Artificial intelligence (AI) technology offers a positive contribution to improving our cybersecurity. However, it can also facilitate and accelerate cyberattacks. Therefore, immediate action is needed.

That’s what the National Cyber Security Center (NCSC) in the Netherlands recommends.

Anthropic recently announced Mythos, an AI model that focuses on finding and fixing software vulnerabilities. It’s being promoted as the “most capable frontier model to date.”

Security experts and institutions like the NCSC have applauded the potential of Mythos-like models.

However, Mythos is like a knife that cuts on both sides. It can be used by professionals to enhance their cybersecurity capabilities, but also by hackers to detect and exploit unknown vulnerabilities.

That’s why, at least for now, only a limited group of large tech companies has been given access to Mythos. But for how long?

“Our eventual goal is to enable our users to safely deploy Mythos-class models at scale, for cybersecurity purposes, but also for the myriad other benefits that such highly capable models will bring,” Anthropic said when introducing its AI-powered bug detection tool.

According to the NCSC, Mythos doesn’t just detect separate vulnerabilities – it also uses them in conjunction to construct chain attacks.

“This increases the risk that small, seemingly harmless bugs could, when combined, enable a serious attack. At the same time, there is a lack of public technical details to verify the full impact; it is plausible that real vulnerabilities are being exploited, but it is less clear how easily they can be exploited in practice,” the NCSC explains.

According to the Dutch cybersecurity agency, it’s likely that similar capabilities in other AI models, such as OpenAI’s GPT-5.4 Cyber, will become more widely available quickly. Pushing the public release of such models endangers businesses and organizations.

“Response cycles measured in days are now measured in hours – weeks have become days. Organizations that fail to accelerate their patching processes, monitoring, and incident response are demonstrably at greater risk. The message to organizations: don’t treat this as just another ‘trend,’ but as a structural shift in the pace of both attacks and defense,” the NCSC states.

Businesses and organizations are recommended to explicitly incorporate AI developments into their security measures and protocols.

“Anticipate attacks that occur faster, more automated, and in larger numbers. AI can offer a solution in supporting defense in this regard, for example, in detecting anomalies in networks,” the NCSC concludes.

---

Unlock more exclusive Cybernews content on YouTube.