Mythos, the latest big model from US Artificial Intelligence Company Anthropic, has sparked concern among governments and companies, the Financial Times reported yesterday, it is worried that its network vulnerability mining ability may exceed the existing network security defense ability and accelerate the hacker attack. With the rise of large-scale artificial intelligence (AI) models, AI can efficiently find network vulnerabilities with far greater efficiency than traditional manpower, which will have a far-reaching impact on global network offensive and defensive warfare. China is one of the countries that suffer the most cyber attacks in the world. What should China do in the face of the new challenges brought by AI to cyber security?
Infographic
The ability of large models to exploit vulnerabilities has raised global alarm
The U. S. Company released a large model earlier this month that can detect software defects faster than traditional manual methods, the report said. Mythos, the company claims, has crossed a critical threshold of being able to automatically discover and verify unknown security vulnerabilities (known as“Zero-day vulnerabilities”) in major operating systems and browsers, it also discusses how to reverse engineer vulnerabilities in closed-source software and how to convert known but unfixed vulnerabilities into actual attacks. It says it has found thousands of high-risk bugs, many of which have been undetected for 10 or 20 years.
Industry experts told the global times that in the past, it was very difficult to discover system vulnerabilities by manpower. Professional hackers with special talents have spent a long time analyzing, researching, and testing the code, the time is often measured in years, and the cost is also very high.
Anthropic has previously argued for using AI to write code much faster than human programmers. In order to ensure the reliability of the vast amount of code written by these AI, it has developed specialized large-scale models that exploit system vulnerabilities, trying to“Detect AI with AI”. But the industry recognizes that the capabilities provided by Mythos are a“Double-edged sword” that can efficiently exploit previously undetected vulnerabilities in systems, but can also dramatically lower the technological barrier to cyberattack if used maliciously, this increases the risk of system breaches, data breaches and critical infrastructure failures.
According to the Financial Times, christina Cacioppo, chief executive of Vanta, a cyber security and compliance automation platform, said: “The frequency and complexity of cyber attacks brought about by the AI big model is already increasing, and most companies are not ready to deal with the risks because they are still using outdated methods that can not compete with the speed of AI-driven attacks.” There was an 89% increase in AI-driven attacks in 2025 compared to the same period in 2024.
The risks are well known within Anthropic. Logan Graham, who runs Anthropic’s cutting-edge red team testing lab models, said: “Mythos could be used to exploit vulnerabilities in a rapid and automated manner that most organisations around the world, including the most technologically advanced, are unable to fix in time.”
Governments are also aware of the risks of exploiting vulnerabilities in AI’s big models. Recently, United States Secretary of the Treasury Scott Besant and Federal Reserve Chairman Jay Powell convened some of the largest banks in the United States to discuss the cyber threat posed by the Mythos model. Kanishka Narayan, UK head of Artificial Intelligence, told the financial times that“We should be worried” about the model’s capabilities. Joachim Nagel, president of the Bundesbank, said the Mythos model should be made available to affected institutions to ensure a level playing field.
China will need to be able to do the same
According to the New York Times, Anthropic has limited access to Mythos. The company is currently focusing on sharing the grand model with more than 40 organizations that provide technology for critical global infrastructure such as the Internet and power grids. Anthropic released a list of 11 organizations, including Amazon, Apple and Microsoft, it has pledged to help it develop security fixes for vulnerabilities discovered by the model.
South Korea’s daily economy website notes that Mythos’ ability to exploit vulnerabilities differs from the progress made by other AI, and involves national“Cyber security” issues, countries that don’t have the capacity to do so in the future will face difficulties. Anthropic’s Glasswing project, launched with 11 technology companies, provides technical support to only a handful of large US technology and finance companies, while South Korean companies are not on the list.
How should China, one of the world’s most vulnerable countries, respond to this new challenge? Chinese cyber security company 360 group has developed an AI-driven“Vulnerability mining agent”, the singapore-based Lianhe Zaobao reported Wednesday, nearly 1,000 previously unknown vulnerabilities were discovered, more than 50 of which were identified as high-risk, covering critical infrastructure software such as the Windows kernel, Microsoft Office components, OpenClaw and multiple Internet of things devices. This means that vulnerability discovery has officially entered a new stage of automated and large-scale production of agents.
Zhou Hongyi, founder of the 360 group, told the global times that there are no rules to follow when using traditional methods to find loopholes in the system. It is precisely because of the“Scarcity” of system vulnerabilities, the traditional network security confrontation model, is“The other hackers found vulnerabilities, security experts to defend against hackers. But now with the addition of the AI model, this human-to-human confrontation has become an algorithm, computing power, machine and human confrontation, making national cybersecurity face severe challenges.
Zhou said that if the attacker has the ability similar to Mythos, scanning the common code base of the attacked party, it may get hundreds of times more vulnerabilities than the original, which means that in the eyes of the attacker, in the eyes of the attacker, the defender is like a sieve, full of breakthrough points that can be attacked. In this case, the probability of a cyber attack on critical information infrastructure may have increased hundreds of times, while the difficulty of the attack has been greatly reduced. This is a game-changer. To do this, China must also develop the ability to exploit vulnerabilities in its systems using AI. Zhou Hongyi said, “We must admit that we are not as good as Anthropic in large-scale model technology, but we can make up for it through other ways.”. Anthropic is an AI company, he said, and Mythos relies entirely on the algorithmic power of large models to find vulnerabilities in its systems. The 360 Group is a security company, in the understanding of vulnerabilities, vulnerabilities of attack and defense to exploit the code and other aspects of the accumulation of more, “Vulnerability Mining Agent” combines the large model and the understanding of the programming code, as well as the vulnerability and attack and defense of the rich experience accumulated.
Eugenio Benincasa, a Senior Researcher at the Center for Security Studies at ETH Zurich, said in the research report that, artificial Intelligence (AI-RRB- is moving from an auxiliary tool to something closer to a scalable vulnerability research engine.
What’s the next step in cyber security confrontation?
How will the future cyber security confrontation develop after the addition of the AI model? Zhou Hongyi said, with the aid of AI large model to explore vulnerabilities, on the one hand, can take the initiative to tap the vulnerabilities in their own system, timely repair, prevent the use of rivals. On the other hand, when the opponent launches a large-scale cyber attack, the defender can batch produce automated operating agents through computing power, and use computing power to fight computing power, and use agents to fight agents, only in this way can we continue to maintain the balance of network security attack and defense.
Zhou Hongyi says AI model brings fundamental changes to global cyber security. In the past, it was very difficult for even a cyber power to find enough skilled personnel, which was called“Hard to find”, this makes the traditional network attack ability range, frequency, breadth are subject to the attacker’s hacker physical strength, energy constraints. But large AI models can distill a hacker’s combat experience into the expertise of an agent. As long as the support of computing power, it can copy thousands of hacker agents and attack the whole network front with the help of various vulnerabilities, which can easily become asymmetric warfare.
Therefore, the corresponding response must also adopt the idea of“Using AI against AI, using computing power against computing power”, by“Distilling” the skills of network security experts, develop a critical mass of“Cyber security agents”. “If you have cyber security agents that can be copied in batches, it’s like monkey king pulling out a hair and turning it into a lot of little monkeys, copying out a lot of professional agents to deal with every alarm. In this confrontation, professional cybersecurity experts will be freed from the repetitive work of agents to screen, analyze, and verify, while human experts will make judgments only at critical points.”
Zhou said that some people have compared the vulnerability-exploiting agent to the“Cyber nuclear weapon” in the era of AI, and we must master it to avoid the original balance of cyberspace being randomly disturbed.