Last month, **Anthropic** announced its new model, Claude Mythos Preview, with a unique caveat: its vulnerability-finding capabilities were so advanced that it would only be available to a select group of companies for internal scanning and remediation. This announcement, while attention-grabbing, highlights a broader trend: AI's increasing proficiency in identifying software vulnerabilities. ### AI's Growing Prowess in Vulnerability Detection While **Anthropic**'s model is highly capable, other models are also demonstrating similar abilities. The UK’s AI Security Institute found that **OpenAI**’s GPT-5.5 offers comparable capabilities. Additionally, the company Aisle reproduced **Anthropic**’s results using smaller, more cost-effective models. **Anthropic**'s limited release of Mythos may also be driven by practical considerations. Running such a powerful model is resource-intensive, and a general release may not be feasible. By restricting access, **Anthropic** can highlight the model's potential without fully demonstrating it. ### The Dual Nature of AI in Cybersecurity The core issue is that modern generative AI systems, including **Anthropic**'s, **OpenAI**'s, and open-source alternatives, are becoming adept at finding and exploiting vulnerabilities. This has significant implications for both offensive and defensive cybersecurity strategies. Attackers can leverage these AI capabilities to discover and automatically exploit vulnerabilities in various systems. This could lead to breaches in critical infrastructure, ransomware attacks, data theft, and system control during conflicts, creating a more dangerous digital landscape. Conversely, defenders can utilize these same AI tools to identify and patch vulnerabilities. For instance, **Mozilla** used Mythos to uncover 271 vulnerabilities in **Firefox**. These vulnerabilities were subsequently fixed, eliminating potential attack vectors. The future may see AI-driven vulnerability detection and patching as a standard part of the software development lifecycle, resulting in more secure software. ### Short-Term Risks and Long-Term Potential Expect a surge in both attacks exploiting newly discovered vulnerabilities and frequent software updates. However, many systems remain unpatchable or are not regularly updated, leaving vulnerabilities exposed. Currently, exploiting vulnerabilities appears to be easier than finding and fixing them, suggesting increased short-term risks. Organizations will need to adapt their security strategies to this evolving threat landscape. Looking ahead, AI's ability to write secure software is expected to improve continuously. Ultimately, AI-enhanced defenders may gain an advantage over AI-enhanced attackers. ### Beyond Cybersecurity: AI and Systemic Vulnerabilities The implications extend beyond cybersecurity. The pattern-matching and reasoning capabilities that make AI effective at analyzing software can be applied to other complex systems. For example, AI could identify loopholes in tax codes, environmental regulations, and food safety rules. Investment banks may already be using AI to analyze tax codes, seeking money-saving strategies. The potential for AI to uncover complex loopholes, such as those involving multiple jurisdictions, is significant. This could lead to decreased government revenue and regulatory evasion. Unlike software vulnerabilities that can be patched quickly, amending tax codes or regulations is a lengthy and often politically charged process. The carried interest loophole in the US tax code, exploited for decades, exemplifies this challenge. AI is poised to transform society. Just as the industrial revolution amplified physical capabilities, the AI revolution will amplify cognitive abilities. Adapting to this new reality, characterized by a deluge of vulnerabilities in both software and other complex systems, will be challenging but essential.