RSS

Assume You Will Be Hacked

paulpauper1 pts0 comments

Nothing on the Internet Is Secure Anymore - The Atlantic

Late last month, I began to consider withdrawing some money from my savings account to buy gold. It’s the first time I’ve ever thought about panic-buying. For all of the firewalls and two-factor-authentication codes, the safety of the internet is starting to falter. Hackers are gaining the upper hand over organizations around the world—hospitals, energy grids, government agencies, and, yes, banks.

As AI tools have become extremely good at writing code, they’ve also become extremely good at pulling off cyberattacks. (Malware, after all, is still software.) The result has been a change in the scale, speed, and sophistication of hacks that is difficult to overstate: Among its tens of thousands of clients, the cybersecurity firm Palo Alto Networks identified a fourfold increase in daily attacks from 2024 to 2025. Hackers are developing AI-enhanced computer viruses that adapt on the fly to avoid detection. They are automating cyber-espionage campaigns on foreign governments. They are stealing data in minutes instead of hours. “There’s a crazy amount of offensive activity happening right now,” Alex Stamos, a former chief security officer of Yahoo and Facebook, told me. “Companies are getting hacked every single day.”

If the NSA is perturbed by the rise in cyberattacks, which it apparently is, then surely my savings are vulnerable. There could be any number of weaknesses in my bank’s IT systems to directly hack. Or perhaps an AI-written phishing email targeted at an employee, personalized to sound like a family member or manager, could let hackers into the back end to empty my coffers. Even if the bank has great cybersecurity, an attack on another business—a medical clinic I visited, a car-rental company, a newsletter subscription—could steal my payment information and, potentially, much more. The attack angles are seemingly infinite. And no one is adequately prepared.

The term software engineering has always been an insult to the level of rigor demanded of mechanical, civic, and other engineers. Computer programs can be riddled with vulnerabilities and run just fine for years or decades—and much of the software underlying the web has done just that. “We’ve just been writing software in a totally slapdash and insecure way for decades now,” Stamos, who is now the chief security officer at the AI-coding company Corridor, said. With some small, high-stakes exceptions—such as software used on the International Space Station or nuclear submarines—code is written and deployed without much rigorous testing. If a bug is reported, it gets patched.

Such a relaxed security posture has been more or less fine because discovering vulnerabilities is hard and skilled hackers are few in number: Either nobody found the bugs or nobody was able to exploit them. But traditional cybersecurity methods don’t cut it anymore. Before, you might scramble for a week to patch a hole, Giovanni Vigna, a cybersecurity expert at UC Santa Barbara, told me. “Now you could have hundreds of those every week.” Moody’s Ratings has found that the time attackers take to exploit a publicly known vulnerability (the digital equivalent of a robber plotting how to get around a bank’s guards and cameras after obtaining a key) fell from more than 700 days in 2020 to just 44 days in 2025—faster than the average time cybersecurity teams take to patch the bug.

Governments and major companies are on high alert for AI-enabled cyberwarfare. The wake-up call came this spring, with the announcement of two extremely advanced cyber models—Claude Mythos Preview from Anthropic, and the analogous GPT-5.5-Cyber from OpenAI soon after. Many independent cybersecurity experts have told me that these models are as or nearly as skilled as elite human hackers, which is why Anthropic and OpenAI didn’t release them publicly. Instead, the AI labs have granted a small number of partner organizations and government agencies exclusive access to the unrestricted versions of these cyber models in the hopes of shoring up their IT systems. And this month, Donald Trump signed an executive order to expedite just that.

Read: Claude Mythos Is Everyone’s Problem

Organizations can guard against the coming deluge of AI-enabled hacks, most notably by using AI to detect and resolve vulnerabilities before cybercriminals can exploit them. Anthropic has itself used Claude Mythos Preview to find thousands of bugs in open-source-software packages—many of which went undetected for years or decades—that undergird much of the internet. Mozilla used Mythos to fix more than 400 bugs in the Firefox web browser in April, roughly 20 times more than it fixes in a typical month. And having an AI agent monitoring for intruders 24/7 could be far more effective than periodic cybersecurity audits. If you’ve noticed more updates in your web browser, work software, and smartphone apps, it may well be because software companies are using AI to scan for...

software cybersecurity from hackers cyber mythos

Related Articles

The Newest Instagram "Exploit" Is the Goofiest I've Seen

ssiddharth34 ptsaccount attacker email instagram seen like

Apple WWDC 2026 Livestream

nextstep32 ptsapple stream video event live feed

Claude Fable 5

Philpax30 ptsfable claude mythos model models capabilities

US Government directive to suspend access to Fable 5 and Mythos 5

Dylan131224 ptsfable government anthropic jailbreak access mythos

German ruling declares Google liable for false answers in AI Overviews

ahlCVA15 ptsgoogle court search overviews content users
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.