AI Can Now Hack. Here’s What You Actually Need to Do About It.

Co-authored by Andy Hunt, Cyber Security Principal Architect

The announcement of Claude Mythos Preview has generated a wave of headlines about AI-powered cyberattacks and the end of software security as we know it. Some of it is warranted. Most of it isn’t useful.

Mythos alone is not the issue. It is the signal that AI-augmented attacks are coming and will only get better.

For years, identity has been the primary way attackers get in. Phishing, credential theft, weak authentication. Attackers favoured that route because exploiting software vulnerabilities at scale required skills most criminal groups don’t have.

That balance has shifted.

Claude Mythos Preview, Anthropic’s new AI model, is the first AI to complete an end-to-end simulated corporate network attack, independently verified by the UK Government’s AI Security Institute. But there’s a caveat. Testing was conducted against undefended environments with no active monitoring, no defensive tooling and no penalties for triggering alerts. How it performs against a well-defended organisation remains untested.

This doesn’t mean identity risk has gone away. But vulnerability exploitation has now become an equally viable route in, accessible to lower-skilled attackers who previously couldn’t execute it. Those attackers are in the ransomware business. For most organisations, that means ransomware now has a new and more technically capable route to your door.

Running AI-augmented attacks at this level currently requires access to Mythos Preview, which Anthropic has restricted to a vetted group. That access barrier is the primary constraint right now, not cost. At an estimated low thousands of dollars per attempt, and with a median ransomware payment of $1 million in 2025, the economics are straightforward. A single successful attack returns hundreds of times what it cost to run. The barrier is temporary.

The question isn’t whether this affects your organisation. It’s whether you’re ready.

1. Reduce Your External Exposure

An AI-augmented attacker will systematically map your internet-facing assets, including every exposed service, every unpatched system and every misconfiguration, faster and more thoroughly than any human attacker could. You need to do the same, and then act on it.

Attack Surface Management gives you that visibility. But the goal is not the inventory. It’s closing down what you find. Prioritise by risk and reduce your exposed surface. This is the most immediate action you can take.

2. Accelerate Your Patching

The headlines focus on zero-day discovery, previously unknown vulnerabilities for which no patch exists. That capability is real, but for most organisations it isn’t the most actionable risk. You can’t patch a zero-day. What you can do is clear your existing backlog of known vulnerabilities. That’s what AI-augmented attackers are also exploiting, and they’re doing it faster and chaining vulnerabilities together more effectively than before.

The time between a vulnerability becoming known and being exploited has shrunk dramatically. Everyone needs to patch more regularly and more consistently. Start with internet-facing systems, where the exposure is greatest, and automate where you can.

This isn’t just our advice. Cyber Essentials now requires high-severity vulnerabilities on internet-facing systems to be patched within 14 days. Standards like PCI DSS are moving in the same direction. The regulatory floor is rising to meet the threat.

3. Segregate Your Environment: Start With Legacy

Network segmentation limits how far an attacker can move once they’re in. The principle is straightforward. Separate internet-facing systems from internal infrastructure, and legacy systems from modern ones. Legacy systems carry the highest concentration of long-standing vulnerabilities and are typically the hardest to patch quickly. Keeping them isolated protects your modern environment and limits what an attacker can reach from a compromised legacy system. If you have the capability to monitor traffic between those zones, do it. If not, segmentation alone still significantly limits the damage an attacker can cause.

Proper network segmentation also unlocks Cyber Essentials, which is something many organisations have written off. Legacy systems that can’t meet the standard can be excluded from scope if they’re properly segmented, making certification achievable for networks that previously seemed too complex. Cyber Essentials maps directly onto the controls that defend against this type of threat. If you don’t hold it, get it. If you do, make sure it’s current.

The government’s own testing was conducted against undefended environments. Nobody has yet tested how Mythos performs against an organisation that has its fundamentals in place. What we do know is that patching, segmentation and reducing your exposed surface directly degrade the attack techniques Mythos relies on.

The organisations that weather this best won’t be those that react fastest. They’ll be the ones that built good security habits in from the start and kept them up.

It’s the urgency that has changed. The advice hasn’t. If you haven’t yet addressed these fundamentals, now is the time to start.

Project Glasswing — Anthropic’s responsible disclosure initiative, and the source of the Mythos capability findings referenced in this article

OWASP AI Exchange — A practical, continuously updated resource on AI security threats and controls, maintained by the open source security community

NCSC Cyber Essentials — The UK government’s baseline certification scheme, directly relevant to the controls discussed above

MITRE ATLAS — A knowledge base of adversary tactics and techniques targeting AI systems