Last week, a story made the rounds: Anthropic unveiled Claude Mythos, an AI model that can reportedly find and exploit security vulnerabilities in major operating systems and browsers on its own. It is said to significantly outperform every publicly available model. According to Bloomberg, the heads of systemically important US banks were summoned to an urgent meeting to discuss the potential implications. Germany’s Federal Office for Information Security (BSI) expects, according to dpa, a “fundamental shift in how vulnerabilities are handled and in the vulnerability landscape as a whole”.
Anthropic has only made the model available to a small circle of technology companies so far. Independent assessments do not exist. All claims come from Anthropic itself, and the media buzz carries unmistakable hype. Whether Mythos is truly as powerful as claimed remains to be seen.
What holds true regardless of Mythos: AI systems are getting more capable by the day. Mythos is not an outlier. It is another signal. Behind it lies a structural shift that has been underway for some time.
The Structural Shift
The balance of power between offense and defense in cybersecurity has been shifting for years. Attacks became cheaper, automation lowered the required expertise, while defenders scaled linearly with whatever budget they had. OWASP calls this imbalance asymmetric warfare.
Offensive AI brings together three things that did not previously coexist: it adapts, it is efficient, and it scales almost without limit. A human attacker can probe a system in a handful of ways at once. An AI-powered system can approach the same target from a thousand angles simultaneously, at the same quality, without fatigue, without a learning curve.
The attack surface is not limited to AI systems themselves. The entire existing digital infrastructure is in play: web applications, APIs, internal systems, supply chains. The pace is accelerating: the window between a vulnerability being discovered and being exploited is shrinking toward zero. What used to take weeks will soon happen in hours.
Good Architecture Helps, but Is Not Enough
Isolation, network segmentation, zero trust: for organizations, these concepts are nearly indispensable today. They segment the attack surface, slow down lateral movement, and make attacks more expensive. Strongly recommended.
But ultimately, this alone does not protect. The higher the effort required, the higher the potential reward tends to be. Anyone who believes they can rest on their architecture without constantly rethinking it underestimates how adaptive modern attackers have become.
Why This Matters Now
What does this mean in practice for those responsible inside organizations?
Most of an enterprise IT landscape is not built in-house. It runs on third-party products. Every external piece of software, every library, every SaaS integration extends the attack surface. Application teams and product managers carry direct responsibility: ensuring that all vulnerabilities in deployed products are known and resolved before they are exploited is becoming a baseline requirement. The same applies to the development process itself: code reviews, static analysis, and dependency scanning are no longer optional.
As the attack surface grows, so does the workload of those who monitor it. For security teams, the focus in vulnerability management shifts fundamentally. Systems need to be understood holistically; application owners should have a playbook for immediate compensating measures. Vulnerabilities that individually carry low severity can be devastating in combination. And that combination is becoming far more likely through AI. The question is no longer which gap to close first, but how fast it can be closed. Automated detection provides the critical head start. Those who spot anomalies early can respond before an attack escalates. Those who do not will find themselves in a race they structurally cannot win.
Operational measures alone are not enough when the underlying risk model no longer holds. CISOs and risk managers need to rethink their classical approach. CVSS-based prioritization breaks down when the exploit probability for every known vulnerability approaches 1. The range of possible incidents grows wider, estimates become less reliable, and residual risks that were previously deemed acceptable no longer are. This needs to be communicated before it has to be explained in the middle of a crisis.
Act Before Others Do
Those who want to hold their own against AI-powered attackers need comparable tools on the defense side, and the competence to use them. AI-driven attack simulation and automated anomaly detection are not a luxury.
Offensive AI systems are not a future scenario. They are here. The only open question is who acts first: the attackers or us.