Artificial intelligence (AI) has already changed how we search, write, create images and automate work. Now it is quietly reshaping another domain that touches nearly every connected device on the planet: cybersecurity.
 
A recent announcement from Anthropic has rattled the global security industry. The company revealed, in a preview, that an experimental model called Claude Mythos demonstrated a genuinely unsettling ability — finding hidden weaknesses in software and turning them into working exploits with minimal human guidance. They called it a ‘watershed moment for security’. That is not throwaway language.
 
The vulnerabilities this system uncovered were not trivial bugs. According to Anthropic, the AI found deep, hard-to-spot flaws in operating systems, browsers and internet infrastructure — including bugs that had reportedly gone undetected for years, despite scrutiny from thousands of developers and researchers. Anthropic has kept the model under wraps, citing the immediate risks of wider release.
 
The announcement drew both excitement and scepticism. Some researchers questioned whether the danger was being overstated. Others pointed to the model's steep computing costs as a practical reason for the limited rollout. But the debate around this specific release misses the bigger picture: AI systems are getting remarkably good at offensive cyber tasks that once took years of specialist training.
 
Remember Stuxnet? Discovered in 2010, Stuxnet was a sophisticated cyberweapon widely believed to have been jointly developed by the US and Israel to secretly infiltrate Iran’s air-gapped Natanz nuclear facility through infected USB drives and physically sabotage its uranium enrichment centrifuges. 
 
The point is, with access to new models like Claude Mythos, you no longer need any State-level ‘support’ to create havoc, not just in cyberspace but in critical infrastructure across the world. 
 
Why This Should Concern You
Hacking used to have a high barrier to entry. You needed very good knowledge of programming, networking, operating systems and the ability to develop various tools for exploitation. That barrier is eroding.
 
Modern AI is already analysing enormous volumes of code, spotting suspicious patterns and suggesting fixes. The flip side — using those same capabilities to find weaknesses before defenders do — is equally possible. Security researchers broadly expect AI to compress the time needed to discover vulnerabilities from weeks and days to hours, maybe minutes.
 
That compression creates a dangerous window.
 
Attackers may find flaws before software vendors can patch them. Cybercriminals could automate parts of ransomware operations. State-backed hackers could accelerate espionage. Fraudsters with no real technical skills could gain access to tools previously reserved for elite operators. 
 
At the same time, defenders will deploy AI too — to patch faster, monitor continuously and catch threats earlier. This is becoming an AI-versus-AI contest.
 
The Coming Wave of Automated Attacks
According to Anthropic's technical disclosure, the Mythos model could independently chain multiple vulnerabilities together to compromise a system — creating complex exploit sequences with little human direction. Even more concerning: people with no formal security training are reportedly able to direct the AI to find vulnerabilities and generate functional exploit code.
 
If that capability spreads, the consequences stretch well beyond tech companies.
 
Banks, hospitals, airports, power grids and government departments all run on interconnected software — much of its legacy code never designed for today's threat environment. Large organisations often delay security updates because patching operational systems is expensive and disruptive. 
 
Until 2018, several automated teller machines (ATMs) in India were running Windows XP. That too, when Microsoft officially ended all support for Windows XP in April 2014! Finally, in June 2018, the Reserve Bank of India (RBI) had to issue strict directions to banks and ATM operators to phase out ATMs running on unsupported operating systems and migrate to newer software platforms due to concerns that many machines remained vulnerable to cyberattacks.
 
Industrial equipment, smart devices and older infrastructure — many go unpatched for years. That creates openings. And AI-assisted attackers are becoming much better at finding them.
 
Smart TVs, home routers, internet-connected cameras, industrial sensors and cheap internet of things (IoT) gadgets — these devices often receive poor long-term security support from manufacturers. Security experts have flagged this as a weak link for years. AI-enhanced hacking could make it a crisis.
 
Why AI Is Particularly Good at This
Large language models (LLMs) excel at pattern recognition. Software code is fundamentally a pattern system. Vulnerabilities typically emerge when developers accidentally create unsafe interactions between components — exactly the kind of subtle statistical anomaly AI is well-suited to detect.
 
That doesn't mean AI ‘understands’ code the way an expert engineer does. However, AI can process enormous codebases and flag combinations that correlate with dangerous outcomes — quickly, at scale, without getting tired.
 
The pace of improvement makes this especially unsettling. Capabilities that seemed far-fetched a few years ago are now routine. Security researchers call this the ‘shifting baseline’ problem — we keep adjusting to rapid change without fully grasping how different the landscape has become. For example, a tool that helps with bug detection today may autonomously scan entire infrastructure networks for weaknesses tomorrow.
 
The Short-term Picture Is Rough
AI will likely improve cybersecurity in the long run. But in the near term, many experts think things could get messier before they get better. The reason is straightforward: finding vulnerabilities may become easier and much faster than fixing them.
 
Patch management is already a struggle for many organisations. Updates are delayed due to operational risks, budget constraints, staffing shortages, or compatibility concerns. Critical systems run on outdated platforms that can't be easily upgraded.
 
If AI floods defenders with newly discovered weaknesses, security teams may simply be overwhelmed. Smaller businesses, local governments and under-resourced organisations will feel this most acutely — they are already easier targets and that gap is likely to widen.
 
The Risks Go beyond Hacking
Here is something that doesn't get discussed enough: the same reasoning capabilities that find flaws in software could, in principle, find exploitable gaps in financial regulations, tax frameworks, insurance systems and compliance rules. These systems are also built on complex logical structures. AI trained on them could, in theory, identify vulnerabilities far faster than human regulators can.
 
Fraudsters are already using AI to generate convincing phishing emails, deepfake videos, cloned voices and fake customer support interactions. Future systems may run entire scam operations with minimal human involvement — highly personalised, constantly adapting and difficult to detect.
 
What You Can Actually Do
None of this means you are helpless. Solid digital habits still make a real difference.
Treat unexpected communication as suspicious. AI-generated scams are convincing now and they are getting better. Fake emails, voice calls and messages that imitate your bank, your boss, or a family member are no longer crude or obvious. Don't act on urgent requests involving money, one-time passcodes (OTPs), passwords, or account verification without independently verifying through official channels.
 
Don't open unexpected attachments. Malicious files disguised as invoices, know-your-customer (KYC) forms, courier receipts, or tax documents remain one of the most common attack vectors. This applies to WhatsApp, Telegram, SMS and email alike — especially Android package kit (APK) files or password-protected archives you are not expecting.
 
Update your devices. This one is non-negotiable at this point. Software updates are not minor housekeeping — they are active security protection. Enable automatic updates wherever you can. A huge proportion of successful attacks exploit known vulnerabilities for which patches already exist.
 
Use strong authentication. Enable multi-factor authentication (MFA) on your email, banking and social media accounts. Even if someone steals your password, a second verification layer can stop the takeover.
 
Be careful with smart devices. Connected gadgets often have poor long-term security support. Change default passwords on routers, cameras and smart appliances. Disable unnecessary internet-facing features. When buying connected devices, stick to manufacturers with a track record of issuing regular updates.
 
Protect your personal data. AI fraud becomes more effective the more personal information attackers have. Be deliberate about what you share publicly — birthdays, addresses, travel plans, school information, family details, personal photos and videos. This data is used to craft targeted scams that feel eerily accurate.
 
Verify unexpected voice and video requests. Cybercriminals can clone voices from short audio clips scraped off social media. If a friend or relative urgently asks for money over a call or video message, verify it through another channel before doing anything.
 
Keep backups. Ransomware is still one of the most damaging threats out there. Maintain offline or secure cloud backups of anything important. Regular backups limit the damage significantly if something goes wrong.
 
A New Digital Arms Race
AI-driven vulnerability discovery is the beginning of a real shift in cybersecurity — not just an incremental upgrade. Powerful AI tools will become standard on both sides of the fence. Over time, defensive systems may gain the advantage by catching flaws before software even ships.
 
But the transition period will be more turbulent than our wildest imagination.
 
For ordinary people, the lesson is practical and immediate: cyber hygiene can no longer be an afterthought. Every phone, banking app, email account and connected device now exists in a threat landscape shaped increasingly by AI. Scams will get more convincing. Attacks will become more automated. Deception will be harder to spot.
 
Staying alert, questioning what you receive and keeping your digital house in order — these are not technical skills. They are common-sense habits that are becoming genuinely essential.
 
Stay Alert, Stay Safe!