The World Economic Forum (WEF) warns that the emergence of advanced AI systems such as Anthropic’s Mythos marks a turning point for cybersecurity, in which machines can autonomously identify previously unknown vulnerabilities, generate exploits, and execute complex attack pathways with minimal human input. This shift collapses the traditional gap between defenders and attackers, accelerating both threat discovery and weaponization while raising concerns that existing security models are ill-equipped to manage the speed and scale of AI-driven cyber risk.
In a post, Chiara Barbeschi, WEF’s specialist for cyber resilience, and Tarik Fayad, strategic integration at MENA’s Centre for AI Excellence at the WEF, frame this as a systemic inflection point rather than a single technological leap, arguing that frontier AI is reshaping cybersecurity into a continuous, high-velocity contest where advantage depends on how quickly organizations can integrate AI into defense strategies. It underscores that governance, safeguards and controlled access to such powerful models are becoming critical, as the same capabilities that can strengthen resilience can also be repurposed to amplify large-scale cyber threats if misused.
The Apr. 7 announcement by Anthropic on the release of the Claude Mythos Preview, a frontier AI model so powerful (or risky) that the company decided not to release it to the public, signals a critical shift in the AI landscape, where constraints on deployment are no longer commercial, but security-driven.
According to Anthropic, Mythos can autonomously identify previously unknown vulnerabilities, generate working exploits and carry out complex cyber operations with minimal human input. Testing identified several related weaknesses across systems, though these results remain subject to further validation and vary in terms of severity and real-world exploitability.
This reflects a broader turning point where frontier AI systems are becoming more autonomous and powerful, but also harder to control once deployed. The cautious way forward is to treat these models less as consumer products and more as strategic assets. Ultimately, it underscores a new reality where AI capability is advancing faster than the ability to safely govern it, making security the primary gatekeeper for release.
Noting that companies can build advanced AI systems but are not yet confident they can deploy them safely, without unintended consequences, Barbeschi and Fayad recognize that tasks that once required highly specialized teams working for weeks or months can now be performed in hours. “This has two immediate consequences. First, it could significantly strengthen defences by accelerating the discovery of vulnerabilities. Second, it could lower the barrier for launching sophisticated cyberattacks, enabling a wider range of actors to operate at a higher level.”
Clearly, this is not just a cybersecurity issue. It is a resilience issue for global stability. Critical infrastructure, financial systems and supply chains all depend on digital systems that could be exposed to faster, more scalable forms of attack.
Barbeschi and Fayad identify that the Mythos episode surfaces three immediate questions for business and security leaders, starting with whether AI will make cyberattacks easier to launch. The answer is yes, but unevenly. By automating complex technical tasks, systems like Mythos can lower the barrier to entry for attacks on simpler systems, enabling them to be carried out with limited human input. More complex and well-secured environments are still likely to require experienced operators, meaning the overall effect may be a rise in incident frequency alongside a concentration of more advanced attacks in the hands of skilled actors.
The second question is whether organizations are prepared to respond at AI speed, and the reality is that most are not. Even now, many struggle to keep pace with a rapidly evolving threat landscape, with a large majority of leaders identifying AI-driven vulnerabilities as the fastest-growing cyber risk. As AI accelerates the discovery of weaknesses, the bottleneck will shift from finding vulnerabilities to fixing them quickly enough, rendering patch cycles measured in weeks increasingly obsolete in a threat environment where exploitation can happen within hours.
The third issue centers on control, as access to these capabilities remains unsettled. Anthropic has opted to restrict Mythos to a small group of trusted partners rather than release it broadly, but there are still no globally agreed rules governing who should access such systems or how their use should be controlled.
Anthropic responded by restricting access to its capabilities and collaborating with a small group of trusted organizations to secure critical systems before wider proliferation. That approach, however, is only a starting point. These capabilities are unlikely to remain confined to a single company, with similar systems expected to emerge across the industry, increasing the urgency for coordinated action.
For business and policy leaders, the priorities are becoming clearer. Cyber risk must be elevated to the strategic level and treated as a boardroom issue with defined accountability. Organizations will need to invest in AI-native defenses that can match the speed and scale of AI-driven attacks, particularly through automated detection and response. Public and private collaboration will be essential, as no single entity can manage this risk alone.
At the same time, response timelines must compress significantly, with detection, remediation and patching cycles accelerating to keep pace with threats that can evolve and be exploited within hours. Cybersecurity is no longer a purely technical function but a central pillar of economic resilience, trust and stability.
Barbeschi and Fayad noted that Anthropic’s Mythos offers a preview of a near future in which AI both strengthens and destabilizes the digital systems that underpin the global economy. “The transition may not be smooth. Defensive capabilities are improving, but unevenly. At the same time, offensive capabilities may spread more quickly, creating a period of heightened risk before a new equilibrium is established.”
They added that as the speed of AI development continuously outpaces governance, coordination and security practices, the key challenge is not just technological. It is institutional and increasingly geopolitical. As countries and companies race to develop and deploy frontier AI capabilities, there is a risk that approaches to access, control and security diverge. Without coordination, this could lead to fragmented standards, uneven levels of protection and greater systemic vulnerability.
“The question is no longer whether such capabilities will emerge, but whether institutions can adapt quickly enough to manage them,” according to the post. “The answer will shape not only the future of cybersecurity, but the resilience of the digital systems on which societies and economies increasingly depend.”
