Skip to Content
CNN - Business/Consumer

Anthropic’s next model could be a ‘watershed moment’ for cybersecurity. Experts say that could also be a concern

<i>Manuel Orbegozo/Reuters via CNN Newsource</i><br/>People march across San Francisco from Anthropic's headquarters to OpenAI to xAI
<i>Manuel Orbegozo/Reuters via CNN Newsource</i><br/>People march across San Francisco from Anthropic's headquarters to OpenAI to xAI
By
today at 2:30 AM
Published 6:38 AM

By Hadas Gold, Sean Lyngaas, CNN

(CNN) — The next wave of AI-powered cybersecurity attacks will be like nothing we’ve seen before.

That’s the message AI company Anthropic sent in a leaked blog post last week, in which it warned that its upcoming AI model, called Mythos, and others like it can exploit vulnerabilities at an unprecedented pace.

And it’s not the only one: OpenAI warned in December that its upcoming models posed a “high” cybersecurity risk. Experts have already said AI can amplify existing dangers and rapidly generate new software hacks.

But the rise of AI agents, or AI assistants that can carry out tasks autonomously, takes that risk to another level, some experts warn. A single AI agent could scan for vulnerabilities and potentially take advantage of them faster and more persistently than hundreds of human hackers.

“The agentic attackers are coming,” said Shlomo Kramer, founder and CEO of cybersecurity and networking company Cato Networks. “This is a watershed event in the history of cybersecurity.”

The “Mythos” leak

Details about Mythos leaked in an unpublished blog post first reported on by Fortune. Anthropic did not respond to CNN’s request for comment. But the company told Fortune the leak was a result of human error within its content management system.

“Although Mythos is currently far ahead of any other AI model in cyber capabilities, it presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders,” Anthropic said in the draft.

The company is letting certain organizations test the model ahead of time to improve their systems “against the impending wave of AI-driven exploits,” it said.

Anthropic is also privately warning government officials about the potential for large-scale cyberattacks enabled by Mythos, according to Axios.

But every lab’s next model will pose increasingly severe cybersecurity threats, Kramer told CNN.

“Behind Mythos is the next OpenAI model, and the next Google Gemini, and a few months behind them are the open-source Chinese models,” he said.

AI is making it possible to exploit vulnerabilities almost immediately after discovering them, said Evan Peña, chief offensive security officer at cybersecurity firm Armadin.

But there are still limits to what the models can do, according to Peña.

Advanced AI models are good for researching software vulnerabilities and developing code to exploit them. But they lack the context a human hacker would have on what an organization’s most valuable information to steal is, Peña said.

There will always be room for humans in a cyberattack using AI, said Joe Lin, co-founder and CEO of Twenty, a firm that sells offensive cyber capabilities to the US government.

“We must ensure we are building weapons systems where humans remain firmly in control of decisions and outcomes, because while the machine handles the execution, the human must always own the consequences,” he said.

AI-powered cyberattacks on the rise

An example of how AI has made relatively unskilled hackers more dangerous came in January, when a Russian-speaking cybercriminal used multiple AI tools to hack over 600 devices running a popular firewall software in more than 55 countries, according to Amazon Web Services’ security research team. The hacker used generative AI services to “implement and scale well-known attack techniques throughout every phase of their operations, despite their limited technical capabilities,” AWS said.

The hacker used Anthropic’s Claude model as well as Chinese-made DeepSeek in the attack, according to Eyal Sela, director of threat intelligence at Gambit Security. At one point, the hacker asked Claude in Russian to create a web panel for managing hundreds of the hackers’ targets, according to chat logs the hacker had with AI models that Sela shared with CNN.

AI gives hackers of varying skill “superpowers” by simplifying the technical knowledge required to exploit systems, according to Sela.

In February a hacker used Claude in a series of attacks against Mexican government agencies, stealing sensitive tax and voter information, Bloomberg reported.

China and other US adversaries are “hunting for any edge to improve the performance of their homegrown AI,” said Lin.

That means potentially mining any leaks of US AI models to try to “supercharge their own cyber weapons systems,” he said.

AI advancements in cybersecurity are a double-edged sword: Attackers can use AI models and agents to boost their abilities, while those same capabilities enable continuous monitoring, faster threat identification, and automated patching at a scale no human team could match.

But the attackers only need to find one way in, while defenders have to cover every surface. Kramer described it as building an “army of good guys” to “fight the army of bad guys” just to hold the line.

“You need to run as fast as you can in order to stay in the same place,” he said.

The-CNN-Wire
™ & © 2026 Cable News Network, Inc., a Warner Bros. Discovery Company. All rights reserved.

Article Topic Follows: CNN - Business/Consumer

Jump to comments ↓

CNN Newsource

BE PART OF THE CONVERSATION

News Channel 3 is committed to providing a forum for civil and constructive conversation.

Please keep your comments respectful and relevant. You can review our Community Guidelines by clicking here

If you would like to share a story idea, please submit it here.