Stephen Weber

Stephen Weber has never laid eyes on Mythos or OpenAI's GPT-5.4 cyber model, but he's long worried about how AI might empower malicious hackers.

Weber is a retired professor at UC Berkeley who led the Center for Long-Term Cybersecurity.

And he says if there's one thing we know today's large language models are really good at, it's coding.

Anthropic and OpenAI claim their new models are significantly more capable at detecting unknown bugs in the code that underlies everything from operating systems to web browsers.

These so-called zero-day exploits allow bad actors to access systems through backdoors nobody knew were there.

No patch exists to lock them.

And like nuclear weapons, they had been the domain of sophisticated state-level actors.

But AI is changing that.

Attacks that once took a team of specialized hackers months to research and days to execute can be done by one person in an afternoon, says John Henley, who runs offensive testing at cybersecurity firm CoalFire.

With internal AI tools less capable than the top frontier models,

He says they've breached systems in less than 10 minutes.

Already, Anthropic says it's investigating unauthorized users who gained access to the secret mythos preview.

And Henley expects open source models, many built in China, will catch up in the near future.

They'll be expecting an answer from folks like Joshua Brown.

He's been the chief information security officer at H&R Block, Omnicom, and now Spectrum Labs.

Never an easy job.

And now every two hours is not going to cut it.

Brown says the same AI tools the bad guys use will help organizations detect and patch vulnerabilities.

Most companies have chronically underinvested in cybersecurity, according to Frank Ford, a partner at the consulting firm Bain & Company.

He says companies spend on average less than 1% of revenues on cybersecurity, and many will need to double those resources.