Advanced AI models such as Anthropic's Claude Mythos Preview and OpenAI's GPT-5.5-Cyber are nearly as skilled as elite human hackers at finding and exploiting vulnerabilities. These were not released publicly; instead, limited access was granted to partners and agencies for defensive use. Mythos has already uncovered thousands of long-hidden bugs in open-source packages critical to the internet.
Mozilla leveraged Mythos to remediate over 400 Firefox bugs in one month, far exceeding normal rates. AI agents can monitor for intrusions continuously and help patch faster. However, the Trump administration forced revocation of public Mythos access, removing a key defensive tool. Free open-source AI hacking tools still enable criminals despite guardrails on commercial models.
Software companies now use AI for bug scanning, explaining more frequent updates. Yet efforts lag, as open-source models will soon match restricted ones. Coding agents themselves introduce insecure code via hallucinations, and integrated AI systems create new attack surfaces, as seen when criminals simply asked Meta's AI for account access.
Defense remains harder than offense; missing one vulnerability can be catastrophic. Anthropic notes Mythos helps secure upstream software for resource-poor organizations like hospitals. Experts warn 2026 could see major successful attacks affecting millions.