How AI is Changing Cybersecurity

Two weeks ago, Anthropic announced that its new model, Claude Mythos Preview, can automatically detect and exploit software vulnerabilities, enabling them to work without expert guidance. This was a vulnerability in critical software such as operating systems and Internet infrastructure that thousands of software developers working on those systems failed to detect. This capability will have major security implications, compromising the devices and services we use every day. As a result, Anthropic does not release the model to the general public, but instead to a limited number of companies.

The news rocked the cyber security community. There were a few details in Anthropic’s announcement, which upset many viewers. Some think that Anthropic doesn’t have the GPUs to run the thing, and that cybersecurity was the excuse to limit its release. Some say Anthropic is sticking to its AI security policy. There is hype and counter-hype, reality and marketing. There’s a lot to fix, even if you’re an expert.

We see the Mythos as a real but incremental step, one in a long line of incremental steps. But even incremental steps can be important when looking at the big picture.

How AI is Changing Cybersecurity

We’ve written about the Shifting Baseline Syndrome, a phenomenon that leads people—the public and professionals alike—to discount major long-term changes hidden in incremental measures. It’s happened with internet privacy, and it’s happening with AI. Even if the vulnerabilities detected by Mythos could have been detected using AI models from last month or last year, they would not have been detected by AI models five years ago.

The Mythos announcement reminds us that AI has come a long way in just a few years: The foundation has really changed. Finding vulnerabilities in source code is the kind of work that today’s language models excel at. Whether it happened last year or will happen next year, it has been clear for a while that this type of skills is coming soon. The question is how do we get used to it.

We don’t believe that AI that can hack automatically will create a permanent asymmetry between offense and defense; it might be different than that. Some vulnerabilities can be detected, verified, and documented automatically. Some vulnerabilities will be harder to detect, but easier to verify and patch—think of cloud-hosted standard applications built on standard software stacks, where updates can be applied quickly. Others will be easy to find (even without powerful AI) and easy to verify, but difficult or impossible to patch, such as IoT appliances and industrial equipment that are rarely updated or cannot be easily repaired.

Then there are systems that are easy to find vulnerable in code but difficult to verify in practice. For example, complex distributed systems and cloud platforms can be composed of thousands of interacting services that work in parallel, making it difficult to distinguish real risks from false positives and reliably reproduce them.

So we must distinguish the traceable from the untraceable, and the easy to verify from the difficult to verify. This taxonomy also provides guidance on how to secure such systems in the age of powerful AI vulnerability detection tools.

Systems that are unattached or difficult to verify must be protected by wrapping them in highly restricted, tightly controlled layers. You want your fridge or thermostat or industrial control system behind a firewall that is constantly updated, not open to the Internet.

Distributed systems that are fundamentally interconnected must be traceable and must follow the principle of least privilege, where each component has only the access it needs. These are common security concepts that we may be tempted to discard in the age of AI, but they are still as valid as ever.

Rethinking Software Security Practices

This also highlights the importance of good practices in software engineering. Automated, thorough, and continuous testing was always important. Now we can take this practice a step further and use defensive AI agents to test real stack exploits, over and over again, until false positives are eliminated and real vulnerabilities and fixes are confirmed. This type of VulnOps is likely to be a regular part of the development process.

Documentation becomes very valuable, as it can guide the AI ​​agent in the task of finding bugs just like developers do. And following standard processes and using standard tools and libraries allows AI and developers alike to see patterns more effectively, even in a world of fast individual and ad-hoc software—code that can be executed and executed on demand.

Is this for offense or defense? The ultimate defense is, perhaps, especially for systems that are easy to patch and authenticate. Fortunately, that includes our phones, web browsers, and major Internet services. But today’s cars, electrical transformers, refrigerators and light poles are connected to the Internet. Asset banks and airline systems are connected to the network.

Not all of those will be patched as quickly as needed, and we may see a few years of constant hacking until we reach a new normal: where authentication is more important and software is continuously stamped.