Recent research from Anthropic on its Claude Mythos Preview model suggests a step change in how quickly AI can help identify vulnerabilities and build working exploits. While these claims come from the vendor itself and should be treated with caution, the wider direction of travel is clear: advanced AI is compressing the time between weakness discovery and potential attack. Many experts agree that organisations should avoid panic and focus on preparation. At this stage, it’s crucial to reinforce current protections by practising good cyber hygiene.
The NCSC describes these systems as “frontier AI” and notes that they are changing the cost, speed and scale of cyber operations. Today’s models still have limits, but those limits are improving quickly.
- They can still be slow on complex tasks
- They are not yet consistently strong in every specialist domain
- Long, multi-stage operations can still lose context
- Outputs can still be inconsistent.
That matters because defenders should assume these capabilities will continue to improve and become more accessible.
Why this matters
From a CIO perspective, the most important shifts are:
- Reconnaissance at machine speed. AI can help attackers scan environments, identify weaknesses and prioritise likely attack paths far faster than traditional manual methods.
- Faster path from discovery to exploitation. The time between a vulnerability being found and an attacker attempting to use it is shrinking, increasing pressure on patching, detection and containment.
- Lower barriers for attackers. As capability becomes cheaper and easier to access, more threat actors can operate at a higher level.
The key point is simple: frontier AI does not create entirely new cyber risks, but it does amplify existing ones through speed, scale and automation.
- Less time to respond once weaknesses are exposed.
- More attacks from a broader range of threat actors.
- Greater pressure on cyber teams to detect, prioritise and respond faster.
In other words: if your fundamentals are weak, frontier AI will expose that faster.
What should leaders focus on?
My advice is to strengthen the basics and accelerate the response model:
- Improve visibility of internet-facing assets and reduce unknown exposure.
- Tighten vulnerability management and reduce time to patch high-risk systems.
- Review detection, containment and incident response processes for a faster threat environment.
- Ensure Business Continuity plans are in place and regularly tested.
- Use automation and defensive AI where it genuinely improves speed and control.
- Ensure suppliers and partners can keep pace with the same threat shift
- Keep staff awareness high, especially around phishing and social engineering.
- Treat this as a leadership issue, not just a technical one.
Paul Jones, Chief Information Officer