I remember when cyber operations were confined to documents. They went into frameworks, then automated pipelines, then what we call orchestration. Each step is time constrained and reduces the expertise required. Frontier AI is starting to look to me a little more like the next step in that sequence and something different.
What seems to be dividing the frontier of AI and automation we’ve always had, from what I’ve seen so far, is less about efficiency and more about autonomy. A model that can scan and analyze an unlimited attack surface, identify vulnerabilities without predefined signatures, assist in chaining exploits and adapt to feedback feels less like improving analyst workflow and more like working with downsizing. That’s changing the economy of crime in ways that break the assumptions most security systems still tacitly rely on.
The reveal of the Mythos preview made the shift concrete. The model reportedly identified thousands of critical vulnerabilities, including those found in all major operating systems and web browsers, and tied many of the vulnerabilities to novel human-level attacks. A specific example that came to many readers was a 17-year-old remote code flaw in the FreeBSD NFS server (CVE-2026-4747), which Mythos identified and automatically exploited after a single notification. The Anthropic defense alliance united under Project Glasswing includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, with an extended reach reaching more than forty organizations responsible for critical software infrastructure, supported by approximately $100M of security work resource and additional $ 4M in the use of security work. That is not a marketing exercise. It is a coordinated response to a threat model that has already moved. The fact that the alliance is drawing antitrust scrutiny is itself a sign: This is no longer being scrutinized.
The line that stuck with me from his Anthropic write-up was that the model could attack multiple layers in vulnerable networks and find and exploit vulnerabilities independently, completing in hours what would take a human expert days. Couple that with the many boundary models from OpenAI that now operate at the “height” of the cyber security threshold under the Preparatory Framework, including a variant that allows a defender (5.4-Cyber) designed specifically for certified security teams, and the exposed incident of GTG-1002, a Chinese state-sponsored actor Claridebell in November 2013 (by segregating tasks and pretending to be a self-defense test worker at a legitimate security company online) to automate 80 to 90 percent of the work that has touched about 30 global targets and successfully broken four, and the trail stops being predictable. It is noticeable. The November 2025 GTG-1002 disclosure that has already affected regulated sectors, including financial institutions and chemical production, and AI-assisted preemption against critical infrastructure is now documented in national activity reports. A named, specified, high-impact event that will make this concrete on the board has yet to happen publicly. The pattern is no longer thought.
