Preparedness can’t wait: AI pushes cybersecurity into a new era
Anthropic’s reported ability to identify and patch thousands of high-severity software vulnerabilities have shaken not only the technology sector, but also banking and finance. As a result, it has generated unparalleled anxiety among top-level policymakers.
The company’s latest advanced model, Claude Mythos, has been shown to be able to identify software bugs that had survived decades of routine review and professional code auditing. In one case, it flagged a 27-year-old flaw during a security audit demonstration. These developments helped push concerns about advanced artificial intelligence (AI) capabilities to the forefront of this year’s International Monetary Fund (IMF) and World Bank spring meetings.
A race against time has begun. Political and economic elite are increasingly aware that existing cybersecurity frameworks are ill-equipped for systems with this level of capability. The situation has clear parallels with how drones have transformed conventional warfare, lowering the cost threshold for high-impact attacks. Within months, access to frontier AI models is likely become much wider. This could lead to a surge of vulnerability reports, making the rapid and decisive patching of software weaknesses a central priority. Companies and public institutions must shift now towards a new cybersecurity posture, with stronger patch management, well-functioning incidence response and effective monitoring as the new normal.
Frontier AI models should be treated as a wake-up call. The question is no longer whether they will transform cybersecurity. It is whether institutions can adapt quickly enough to use them defensively in the face of new risks.
Read the full Policy Brief here.
Paweł Świeboda is Senior Visiting Fellow at the European Policy Centre and Co-Founder of the Brain Capital Alliance.
The support the European Policy Centre receives for its ongoing operations, or specifically for its publications, does not constitute an endorsement of their contents, which reflect the views of the authors only. Supporters and partners cannot be held responsible for any use that may be made of the information contained therein.
