Dystopian Warning from Renowned Cyber Threat Researcher

In the decade I spent working at cybersecurity giants like Fortinet and Check Point Software, I witnessed the industry evolve quite a bit - from the Intrusion Detection era to a period dominated by machine-level threat intelligence and then the cloud, and finally, because of COVID-19, the zero-trust revolution. In each case, new threat vectors led security practitioners to catastrophize various doomsday scenarios.

But nothing has invoked so much debate within the industry as the Artificial Intelligence revolution. LLMs developed specifically for identifying software vulnerabilities, such as Anthropic’s Claude Mythos, have proven so adept at finding exploitable vulnerabilities that central bankers and governments around the world have been scrambling to figure out how to prevent this technology from getting into the wrong hands.

About a month after Claude Mythos’ April release to a short list of trusted partners (Project Glasswing), it autonomously created a way for attackers to forge bank websites that were indistinguishable from authentic ones.

On June 6th, Anthropic released a highly restrictive version of Mythos to the general public, called Fable 5, fortified with guardrails to prevent misuse. The Trump administration, previously known for deregulating AI, instituted an export control directive on June 13th, ordering Anthropic to suspend Mythos 5 and Fable 5, citing national security concerns after a narrow, “rather innocuous”, non-universal jailbreak was identified.

It’s no secret that the Trump administration has a much stronger affinity for Sam Altman and OpenAI, whose competing product, Daybreak, is generally less restrictive than Mythos. Beyond that, there is already a thriving open-source market for similar LLMs, which are available to everyone – including bad actors.

I interviewed renowned cyber threat researcher and founder and CEO of LogSeam, Daniel Wiley, and Albert Evans, the Director of Cybersecurity at the massive multinational IT Services firm, Tata Consultancy Services, to better understand how the industry is racing to stay ahead in this new frontier.

Asked whether we are amid an AI vs AI arms race, Evans told me, “That makes it sound like a fair fight between two machines. It is not. The attacker runs without compliance, lawyers, or business obligations, while the defender must do everything right while operating a business. It is not that it makes elite attackers more capable, but that it makes average attackers far more sophisticated and dangerous.”

Wiley pushed back on the idea that AI has created a new attack vector. “We need to stop with the theatrics. This is one point in time. Do we need to adapt? Yes. Just like we have done 500 other times. The same fundamental security architecture principles still apply. It’s just that threat intelligence is changing from a data-gathering problem to a data-context problem. Humans need to focus on what is important to ensure controls are in place fast enough to manage AI threats.”

However, he did add a dystopian warning: “If we place too much trust in AI, eventually, there will be new AI attack vectors, more physical than logical, which worries me greatly. Imagine a fleet of 10,000 robots released into the community with the real ability to cause harm.”

One of the big structural issues, Albert Evans pointed out, was that “AI capability is advancing on a monthly timeline. Policy, procurement, and control implementation, on the other hand, follow quarterly or annual timelines.”

On Claude Mythos, Evans continued, “There must be valid national security reasons to restrict access to frontier capabilities. We cannot slow defenders more than attackers. AI is dual use. If policy blocks responsible defensive use while adversaries keep moving, we have made the country less safe. Cybersecurity is a national resilience issue.”

Tyler Kania is an Independent Journalist and 2025 IAN Book of the Year Finalist.