In some cases, it may even be possible to encrypt data in ways that reduce its usefulness if stolen. These steps may not directly stop every AI-based attack, but they can significantly reduce the likelihood that a successful attack results in meaningful data loss.

No data protection plan is complete without comprehensive backups and validated recovery procedures. If an attack succeeds, the organization must be able to recover systems and data quickly and validate data integrity. Immutable backups are a strong starting point, but they have limited value without a tested recovery plan.

Secure development practices

No organization can eliminate all vulnerabilities, but both the number and the severity of vulnerabilities can be reduced through secure development practices. These include secure architecture and design, secure coding practices such as input validation, parameterized queries, output encoding, secrets management, and software composition analysis, along with security testing and validation as early in the development lifecycle as possible.

As AI becomes more common in software development, organizations should also use AI to help detect and correct vulnerabilities earlier in the code lifecycle while carefully evaluating and controlling the access granted to AI agents, especially those that interact with public-facing systems.

Reducing the number and severity of vulnerabilities lowers the overall likelihood and impact of successful attacks.

Proactive vulnerability discovery and rapid deployment of fixes and updates

Attackers will use AI to detect and exploit vulnerabilities, which means defenders should be doing the same to identify those vulnerabilities first. Traditional static and dynamic code analysis tools still have value, but AI is proving more effective at discovering vulnerabilities than prior approaches alone.

For organizations that build and maintain publicly accessible applications, discovering and fixing vulnerabilities before attackers do is becoming critical. This can be accomplished by using AI-enabled commercial tools, internally developed capabilities, or adapted techniques that mirror attacker tradecraft.

Of course, identifying vulnerabilities is only the beginning. Organizations must also be able to rapidly deploy targeted fixes or redeploy entire applications and infrastructure in a repeatable way. Containers, cloud-native practices, and DevSecOps approaches can all support that objective.

Application delivery networking and web application firewalls

The goal should always be to eliminate or reduce exposed attack surface, but it is impossible to reduce it to zero. Application delivery networking and web application firewalls provide an additional layer of protection. Even when an underlying application remains vulnerable, these controls can abstract infrastructure, make direct attacks more difficult, and block exploit attempts against known weaknesses or common attack patterns.

Comprehensive monitoring and detection

Although prevention is ideal, rapid detection of attacks in progress or successful compromise can still prevent an attacker from achieving their ultimate objective or can significantly reduce downstream impact.

Even if the mechanics of attacks change, attacker objectives remain relatively consistent: compromising infrastructure, stealing credentials or tokens, accessing unauthorized data, exfiltrating information, or modifying, destroying, or encrypting data. For organizations with publicly accessible applications, monitoring and alerting must be designed to detect these common attack outcomes.

Strong logging, monitoring, and alerting practices help detect malicious input, password attacks, abnormal data access, unusual uploads, and many other common attack behaviors.

All organizations

B2B organizations often expose a much smaller attack surface to the internet than B2C organizations, but many of the same mitigations still apply. They remain important for protecting public-facing applications, internal applications, and privileged environments from compromise by insiders, compromised accounts, or external adversaries who have gained a foothold.

Organizations operating primarily in B2B contexts often maintain complex internal networks with varied roles, applications, and trust relationships. Protecting crown-jewel assets in these environments requires a broader set of governance and architectural controls.

Zero trust network access

In complex or distributed environments, managing access to systems and data is one of the most effective ways to reduce risk and contain breaches. Zero trust is not a finished state so much as a design discipline. It does not require a single product or a fixed end point. Instead, organizations should apply its core principles consistently: assume breach, enforce least privilege, and never trust, always verify.

Continuous monitoring, validation, segmentation, and strong identity controls help operationalize those principles sustainably. 
.

Third-party risk management

Most organizations are exposed to significant risk through third-party relationships. That includes data breaches originating with partners, fourth-party risk, weak governance over shared access and data, and supply chain attacks. It also includes risks stemming from partners’ poor AI governance or exposure to the same AI-enabled attack techniques discussed here.

Third-party risk cannot be eliminated, but it can be reduced through strong governance and a mature third-party risk management program. Given the number of partner relationships most organizations maintain, it is critical to tier those relationships and focus the strongest controls on the highest-risk dependencies.

Risk-based vulnerability and patch management

Strong, risk-based vulnerability management remains a critical defense against all threats, including AI-driven attacks. Rather than attempting to manage each vulnerability in isolation, organizations can reduce risk substantially by focusing on three priorities:

- applying all available security patches across systems and applications
- maintaining the ability to rapidly deploy urgent fixes for zero-days
- enforcing secure baseline configurations to reduce exposure from misconfiguration

Prioritizing these actions based on business impact helps maximize defensive return.

Monitoring, alerting, and AI-enhanced defense

In addition to monitoring public-facing systems, organizations need comprehensive monitoring and alerting across the broader environment. The SIEM landscape will continue to evolve, but the need for continuous monitoring, triage, and response will remain.

This is another area where AI can materially improve defender performance. As AI increases the speed and scale of attacks, AI-driven monitoring and semi-automated response will become increasingly important. By identifying use cases with predictable response patterns, organizations can automate parts of detection and response while freeing up human analysts for higher-complexity investigations.

Even where full automation is not practical, AI can still help group, triage, and prioritize alerts for human review, reducing average response time and improving detection of anomalous behavior.

Well-practiced incident response plan

Even in a well-protected environment, attacks may still succeed. The strength of an organization’s incident response capability can determine the duration, severity, and business impact of a breach. Incident response plans should be tailored to the organization and should include not only technical response steps, but also roles, responsibilities, communications, and escalation paths. They must also be practiced regularly so that teams can identify gaps and execute under pressure.

These controls also support regulatory compliance, strengthen resilience, and help protect brand trust.

AI’s rapid evolution is changing the norms of cybersecurity. 

Generative AI models and reinforcement learning-driven agents are finding vulnerabilities and helping craft exploits at a pace that traditional defensive models were not built to match. Threat actors are already leveraging these capabilities, and the trend line is clear: the speed of attack is increasing.

That does not mean the outlook is hopeless. The same technologies can and should be used to strengthen defense. Organizations should respond by accelerating patching and remediation, adopting AI-enhanced security tooling, improving monitoring and response, and designing security architectures that remain resilient under machine-speed conditions.

Preparation needs to begin now. By combining modern defensive capabilities such as AI-enhanced anomaly detection, automation, and threat prioritization with proven security fundamentals such as least privilege, segmentation, and disciplined response planning, organizations can reduce the widening gap between AI-accelerated attacks and their ability to respond.

In an environment where speed increasingly determines outcomes, the organizations best positioned to defend themselves will be those that improve both the quality and the pace of their security operations.

FAQs

What is Anthropic’s Mythos?

Anthropic’s Mythos Preview is a new AI model that Anthropic says is especially capable at computer security tasks, including identifying and exploiting certain software vulnerabilities in testing.

Why does Mythos matter to security teams?

It matters because it suggests AI can shrink the time between finding a weakness and exploiting it, which puts more pressure on patching, monitoring, and protecting exposed applications and APIs.

Are AI cyberattacks fully autonomous now?

Not completely in every case. Current reporting still notes that humans provide context and direction, but AI is already making attackers faster and more capable.

What should organizations do first?

Start by hardening public-facing systems, tightening identity controls, improving vulnerability discovery and patching, and making sure monitoring and incident response are ready to handle faster attacks.