Artificial intelligence is getting better at everything, including hacking. It’s becoming easier than ever before to steal someone’s identity, cripple sensitive banking and health care systems, or hold a company’s data ransom. And if cybersecurity defenders aren’t ready, cyber attackers will exploit AI to wreak havoc.
“The timeline is not years, it is months,” the multinational intelligence group Five Eyes warned June 22. The newest AI technology “lowers barriers for malicious actors and increases the speed and complexity of attacks.” Five Eyes is a secretive alliance dating back to World War II in which Australia, Canada, New Zealand, the United Kingdom and the United States work together to gather intelligence or respond to security threats.
Two new models, Anthropic’s Mythos 5 and OpenAI’s GPT-5.5, have each proven capable of independently planning and carrying out a full takeover of a simulated corporate network. That means a single hacker could do what once required a large team, says AI security expert Michael Alexander Riegler of Simula Research Laboratory in Oslo, Norway. These models can also find and exploit security holes in operating systems, browsers and other software at an expert level, which could leave defenders scrambling to patch vulnerabilities.
“It will be again this cat-and-mouse game of who finds the hole first, who closes it first, or who exploits it first. Just at a much higher speed than we see now.”
Michael Alexander Riegler
AI security expert
The Five Eyes warning comes on the heels of the U.S. government barring Anthropic from allowing foreign nationals access to Mythos 5 and another new model, Fable 5, citing national security concerns. Mythos 5 had been made available only for cyber defenders to help identify and fix any vulnerabilities before the tech landed in the hands of bad actors. Fable 5, a version of the same model loaded with extra safeguards geared toward preventing its misuse in cybercrime, was available to the general public for only a few days.
So are AI-fueled cyberattacks really an imminent threat? Or is this more corporate posturing and marketing hype? Science News asked Riegler about the risks and the reality. This interview has been edited for length and clarity.
SN: Are the latest AI models especially dangerous?
Riegler: In the last months, we heard a lot about Mythos and how dangerous it is. And I agree that AI has a lot of security risks. When the capability goes up for these models, the time from finding any issue to exploiting it gets really short, because you can basically automate the whole pipeline. But it’s not something really new…. [It’s] not just the latest models [that] are a security threat, but also other models that are already available. If you know how to use them, you can … do quite bad stuff.
It’s logical if you think about it. Tools like Claude Code make it much, much more efficient to code. You can automate the process. You could use several hundred [AI] agents at the same time to explore different security holes. Before, you needed to hire a group of two to three hundred hackers [for organized cybercrime]. Now you maybe just have to buy 300 GPUs [specialized computer chips used to run AI] and you can do similar things.
SN: So why all the concern about Mythos?
Riegler: I think it’s as much marketing as a real danger. If you say, “I’m sitting on something that is so dangerous, we cannot release it,” a lot of people will get really interested in that and want to be part of this group that has access…. It’s a bit of a show, and [the U.S. government and Anthropic] are focusing on the wrong problem.
SN: What is the right problem to focus on?
Riegler: AI is a huge risk for security…. But [the security risk] is not just about the model. It’s also about everything around the model. What kind of tools you provide it, if it has access to internet, if it can test its own code. So the whole system around it is also very important.
In our tests [with systems combining small AI models and various tools], we made a system that could, for example, hack your website and find security holes in your website, but also hack your network and try to find security holes there. Or it could break another AI and get it to do things it shouldn’t do. It’s quite flexible.
SN: Is there an upside to the fact that cybersecurity defenders will have access to the same tools as attackers?
Riegler: The testing of the security of your own system will be more efficient. I think, in the end, it will balance itself out. It will be again this cat-and-mouse game of who finds the hole first, who closes it first, or who exploits it first. Just at a much higher speed than we see now.
SN: What can people do to protect themselves from sophisticated AI-enabled cyberattacks?
Riegler: Be even more careful about using different passwords for different services. Have your software up to date all the time, use two-factor authentication. Everything you do that is maybe a bit bothersome, but increases security, I would recommend you to do.
SN: What about companies and public agencies?
Riegler: When I talk to security experts in different companies or the public sector, they’re still behind. Some of them are very scared, others are not at all. They have to take AI security risks seriously and not think that it’s something far in the future.
