Cybersecurity

The 😺 and 🐭 game

AI as hacker’s favorite Tool — and Cybersecurity’s Secret Weapon

 

 

[ Disclaimer: This review has been researched by Claude, the AI from Anthropic, with mayor editing by me to reduce length and improve readability. ] 

 

 

There is a moment in every arms race when both sides start using the same weapons.

In cybersecurity, that moment has arrived.

The AI that helps defenders detect attacks faster is the same AI helping attackers launch them. The cat and the mouse are now running on identical engines. What matters is who is steering.

 

WHAT AI DOES FOR DEFENDERS

 

Speed. Modern cyberattacks move at machine speed. Human security teams simply cannot review, correlate, and respond to thousands of alerts fast enough. AI can — continuously, around the clock, without fatigue.

Pattern recognition. Old security systems worked from lists of known threats. AI works differently: it learns what “normal” looks like for a specific network or user, and flags anything that deviates — even threats it has never seen before.

Autonomous response. The newest defensive AI doesn’t just detect threats. It acts on them — containing damage, isolating compromised systems, and alerting human analysts — before a human has even read the first warning.

The human security professional doesn’t disappear in this picture. Their role shifts: less time reacting to individual alerts, more time designing and supervising the systems that respond.

 

WHAT AI DOES FOR ATTACKERS

 

The same capabilities. Different intentions.

More convincing deception. AI-generated phishing emails — the fake messages designed to trick you into clicking a link or handing over a password — are now four times more likely to succeed than human-written ones. The spelling mistakes are gone. The generic language is gone. The message looks exactly like something a trusted contact would send.

Adaptive malware. Some AI-enabled attack software can analyze a target’s defenses in real time and change its own behavior to avoid detection. It learns as it goes.

Lower barriers to entry. Sophisticated hacking used to require years of technical expertise. AI now handles much of that work on request — writing attack code, mapping unfamiliar networks, analyzing stolen data. The barrier to entry has dropped from highly technical to merely motivated.

One person, the output of a team. This is perhaps the most significant shift. A single attacker with the right AI tools can now execute operations that previously required an entire team of specialists — at a fraction of the time and cost.

 

Anthropic’s MYTHOS 

THE MODEL TOO DANGEROUS TO RELEASE

 

In April 2026, Anthropic — the company behind Claude — announced a new AI model called Mythos Preview.

Then immediately announced it would not be making it publicly available.

The reason: Mythos can autonomously hunt for hidden security vulnerabilities — the kind of unknown software flaws that, once found, can be used to break into virtually any system. It found thousands of critical vulnerabilities across every major operating system and web browser. Over 99% of them were still unpatched when disclosed.

No human security team works at that speed or scale.

The defensive response: Project Glasswing.

Rather than shelving the model, Anthropic formed a coalition — including Amazon, Apple, Microsoft, Google, Cisco, and others — to use Mythos to find and fix vulnerabilities before malicious actors can exploit them. The idea: if this capability exists inside Anthropic, equivalent capability almost certainly exists or is being built inside state-level adversaries. Better to use it defensively now.

It is a serious attempt to do the responsible thing with a genuinely dangerous tool.

The problem nobody wants to say out loud:

Vulnerabilities are being discovered faster than they can be patched. The bottleneck is not the AI finding the holes — it is the slow, fragmented human infrastructure responsible for actually fixing them.

And the nations most likely to build Mythos-equivalent models — with no interest in disclosure, no defensive coalition, and every interest in keeping those vulnerabilities secret and exploitable — are already in the race.

 

THE HONEST PICTURE

 

Three things are true simultaneously in 2026:

AI is making cybersecurity defenses meaningfully stronger. Organizations using AI security tools detect threats faster, respond more effectively, and handle attack volumes no human team could manage alone.

AI is making cyberattacks meaningfully more dangerous. Attacks are faster, more convincing, more scalable, and accessible to far more people than before.

The guardrails are not enough on their own. Determined attackers find ways around AI safety filters — through persistence, creativity, and social engineering. No commercial AI model can reliably tell a legitimate security researcher from a malicious actor in every situation.

The cat and mouse game has not been won by either side.

It has simply gotten faster.

 

Based on reports from Fortinet, SentinelOne, Google Cloud, Gambit Security, Anthropic, Bruce Schneier on Security, Fortune, and the Cloud Security Alliance — May 2026.