Claude Mythos like AI may put ethical hackers out of work, champion hacker warns
Anthropic's Mythos AI is finding serious software flaws and prompting concern among ethical hackers. Researchers say human expertise still matters, but the tool could change bug hunting and who gets access first.
When Anthropic launched Mythos Preview, the company said the AI system had already discovered thousands of high-severity vulnerabilities, including some affecting every major operating system and web browser. Later, Mozilla also revealed that Mythos Preview helped identify 271 bugs in the Firefox browser. But it now appears that Mythos may be capable of doing more than just finding software vulnerabilities. It could even threaten the careers of some ethical hackers.
Valentina Palmiotti, better known online as “Chompie,” is one of the best-known ethical hackers in the cybersecurity world. Her job involves finding weaknesses in online systems before cybercriminals can exploit them. She was also the most successful individual competitor at the annual Pwn2Own hacking competition in Berlin.
But despite her success, Chompie believes her days of ethical hacking could eventually be numbered because of AI tools like Claude Mythos.
For now, she says AI tools are helping her win bug bounty competitions faster. But in the future, humans may struggle to compete with increasingly powerful AI systems.
Why Mythos is causing concern
Anthropic claims the model has identified around 1,600 vulnerabilities across hundreds of software programs. According to the company, the system is so powerful and potentially dangerous that it is currently being released only to a limited number of governments and cybersecurity institutions.
The fear is simple: if an AI system can rapidly find vulnerabilities, it could help defenders fix problems faster while leaving little room for human ethical hackers to discover vulnerabilities in specific products.
“I think that there's going to be no room for security research or ethical hacking, but I think that a lot of the lower-hanging fruit will start to go away,” Chompie told the BBC.
AI can find bugs, but humans still matter
Even with all the hype around AI, cybersecurity researchers say humans are still essential. A cybersecurity startup called Calif recently used a preview version of Anthropic’s Mythos model to build a working exploit against Apple’s new M5 chip protections in less than a week.
The researchers said Mythos played a major role because the AI could quickly identify vulnerabilities belonging to known exploit categories. However, bypassing Apple’s newer protection systems still required significant human expertise because those defenses were entirely new.
“This is where human expertise comes in,” the researchers explained.
Another major winner at the Berlin competition, Orange Tsai, also believes AI is already changing the hacking world but humans still matter. Tsai, who has won several hacking prizes over the years, told the BBC that AI was already forcing the bar higher for hackers. However, he still hopes that human creativity and intuition will continue to uncover vulnerabilities that AI tools may miss.
The good guys need access first
Chompie believes AI tools will eventually make life harder for hackers overall — something she sees as good for internet security. But she also argues that these AI systems need to be released responsibly.
According to her, ethical hackers and cybersecurity defenders should get access to the most powerful AI tools first so they can identify and fix security holes before cybercriminals discover them.