Imagine a burglar lurking in your neighborhood, targeting you and your family. He has superhuman powers; he can analyze every house on your block simultaneously. He is also tireless. He never eats, never blinks, never has to get up to go to the bathroom. He can constantly surveil you and your community for weaknesses.
By the time you’ve double-checked your front door lock, he’s already downstairs prying open a window in your basement you forgot to latch. He'll be in your house before you can say “whoopsie.”
Naturally, if you knew that a burglar was stalking you and your neighbors, you‘d never sleep well. You’d be on eggshells, knowing that the burglar would expose any vulnerabilities.
Unfortunately, this is what artificial intelligence (AI) is about to do with computer security, and the people sounding the alarm aren’t Luddites or tin-foil hat-wearing conspiracy theorists, but the engineers who built the models themselves. That’s right: the companies making the AI are most frightened of it. And that, frankly, frightens me.
I work in cybersecurity and generally hear the news before it hits the wire, but the data recently published by Anthropic caught me off guard. In my career, I’m proud to have co-invented nine advanced cryptographic patents (issued or pending) that power quantum-resistant encryption and next-generation security systems. That’s why I’m going to break down the current threat in the form of a June 9 detailed report publicly released by Anthropic, one of the world’s top AI companies.
The report from Anthropic introduced their new Claude models, “Mythos 5” and “Fable 5.” Below is one of several descriptive charts from the report, which illustrates how powerful the new models are relative to the previous Claude model, Opus 4.8, as well as to OpenAI’s GPT 5.5 and Google’s Gemini 3.1 Pro.
One thing the new models do well is software engineering and coding. Agentic coding in OpenAI’s GPT 5.5 model ranks at 5.7 percent effectiveness, compared to Mythos 5’s 29.8 percent and Fable 5’s 29.8 percent, an unprecedented and astounding jump.
In plain language, in early testing, Fable 5 was tracked by Stripe’s payment services platform to compress months of engineering into just days. In another 50-million-line “Ruby” codebase, Fable 5 performed a codebase-wide migration in a day that would otherwise have taken a whole team over two months by hand, according to Anthropic.
More notable is the jump in cybersecurity capabilities, also illustrated in the chart above. The new Mythos and Fable 5 models show a full 2.3 times increase in capabilities over OpenAI’s GPT 5.5 and nearly double the capabilities of Claude’s previous Opus 4.8 model. Anthropic’s new models are remarkably good at finding and exploiting software vulnerabilities.
At the water cooler in my industry, we read the “remarkably good” part to mean something more akin to “good as in give them a known-but-unpatched flaw, and they'll turn it into a working cyber weapon in hours?”
That’s not good. That’s terrifying. And Anthropic’s not shying away from the conversation.
But neither is the “Five Eyes” intelligence alliance of the United States, United Kingdom, Canada, Australia, and New Zealand. Together, Five Eyes just released a joint advisory warning that these frontier AI models will radically alter how offensive hacking is conducted in “months, not years.”
When the spies and the engineers agree that something’s coming, you pay attention. The threat posed by Anthropic doesn’t have to do with them having created smarter models or attacks, but models capable of attacking faster.
- Recon (scanning and mapping targets)
- Code auditing (identifying weaknesses in code)
- Fuzzing (identifying vulnerabilities in software by throwing random junk inputs at it)
- Exploit Chaining: turning numerous small vulnerabilities into one big breach
Agentic Hacking
You’re going to hear the term “agentic hacking” a lot in the coming weeks. It basically means that AI will find a flaw and execute every step to find targets, move around inside their systems, and extract the valuable data it wants to steal. Barely any humans are needed at the wheel to steer the agentic ship.My friend brought this up at her local county commissioners’ meeting, stating, “We'll need to make sure our systems are thoroughly protected.” The director responded, “There’s no way a hacker could get into our systems. The important documents we store are on drives that aren’t even connected to the internet.”
Not so fast.
An “air-gapped” network, one in which data is stored offline, removes the internet as a direct path to hacking, but doesn’t remove the risk entirely. Rather, these systems remain vulnerable due to software or firmware updates, hardware and chips, USB drives and removable media that import or export data across the “air gap,” and, frankly, the integrity of the people operating the systems. The famous cyber weapon Stuxnet, which wrecked Iran’s nuclear centrifuges, crossed an air gap; no AI was even involved, and this was more than a decade ago.
Today, AI analyzes targets, code, and vulnerabilities in ways that make the air gap even easier to cross. The threat is almost inconceivable. Hackers are thrilled. Anthropic seems only to care about stock prices. This technology is definitely making the world less smart and less safe.
You aren’t going to be bulletproof, but you must understand the economics of offense and take yourself out of the line of sight. Your best defensive position is to become less discoverable. Shrink attack services, remove the standing credentials and certificate infrastructure that a hacker can target, and keep key material off the wire.
- Reducing attack surface
- Patching faster
- Isolating legacy systems
- And tightening identity



