The question for executives is no longer whether AI will impact cybersecurity. Rather, it is whether their organization is still operating on assumptions from a pre-self-governing world.
newly Boundary models provided From OpenAI and Anthropic threaten the ability to exploit software vulnerabilities on a scale that no human team can match.
New evaluation Released The UK government’s Artificial Intelligence Security Institute (AISI) on Monday (April 13) conducted assessments of Anthropic’s Cloud Mythos Preview and found that it has successfully crossed into the early stages of operational cyber capability.
In the simulated environments, the model did not simply execute isolated commands. It combined reconnaissance, exploitation, persistence, and lateral movement into a cohesive attack sequence. It modified its approach when steps failed, maintaining continuity across stages that traditionally required human oversight.
Historically, sophisticated cyberattacks have been limited by talent. Skilled operators are expensive, rare, and often linked to the state or well-funded criminal groups.
The latest models by the world’s largest AI providers could represent a critical inflection point for cybersecurity. AI is no longer just a tool in the hands of attackers; He began to replicate aspects of the striker himself.
Advertisement: Scroll to continue
Read more: AI is cracking open banking before quantum gets the chance
For CFOs and CISOs alike, the implication is increasingly stark. Cyber risks are shifting from a targeted phenomenon to something more akin to perimeter exposure. Not only are organizations selected; They are constantly checked, checked and tested by systems that operate on a large scale.
The average enterprise, with uneven patching processes, accounts with excessive permissions, and inconsistent configuration management, now has easier access to multi-step intrusion attempts that can be executed, or at least coordinated, by AI systems.
However, the most important takeaway from the Mythos assessment is not that AI can actually carry out flawless cyberattacks. It is not possible. As the UK report noted, the success rate is partial, the model’s capabilities are limited, and its deployment remains under control.
But systems that can plan and execute multi-stage intrusions, even inconsistently, represent a baseline that will improve. More computing, better coordination, and tighter integration with external tools will increasingly close the gap between partial and reliable capability.
For CISOs, this means designing for a world where innovation is no longer rare. For CFOs, this means recognizing cyber risk not as an occasional disruption, but as an ongoing, evolving cost of doing business in the digital economy.
The baseline has moved. The question is who will move with it.
For all of our PYMNTS AI coverage, subscribe to our daily newsletter Amnesty International newsletter.
