News Ticker

The AI Hackers Are Here and No System Is Safe

May 9, 2026 UKR Editor TECHNOLOGY 0

The AI hackers are here and no system is safe. Are government health, tax and ID departments already paying ransoms for data breaches

Is the sale of confidential information on the ‘dark web?

PETER HALLIGAN

From here:

Anthrophic’s Mythos: Experts warn cyber threat was already here

  • Cybersecurity experts and AI researchers tell CNBC that the perils revealed by Mythos are achievable using older models, including those from Anthropic and OpenAI.
  • AI is accelerating how quickly vulnerabilities are found, but companies still take days or weeks to patch them, creating a widening gap that leaves systems exposed.
  • While Anthropic, OpenAI and others are working on developing cyber defense capabilities, the initial advantage goes to offense, not defense, say researchers.
  • In comments to CNBC, Anthropic didn’t dispute that earlier models were capable of finding software vulnerabilities.

Global banks, tech giants and governments were sent scrambling last month to contain the risks posed by Mythos, the Anthropic model said to be so powerful that it has found thousands of previously unknown vulnerabilities in the world’s software infrastructure.

“The danger is just some enormous increase in the amount of vulnerabilities, in the amount of breaches, in the financial damage that’s done from ransomware on schools, hospitals, not to mention banks,” Anthropic CEO Dario Amodei said this week at an Anthropic event.

‘Scary enough’

But to those fighting in the trenches of cyber warfare, one of the key capabilities advertised by Anthropic — to find software vulnerabilities at scale — has been around since last year.

“The models that we have right now are powerful enough to detect zero days in a large scale, and this is scary enough,” Klaudia Kloc, CEO of cybersecurity firm Vidoc, told CNBC.

That has been the case for “a couple of months, if not a year,” she said.

The term “zero-day” refers to a previously unknown software flaw that hasn’t been patched, giving attackers a window to exploit it before defenders can respond.

Researchers at Vidoc leaned on a technique called “orchestration” to test if they could find the same vulnerabilities that Mythos did. As the name suggests, the process involves creating workflows that split code into smaller pieces, coordinating between various tools or models to cross-check results.

“We ran older models against the same code base to see if we’d be able to detect the same vulnerabilities,” Kloc said. “We did, with both OpenAI and Anthropic’s older models.”

Another cybersecurity firm, Aisle, found that many of Mythos’s headline results could be reproduced using cheaper models working in parallel — suggesting that scale and coordination were more important than having the latest model.

In fact, a company spokesperson said, Anthropic has been warning for months that AI’s cyber capabilities were advancing rapidly. They pointed to a February blog post showing that Claude Opus 4.6, a widely available model, found more than 500 “high severity” vulnerabilities in open-source software.

What makes Mythos different is its ability to take the next step, developing working exploits with little or no human input, effectively automating a process that previously required skilled researchers, the Anthropic spokesperson said.

But hackers working for criminal groups and adversarial nations already have this skill set, cyber researchers say. Hackers in North Korea, China and Russia “know how to do this, with or without Anthropic,” Kloc said.

The threat of AI-enabled hacking has corporations and government regulators worried about protecting crucial systems from a new wave of ransomware and other types of attacks, according to Harris.

He described conversations with banks, insurers and regulators in recent weeks as “hysteria.”

Which father begs the question. “how many government (or other) systems – many written in insecure code years ago, have already been ‘burgled’ by malicious AI and how much crypto/money has been paid to criminals to silence them or prevent personal data being sold on the ‘dark web’

From Brave AI:

“The dark web is a small, intentionally hidden segment of the deep web that requires specialized software, such as the Tor browser, to access. Unlike the surface web, which is indexed by standard search engines, dark web content is not publicly searchable and is designed to provide anonymity for both users and website operators through layered encryption and traffic routing.

While the dark web is often associated with illegal activities like cybercrimedrug trafficking, and data theft, it also serves legitimate purposes. It is used by journalistswhistleblowers, and activists to communicate securely in regions with strict censorship or surveillance, as well as by law enforcement and security researchers to monitor threats.”

How would any taxpayer ever get an answer to such a question or even know if their data had been captured and sold?

*

Please take a (paid or unpaid) subscription or forward this article to those you think might be interested.

You can also donate via Ko-fi – any amount from three dollars upwards. Ko-fi donations here:

https://ko-fi.com/peterhalligan

This article (The AI hackers are here and no system is safe. Are government health, tax and ID departments already paying ransoms for data breaches) was created and published by Peter Halligan and is republished here under “Fair Use”

Be the first to comment

Leave a Reply

Your email address will not be published.


*


Copyright © 2012 - 2026 | TLB Project™ LLC