I remember when cyber operations lived inside scripts. They moved into frameworks, then into automated pipelines, then into what we somewhat optimistically called orchestration. Each step compressed time and lowered required expertise. Frontier AI is starting to look to me less like the next step in that sequence and more like a different thing.
What seems to separate frontier AI from the automation we have lived with, in what I have seen so far, is less about efficiency and more about independence. A model that can conduct reconnaissance across an unbounded attack surface, identify vulnerabilities without predefined signatures, assist in exploit chaining and adapt based on feedback feels less like enhancing an analyst’s workflow and more like operating with reduced human constraint. That shifts the economics of offense in ways that break assumptions most security programs still quietly rely on.
The Mythos Preview disclosure made the shift concrete. The model reportedly surfaced thousands of high-severity vulnerabilities, including findings in every major operating system and web browser, and chained multiple vulnerabilities into novel attacks with limited human direction. A specific example that landed for many readers was a 17-year-old remote code execution flaw in the FreeBSD NFS server (CVE-2026-4747), which Mythos identified and exploited autonomously after a single prompt. The defensive coalition Anthropic assembled under Project Glasswing includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, with extended access reaching more than forty additional organizations responsible for critical software infrastructure, backed by roughly $100M in usage credits and $4M in donations to open-source security work. That is not a marketing exercise. It is a coordinated reaction to a threat model that has already moved. The fact that the coalition is now drawing antitrust scrutiny is itself a signal: This is no longer experimental.
The line that stayed with me from Anthropic’s own writeup was that the model could execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously, completing in hours what would take human professionals days. Pair that with multiple frontier models from OpenAI now operating at the “High” cybersecurity threshold under its Preparedness Framework, including a defender-permissive variant (5.4-Cyber) built specifically for verified security teams, and with the disclosed incident of GTG-1002, the Chinese state-sponsored actor Anthropic publicly attributed in November 2025, jailbreaking Claude Code (by fragmenting tasks and posing as a defensive testing employee at a legitimate cybersecurity firm) to automate 80 to 90 percent of an operation that touched roughly 30 global targets and successfully breached four, and the trajectory stops being speculative. It is observable. The November 2025 GTG-1002 disclosure already touched regulated sectors, including financial institutions and chemical manufacturing, and AI-assisted pre-positioning against critical infrastructure is now documented in nation-state activity reports. The named, attributed, high-impact incident that will make this concrete to a board has not yet occurred publicly. The pattern is no longer hypothetical.
