{"url":"https://www.economist.com/science-and-technology/2026/04/15/how-ai-hackers-will-shake-up-cyber-security","title":"AI hackers shake up cyber-security","domain":"economist.com","imageUrl":"https://images.pexels.com/photos/1933900/pexels-photo-1933900.jpeg?auto=compress&cs=tinysrgb&h=650&w=940","pexelsSearchTerm":"AI cybersecurity hackers","category":"Tech","language":"en","slug":"fd5a3932","id":"fd5a3932-ff04-4241-b56a-a15dda5653a4","description":"Anthropic withholds its powerful AI model Mythos from public release due to its skill at finding software vulnerabilities.","summary":"## TL;DR\n- Anthropic withholds its powerful AI model **Mythos** from public release due to its skill at finding software vulnerabilities.\n- Mythos found thousands of high- or critical-severity zero-day bugs in systems like **FreeBSD**, **FFmpeg**, and cloud software.\n- AI bug-hunting may disrupt cyber-security short-term but ultimately aid defenders by enabling thorough pre-release checks.\n\n## The story at a glance\nAnthropic announced on **April 7th, 2026**, that its new AI model **Mythos** would not be released publicly because it excels at finding and exploiting security holes in software, surpassing most humans. The firm is restricting access via **Project Glasswing** to 12 founders including **Apple**, **Google**, and **Nvidia**, plus 40 more infrastructure firms. This follows recent advances in AI bug detection, prompted by worries over risks to digital systems.\n\n## Key points\n- Mythos has uncovered “**thousands**” of high- or critical-severity flaws, including zero-days in **FreeBSD** (operating system), **FFmpeg** (video library), and unfixed cloud software; details withheld until patches.\n- OpenAI responded with a closed **GPT 5.4 Cyber**, a similar hacking-focused model.\n- Testing by Britain's **AI Security Institute** showed Mythos competitive on simple tests but superior on advanced multi-step hacks.\n- AI progress is rapid: older models found nearly a fifth of **Firefox**'s 2025 high-severity bugs and a dozen in **OpenSSL** this January.\n- Cost is high—one bug hunt cost **$20,000** in compute tokens—challenging for volunteer-maintained projects like **Linux**.\n- Prompted meetings: US Treasury Secretary **Scott Bessent** with bank bosses; UK regulators similarly.\n\n## Details and context\nZero-day bugs, unknown before discovery, hide in much software because exhaustive human checks are impossible. **Jeff Williams** of **Contrast Security** notes they lurk everywhere; Mythos proves novel by finding new ones, not just training data repeats.\n\nAI bug reports were once full of false positives or trivia, but **Bruce Schneier** observes a recent shift to good quality. Still, the race matters: can fixes outpace exploits? Project Glasswing gives select firms early access to patch internet-critical code before broad AI proliferation.\n\nUnmaintained code in routers, TVs, fridges, and machines poses risks; attackers could exploit freely. Researchers see long-term defender wins via pre-publish scans, but short-term chaos as capabilities spread.\n\n## Key quotes\n- “**In the medium term I think this will be a mess... But in the long run I think it will actually be good for the defenders.**” —**Bruce Schneier**, computer-security expert.\n- “**One change I’ve noticed in the past couple of months is that a lot of these AI-generated bug reports are increasingly of good quality.**” —**Bruce Schneier**.\n\n## Why it matters\nAI models like Mythos expose flaws across operating systems, browsers, and crypto software, threatening e-commerce, finance, and infrastructure if misused. Businesses face higher patching urgency, while consumers and investors see risks in unpatched devices like routers or IoT gadgets. Watch Project Glasswing patches, AI exploit speed versus fixes, and public model releases with caution.","hashtags":["#ai","#cybersecurity","#hackers","#anthropic","#mythos"],"sources":[{"url":"https://www.economist.com/science-and-technology/2026/04/15/how-ai-hackers-will-shake-up-cyber-security","title":"Original article"}],"viewCount":5,"publishedAt":"2026-04-16T15:49:37.923Z","createdAt":"2026-04-16T15:49:37.923Z","articlePublishedAt":"2026-04-15T00:00:00.000Z"}