Analysis: The biggest takeaway from the AI debate is about what happens when it becomes deeply embedded within both sides of the cybersecurity equation
For years, one of the biggest barriers to serious cybercrime was skill. Launching sophisticated attacks required technical expertise, patience, experimentation, and often highly specialised knowledge. While ransomware gangs and cybercrime-as-a-service platforms lowered the barrier somewhat, there was still usually a meaningful gap between the average criminal and a highly capable cyber operator.
That assumption is now being questioned. In recent weeks, growing attention has focused on Claude Mythos, an advanced artificial intelligence model developed by Anthropic under an initiative called Project Glasswing.
Unlike ordinary chatbots designed for general conversation, Mythos was built with exceptionally strong coding, reasoning, and cybersecurity capabilities. According to Anthropic, the system demonstrated an ability to identify and exploit software vulnerabilities at a level that raised sufficient concern for the company to restrict public access to it.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
From RTÉ Radio 1's Behind the Story, the highs and lows of AI in 2025
This is a distinct change from the traditional paradigm of cybercrime whereby it has always been shaped by economics. Attackers look for ways to reduce effort, increase scale, automate workflows, and maximise impact. AI potentially changes all four at once. The fear surrounding Claude Mythos is not simply that AI can now write phishing emails or generate malicious code snippets. Those capabilities already exist across many mainstream models. What makes Mythos different is the suggestion that AI systems may increasingly move beyond assisting cyber activity and begin accelerating the entire vulnerability discovery process itself.
Anthropic claims that Mythos Preview can help identify weaknesses across critical software infrastructure, operating systems, and browsers. Reports from the Financial Times suggest regulators, governments, and financial institutions are already assessing what this could mean for cybersecurity resilience, particularly in sectors that depend on ageing and highly interconnected digital systems.
Reuters similarly reported that banks across Asia have begun reassessing their AI and cyber governance strategies in response to concerns over advanced AI-enabled threats. At first glance, this may sound abstract or even exaggerated. Cybersecurity headlines often drift toward dystopian language. But beneath the hype is a more important and practical issue: AI could fundamentally compress the time between finding a vulnerability and exploiting it.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
From RTÉ Radio 1's Today with David McCullagh, should Europe wean itself off US tech?
Conventionally, discovering serious software weaknesses required highly skilled security researchers painstakingly examining code, testing systems, and experimenting with possible attack paths. Even when vulnerabilities were discovered, turning them into reliable attacks often required additional expertise. This process created friction. It slowed things down. AI has changed that equation.
Imagine giving a system the ability to examine enormous volumes of software code at machine speed, continuously test different attack possibilities, identify weak points, explain them, and potentially even suggest or automate exploitation paths. Suddenly, cybercrime becomes less constrained by human labour and more constrained by access to computing power. That is why discussions around Mythos have generated such unease in cybersecurity circles.
The concern is not necessarily that AI instantly creates "super hackers". Rather, it may make advanced cyber capabilities more scalable, faster, cheaper, and more accessible than before. This is especially worrying because modern organisations already struggle to keep pace with cybersecurity. Many breaches do not happen because defenders are incompetent. They happen because digital environments are extraordinarily complex. Large organisations may rely on thousands of applications, legacy systems, cloud services, third-party vendors, software libraries, APIs, and connected devices.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
From RTÉ News, new AI model not a risk to state, says cybersecurity chief
Every additional connection creates another potential attack surface. Financial institutions are particularly exposed to this challenge. Banks operate some of the world's most complicated digital infrastructures while simultaneously managing highly valuable data and transactions. According to the Financial Times, regulators in both the UK and elsewhere have moved quickly to assess the risks posed by models like Mythos because of concerns that AI-enabled vulnerability discovery could outpace current defensive capabilities. But the implications extend far beyond banking.
Hospitals, universities, energy providers, transportation systems, telecommunications networks, and public services increasingly depend on deeply interconnected digital ecosystems. Many of these systems contain old software, partially patched vulnerabilities, and infrastructure never designed for an era of AI-assisted cyber operations. The uncomfortable reality is that organisations are already struggling to manage today’s threat landscape. AI may accelerate it further.
At the same time, it is important not to misunderstand the situation. Claude Mythos is not some rogue "evil AI". In fact, Anthropic’s own framing positions the technology primarily as a defensive cybersecurity tool intended to help trusted partners identify and fix vulnerabilities before malicious actors can exploit them. This is the central paradox at the heart of the debate. The exact same capability that helps defenders locate hidden weaknesses could also help attackers find them faster.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
From RTÉ Radio's Behind hte Story, how the risk of cyberthreats is increasing
This is what cybersecurity experts call a dual-use problem. Many technologies have both beneficial and harmful applications. Encryption protects privacy but can also conceal criminal communications. Drones assist emergency response but can also be weaponised. AI-driven cyber tools follow the same pattern. Some experts have also urged caution around the current wave of Mythos coverage.
The Guardian noted that many successful cyberattacks still rely on remarkably ordinary failures such as weak passwords, unpatched systems, poor authentication practices, or social engineering attacks rather than highly sophisticated AI-generated exploits. In other words, organisations do not need to wait for science-fiction cyberattacks to suffer serious breaches. AI may accelerate cyber risk, but many organisations are still failing at the basics.
Yet even if some of the claims around Mythos prove overstated, the broader trend is becoming difficult to ignore. AI systems are steadily becoming more capable at coding, reasoning, automation, and long-running agentic tasks. As those capabilities improve, it becomes increasingly plausible that AI will assist with vulnerability discovery, penetration testing, exploit development, malware modification, phishing personalisation, and reconnaissance activities.
We need your consent to load this rte-player contentWe use rte-player to manage extra content that can set cookies on your device and collect data about your activity. Please review their details and accept them to load the content.Manage Preferences
From RTÉ Radio 1's Drivetime, cyberattack on the medical technology company Stryker
Cybercrime has always evolved alongside technology. Criminals adapted to online banking, cryptocurrency, social media, cloud computing, and smartphones. AI is unlikely to be any different. The more interesting question is whether we are approaching a moment where cybercrime changes from primarily being a skills problem into more of a scale problem.
Historically, sophisticated cyber operations required relatively small groups of highly capable actors. AI potentially alters that balance by allowing fewer people to do more, faster. An attacker no longer needs to manually probe thousands of systems one by one if AI can automate parts of that workflow. Even modest improvements in efficiency could significantly increase the scale and frequency of attacks.
That possibility is forcing governments, regulators, and companies into uncomfortable territory. How do you regulate systems that are useful for defence but potentially dangerous if leaked, stolen, replicated, or misused? How do organisations prepare for threats that may evolve faster than traditional patching cycles and governance structures?
Perhaps the biggest lesson from the Claude Mythos debate is not about one specific model at all. It is about what happens when artificial intelligence becomes deeply embedded within both sides of the cybersecurity equation.
Those questions are no longer theoretical. Reports have already emerged suggesting Anthropic investigated possible unauthorised access to Mythos through a third-party vendor environment. Whether or not those incidents prove significant, they highlight another uncomfortable reality: if an AI system is considered too dangerous for general release, securing access to it becomes a cybersecurity problem in itself.
Perhaps the biggest lesson from the Claude Mythos debate is not about one specific model at all. It is about what happens when artificial intelligence becomes deeply embedded within both sides of the cybersecurity equation.
For years, cybersecurity has largely been a race between attackers and defenders. AI may not end that race. But it could dramatically increase the speed at which it is run.
Follow RTÉ Brainstorm on WhatsApp and Instagram for more stories and updates
The views expressed here are those of the author and do not represent or reflect the views of RTÉ
