Following the events of Mythos, AI-enhanced hobbyist hackers are poised to launch their attacks.
In August of last year, top cybersecurity teams gathered in Las Vegas to showcase their AI-driven bug detection technologies at DARPA’s Artificial Intelligence Cyber Challenge (AIxCC). These tools analyzed 54 million lines of actual coding that DARPA had imbued with fabricated flaws. The teams managed to uncover most of the synthetic bugs, but their automated systems exceeded expectations — they discovered more than a dozen flaws that DARPA had not even introduced.
Before the seismic security shift brought on by Anthropic’s latest model, Claude Mythos — which appears to uncover vulnerabilities in every software it examines — there was already a trend of automated systems becoming adept at pinpointing coding issues. Concerns are intensifying that AI might not only identify these issues but could also be leveraged to exploit them, giving every individual around the globe access to hacking potential.
This situation is far from hypothetical. For years, this kind of low-skill hacker, termed a script kiddie, has created chaos by executing scripts obtained from the web or copied from exploit toolkits. They lacked the understanding or technical skill to generate these scripts on their own. Nevertheless, they managed to deface websites and spread malware.
The current landscape marks a significant escalation, empowering individuals without technical backgrounds to utilize AI to magnify their abilities in ways that were previously unachievable with basic scripts. The implications are likely to be significantly broader.
“A tidal wave is approaching. We can all see it,” stated Dan Guido, CEO and co-founder of cybersecurity firm Trail of Bits, a runner-up in the challenge. “Will you surrender or will you take action?”
Beyond Project Glasswing, Anthropic is actively working to thwart the misuse of its software by those with malicious intent. A week after unveiling Mythos, the firm introduced Claude Opus 4.7, which for the first time integrated safeguards designed to prevent harmful cybersecurity inquiries. (Security experts wishing to employ the model defensively can apply to the company’s Cyber Verification Program.)
The launch of Mythos sent ripples through the industry, but signs of AI’s cybersecurity capabilities were evident before this announcement. In June 2025, the autonomous offensive security platform XBOW surpassed human hackers to lead the leaderboard on HackerOne, a bug bounty platform, highlighting significant advancements in AI’s ability to detect vulnerabilities.
By the time AIxCC took place, “there were already 10 to 20 distinct bug-detecting systems capable of identifying vastly more bugs than we could possibly address,” Guido remarked. “This is not a fresh challenge.”
AI excels at recognizing patterns, and it’s becoming progressively simpler for individuals to uncover variations of both known and unknown bugs. Furthermore, crafting exploits is now more manageable.
“With AI tools and minimal to no human intervention, you can discover a zero-day vulnerability in widely utilized software,” said Tim Becker, senior security researcher at Theori, also a finalist in the contest.
The anxiety is evident across the sector, with advancements in models — along with enhanced comprehension of their functions — occurring at breakneck speed.
Open-weight models, or those with publicly accessible trained parameters (known as weights), also present a risk. In fact, sophisticated threat actors are more inclined to run their deployments privately to keep the exploits concealed from Anthropic or OpenAI servers, Becker remarked, as Anthropic may retain data to prevent abuse. The industry is bracing for the potential fallout of what may follow. Other model creators might not exercise the same caution as Anthropic, potentially making their robust new tools readily available to the public.
“Regardless of Mythos, this is inevitable,” Guido asserts.
Mythos signifies an advancement in exploit creation, yet current models possess capabilities as well. Security researchers are already employing more readily available models to report vulnerabilities to companies before they can be exploited externally. This presents a dual risk of malicious actors deploying them for harmful purposes, like engineering exploits for repressive regimes or compromising sensitive data.
Experts in the field anticipate that advancements in AI security will result in a surge of new exploits. Malicious actors could direct AI to identify bugs in niche software that previously received little attention for exploitation.
“Now, because the effort required is minimal, you can target lower-tier items. You can develop exploits for software used by just one company. You can craft exploits for software that exists in a unique configuration utilized by a single corporation. And you can accomplish this dynamically. For instance, during a breach in a hospital, if there’s a barrier between you and your objective, you can simply direct an LLM to that barrier and command, ‘Identify a flaw here,’ and it will iterate until successful. It will uncover a vulnerability, spot a configuration, and execute an exploit for a weakness that has never been discovered before, all with minimal input from the user… the hacker… the script kiddie,” remarked Guido.
This escalates the abilities of script kiddies, he explains, as they can act spontaneously without needing to memorize weaknesses in various UNIX utilities, instead relying on the pretraining embedded within the tool they utilize. They’ll be capable of rapidly cycling through exploits aimed at targeting vulnerabilities at machine speed, something beyond human capacity — even beyond that of a script kiddie.
Determining the exact extent to which this enhances attacker abilities is challenging, although there clearly appears to be a connection. Security researchers can assist in understanding the magnitude of bugs being discovered.
Before Becker began focusing on automatic bug discovery through AI, he specialized in vulnerability research, locating zero-days and notifying maintainers. He stated that it previously took him weeks or even months to identify a high-impact vulnerability in a new codebase, whereas now it requires mere hours.
“I simply feed the code into our AI bug-detection tool, and within hours, I receive a report containing several potential vulnerabilities, most of which end up being valid issues,” he claimed. “The entry barrier to diving into a new million-line codebase and spotting a bug is far lower than it used to be.”
Each rollout of a new automated tool has triggered a wave of concern regarding potential exploitation, regardless of whether these tools are text-to-image generators or open-source systems like the exploit development and delivery framework Metasploit. The anxiety dates back to 1995, when a free software vulnerability scanner named SATAN (an acronym for Security Administrator Tool for Analyzing Networks) was introduced.
Often, automated tools do not bring about the level of chaos that had been anticipated or foretold, due to preventive measures, low uptake rates among attackers, or other variables.
Joshua Saxe, CTO and co-founder of Security Superintelligence Labs, noted in a blog post that exploits themselves do not initiate cyberattacks, and that the adoption of AI vulnerability research tools has been gradual.
“There seems to be an unspoken understanding that once a new adversarial tool becomes accessible… we will instantaneously witness illicit behavior with it. It’s a mindset that overlooks the need to consider what humans are genuinely doing,” he told The Verge.
Saxe highlights that resistance may arise among various factions of attackers adopting these tools into their existing workflows and organizational cultures. “There’s a substantial human and organizational facet here,” he remarked.
“It’s possible certain attacker groups will swiftly embrace these new tools, or the uptake may be rather sluggish.” Some might continue breaching networks through phishing or leveraging exploits they already possess, while others could begin forming new exploits via these tools.
While the pace of adoption is uncertain, companies can take proactive measures to brace for the impending wave of vulnerability reports.
Katie Moussouris, founder and CEO of Luta Security, coined the term “Vulnapalooza” in a blog entry featuring a concert poster and a festival survival guide for security teams, emphasizing this moment as critical for organizations to bolster their vulnerabilities. Their recommendations mirror conventional best practices: segmentation, refining identity and access management, employing memory-safe code, and implementing phishing-resistant authentication alongside up-to-date software.
The Cloud Security Alliance published a rapid strategy briefing focused on formulating a “Mythos-ready” security strategy that encapsulates several of these concepts. The report highlighted the necessity of not only addressing vulnerabilities but also determining which ones to prioritize. However, the urgency to keep pace with machine-speed threats is novel, and the volume of bug reports is already surging, necessitating preparation for an uptick in incidents and their swift containment and mitigation.
Moussouris points out that many individuals in cybersecurity roles have faced layoffs due to AI’s efficiencies, even though these efficiencies are precisely the reason human oversight becomes increasingly essential. Organizations will require human threat hunters, threat intelligence analysts, and incident responders to handle the influx of new exploits. Additionally, they’ll need people to determine which patches demand prioritization and execution.
“We lack an equivalent AI-based defense system to automate all of these functions, and I believe we will need substantial staffing increases,” she articulated. Organizations must also construct secure software and secure network architecture to avoid falling into a ceaseless cycle of patching. “More secure software must be developed initially. We cannot simply respond to incidents as a route to resilience.”
Organizations unable to expand their hiring could at least streamline their vendor onboarding procedures to facilitate quicker engagement of personnel or services when necessary. “Being ensnared in a lengthy vendor procurement process while under siege is a situation to avoid,” Moussouris advised.
Despite widespread concerns about vulnerabilities, Moussouris contends that the anticipated “vulnpocalypse” may actually manifest as a “patchpocalypse.”
“The model has already uncovered thousands of vulnerabilities, and the tsunami of patches that will arise from this collaborative effort will present significant challenges,” she noted.
Organizations that delay patching their systems might face unwelcome surprises. Prolonged inaction increases the risk of active attacks targeting vulnerabilities that AI has identified, potentially employing exploits crafted by the models themselves.
“The timeframe from when a vulnerability is disclosed to when exploit code becomes available has effectively shrunk to nearly zero, representing a significant adjustment that individuals must incorporate into their risk assessments and timelines for action,” she elucidated.
There is a chance to leverage AI to accelerate the remediation or mitigation processes. Becker mentioned that Theori is developing a commercial tool named Xint, which has been operational on open-source codebases, manually reporting critical findings to maintainers and providing detailed reports with remediation guidance at its own expense, serving both as a community defense initiative and to showcase the tool’s capabilities. The current version of Xint was able to identify all the bugs Mythos did while analyzing the same codebases. It also detected 12 additional zero-day vulnerabilities absent from Anthropic’s announcement.
However, addressing these bugs won’t be as swift as discovering them, as it necessitates engineers with extensive familiarity with the codebase to ascertain if the patches represent the optimal solutions or if they could compromise maintainability or clarity in the future. Occasionally, a patch may offer a solution but not the most effective one, thus requiring human time and effort to finalize the remedies.
The considerable increase in reported bugs can lead to a lengthy queue of items to be patched, particularly for open-source maintainers, who may find it challenging to manage the influx.
While not every bug holds value for an attacker, sifting through the pile to identify which ones warrant immediate attention can be nearly as challenging as the fixes themselves.
“Much of the prioritization must be contextual,” Moussouris remarked. For instance, a highly adverse bug existing internally that would be difficult for an outsider to access may rank lower in urgency than a less critical bug that is visible on the organization’s perimeter.
In addition to the prioritization of bugs, organizations must decide when to implement patches that might limit functionality and potentially induce downtime, and when it might be prudent to postpone. The fewer security measures they have in place, the more time they will require for patching.
Simply issuing a patch makes it easier for attackers to reverse-engineer the solution and exploit vulnerabilities they may not have previously identified in unpatched devices. This necessitates that consumers adjust to frequent updates of their software as the volume of critical security fixes escalates significantly. Likewise, organizations should invest in secure architectures to minimize the number of patches they need to oversee initially.
However, as Moussouris encapsulates it, there’s no need for despair. “This doesn’t have to be viewed as the worst possible scenario,” she advised The Verge. “You can approach this as a chance to fortify defenses and secure funding to address issues that have been deferred.”
Regardless of the attitude organizations adopt, they must be ready. The stakes are heightened, and even script kiddies now have substantially more potential to discover and exploit vulnerabilities. Companies require a robust strategy to contend with the emerging threat of AI-facilitated assaults.
“The year 2026 is pivotal; it’s the year to either thrive or fail,” warned Guido. Organizations need to safeguard their systems immediately while they still have an opportunity to proactively manage risks. “If they fail to act, we may reach the end of 2026 amidst chaos.”
