CYBER-SECURITY IN the age of artificial intelligence in some ways resembles modern warfare. It is asymmetric: small bands of attackers armed with the latest technology can penetrate the most powerful defences. And the weaponry is increasingly autonomous. As Nikesh Arora, boss of Palo Alto Networks (PAN), a big cyber-security firm, puts it, “AI has to fight AI.” The good guys do not always win.
The worst news is that however tightly AI labs limit access to their most hazardous creations, criminals will catch up. (Unsplash)
In recent weeks Anthropic and OpenAI have unveiled AI models—Mythos Preview and 5.5-Cyber, respectively—so capable of penetrating weak spots in cyber-defences that the AI labs have released them only to trusted firms. But that is no guarantee of safety. New models are emerging all the time and hackers already use earlier varieties. Moreover, as Mr Arora says, it is not a fair fight. With AI, lone wolves can carry out attacks that used to require whole teams, and they have to be right just once to succeed. Defenders, by contrast, have to be right every time.
That is why cyber-security firms, as well as businesses at large, are scrambling to prepare for a wave of AI-powered cyber-crime. Within the industry, PAN and leading rivals such as CrowdStrike have formed alliances to try to make deployment of the latest models safer. Among their customers, the immediate reaction to models like Mythos and 5.5-Cyber was one of “panic and freak-out”, says Adam Meyers of CrowdStrike. But the models’ appearance was also a wake-up call. Assessments of cyber-readiness are moving from IT departments to C-suites and boardrooms. For the time being, these are more likely to be pessimistic than optimistic.
The worst news is that however tightly AI labs limit access to their most hazardous creations, criminals will catch up. Soon after Anthropic unveiled Mythos, OpenAI produced its own 5.5 series that, according to the British government’s AI Security Institute, may be even stronger. Many expect other model-makers, such as open-source or Chinese outfits, to quickly develop the long-term reasoning and other capabilities that make Mythos and 5.5-Cyber so effective. The genie is out of the bottle.
Even before the new models were released, older ones were enabling hackers to intrude faster and more frequently. CrowdStrike has said that AI-enhanced attacks rose by 89% in 2025 from the year before. PAN found that, equipped with AI, the fastest quartile of attackers were able to steal data from a software system they had broken into in just over an hour last year, down from almost five in 2024. A typical firm may take days to detect a breach.
The rise of autonomous AI agents that can handle multiple tasks on their own further increases the risks. As Mr Arora says, hackers can use agentic tools to be even more menacing. And the more firms adopt agents for coding, customer service and so on, the bigger the area for hackers to attack. In anticipation of this, late last month PAN said it would acquire Portkey, a firm that helps manage and protect AI agents. Firms “are building more software than ever, so we are exposing ourselves more”, says Jeremy D’Hoinne of Gartner, an IT consultancy.
Already companies are overstretched as they try to patch the bugs that AI tools are helping to reveal. Security flaws are tagged as “common vulnerabilities and exposures” (CVEs), which are made known either to the firms that make the software or to specialised organisations. The number of CVEs reported has been surging recently (see chart). Mr Meyers of CrowdStrike says some speculate that the annual figure could soon increase ten-fold, to 480,000, as more powerful AI models detect even more bugs. “The assumption is that AI will find vulnerabilities faster than patches can be written,” says Erik Nost of Forrester, another consultancy.
The good news is that though AI is arming attackers, it is also aiding the defenders. Some businesses considered especially critical to the infrastructure of the internet, such as hyperscalers and cyber-security firms, have gained access to the limited-release Mythos and 5.5-Cyber models of Anthropic and OpenAI, respectively, to test their own systems. The two AI labs also have lower tiers, whose members are given access to models that are slightly less permissive than Mythos and 5.5-Cyber but have more cyber-capabilities than those on general release. The recipients are akin to pandemic-era key workers receiving early doses of vaccines.
Mozilla, creator of Firefox, a web browser, recently offered an optimistic example: an early version of Mythos helped it identify 271 vulnerabilities in a new iteration of Firefox. It said the model was capable of identifying every bug that a human could, which was not possible only a few months ago. This helped level the playing field against attackers. “Defenders finally have a chance to win, decisively,” it said in a blog post.
But it is not just the enhanced capabilities of the cutting-edge models that are assisting defenders. Cyber-security firms are also developing their own tools, which they call harnesses, to make all models more effective. On May 12th Cisco, an IT giant with access to both Mythos and 5.5-Cyber, said it would make available an open-source, step-by-step guide to creating cyber-security harnesses to help firms use any model to boost their defences.
There are widespread hopes that the industry can rise to the challenge of AI if it gets its act together. Anthropic and OpenAI have won widespread plaudits for leading a collaborative approach. But although Mr Arora gives them an A+ for intent, PAN’s boss reckons neither the labs nor the cyber-security industry deserves more than a B+ for execution. That is partly because AI threats are still so new that everyone is learning as they go. “There’s no magic bullet. There’s no panacea. We don’t know what the right answer is yet.” Music to the ears of hackers, no doubt.
To track the trends shaping commerce, industry and technology, sign up to “The Bottom Line”, our weekly subscriber-only newsletter on global business.
