Advanced AI Models and Cybersecurity: What Will Be Their Impact?

Major financial institutions are focusing on the relationship between advanced AI models and cybersecurity, which will be key in the immediate future

In recent days, there has been a surge in news coverage of a topic that will be critical in the coming years: advanced AI models and cybersecurity.

Why has this issue captured media attention? In early April, Anthropic unveiled the Glasswing project, which involves some of the leading U.S. tech companies (Amazon, Google, Microsoft, NVIDIA…). These organisations have already gained access to Claude Mythos Preview, the company’s new frontier AI, to detect vulnerabilities and patch them before they are made public.

Indeed, the ability of advanced AI models to detect vulnerabilities and develop exploits to successfully exploit them lies at the heart of the debate on advanced AI models and cybersecurity.

During the presentation of the Glasswing project, it was stated that Mythos had already been used to identify thousands of zero-day vulnerabilities—some of them critical—in the world’s leading operating systems and web browsers.

A few weeks later, the European Central Bank (ECB) warned that new AI models about to hit the market, such as Mythos or ChatGPT 5.5, could expose vulnerabilities in corporate systems and thus facilitate successful attacks against critical sectors, including the financial sector.

A few days later, the International Monetary Fund (IMF) also noted that advanced AI models will enhance current cyberattack techniques by enabling them to be executed automatically and at AI-like speed. Furthermore, the IMF notes that cybercriminals have a significant advantage over companies’ defensive teams and systems: thanks to AI, discovering and exploiting vulnerabilities can be done much more quickly than patching and mitigating them.

This news has sparked a debate within the cybersecurity sector, as well as among the general public and the business community, regarding the relationship between advanced AI models and cybersecurity.

What are advanced, cutting-edge, or frontier AI models?

Essentially, they are the new generation of AI models, capable of extraordinarily advanced reasoning in complex contexts and acting autonomously without the need for constant human supervision.

All of this is possible because their ability to handle vast amounts of data and perform calculations is significantly superior to that of previous LLM models.

Thus, at the intersection of advanced AI models and cybersecurity, these models can identify software vulnerabilities at scale and in a short time, facilitate their exploitation, and strengthen malicious techniques throughout the entire Cyber Kill Chain of an attack, from reconnaissance to evasion and concealment.

In fact, Palo Alto, one of the companies that has had access to Claude Mythos Preview, has announced that three weeks of working with this AI model have been equivalent to a full year of pentesting, with broader coverage.

Meanwhile, the UK’s AI Security Institute (AISI) tested this AI model and concluded it was capable of autonomously executing 32-phase attacks against vulnerable systems with weak defence mechanisms. However, the AISI noted that it could not confirm that advanced AI models are (for now) capable of executing attacks against well-defended systems without human intervention.

Why have the ECB and the IMF placed the combination of advanced AI models and cybersecurity at the centre of public debate?

Given what we have just noted, attention has focused primarily on the fact that advanced AI models can detect vulnerabilities in software that have gone undetected for years by cybersecurity experts and automated tools.

Thus, both the ECB and the IMF have highlighted the risk to the stability of the global financial system posed by the possibility that malicious actors could use cutting-edge AI models to identify and exploit zero-day vulnerabilities within extremely short timeframes.

To this, we must add that the use of advanced AI models lowers the technical barrier that malicious actors must overcome to carry out attacks sophisticated and complex enough to succeed.

In this regard, the IMF notes that:

1. The risks are systemic, and attacks are more dangerous because the identification and exploitation of vulnerabilities can escalate rapidly.
2. The risks affect not only the financial sector but also other critical sectors with digital infrastructures that are just as complex and essential to society as a whole and the productive fabric as those of the energy or telecommunications sectors.
3. Organisations rely on a small number of providers of digital assets such as software, cloud services, and AI models. If edge AI is used to identify vulnerabilities in widely used providers, the impact of an attack could be massive, spreading across multiple sectors and countries.
4. With regard to the financial sector, public authorities and companies must be prepared to absorb security incidents that could affect multiple organisations simultaneously without undermining confidence in the financial system or causing disruptions to payment services or a massive sell-off of shares.

In which sectors will the relationship between advanced AI models and cybersecurity be critical?

As we have just noted, although the focus has been on the financial sector—due to its central role in our societies—the debate on advanced AI models and cybersecurity extends to all economic sectors, particularly critical or fully digitised sectors.

In this regard, the IMF emphasises public administration, energy, and telecommunications, but we can broaden the focus to all high-criticality or critical sectors as defined in the NIS2 Directive, which aims to increase their cyber resilience. We are talking about areas such as defence, the aerospace industry, transportation, healthcare, water management, and security.

Therefore, all public and private organisations operating in critical sectors need to adapt their cybersecurity strategies to the new landscape created by advanced AI models.

Some experts suggest that there will be a shift from the current scenario—in which malicious actors already carry out AI-assisted attacks—to a future in which AI agents can launch simultaneous attacks across multiple systems and networks without human intervention.

Can new AI models enhance the level of protection for businesses?

The relationship between advanced AI models and cybersecurity should not be viewed solely in a negative light.

In fact, the IMF not only warned of the risks companies face from malicious actors’ use of frontier AI models, but also highlighted opportunities to enhance the security of corporate software.

Thus, it is already evident that AI models help create more secure code and detect and patch any vulnerabilities during the software development phase.

As a result, cutting-edge AI models can help reduce the cyber exposure of companies and institutions.

Furthermore, advanced AI models are also poised to play a key role in detecting and mitigating vulnerabilities throughout the software lifecycle, preventing increasingly sophisticated AI-enabled fraud, and responding to incidents.

Although AI has enhanced offensive capabilities more significantly than defensive ones for now, this technology is already being used to strengthen the security posture of digital infrastructures and will be decisive in the coming years.

How to Prepare for the Next Phase of the AI Revolution: Proactivity and Resilience Are Key

If there’s one thing we can be certain of regarding advanced AI models and cybersecurity, it’s that we are facing a paradigm shift and that companies cannot afford to take a passive approach.

Major financial institutions and the cybersecurity sector are warning about the current and future impact of AI on cyberattacks.

Companies need to have proactive cybersecurity strategies and access to advanced cybersecurity services:

1. Vulnerability management. Since AI accelerates and scales up malicious actors’ ability to identify and exploit vulnerabilities, companies must optimise their vulnerability management to the fullest extent to prevent serious security incidents. AI systems are also set to become essential in accelerating the process of addressing vulnerabilities.
2. Threat Intelligence. Given the use of edge AI models by malicious actors, it is essential to have a targeted threat intelligence service to thoroughly assess the risks an organisation faces and, thereby, strengthen its cyber defences and safeguard its critical assets and functions.
3. Red Team. Red Team exercises play a key role in improving organisations’ cyber resilience and ensuring they maintain a sufficiently robust security posture. Cybersecurity experts simulate real-world attacks to test the resilience of an infrastructure and optimise mechanisms for monitoring, detecting, and responding to security incidents.
4. MDR Services. The debate surrounding the combination of advanced AI models and cybersecurity highlights that more malicious actors will be able to launch increasingly complex attacks in less time. This requires organisations to have managed detection and response solutions that proactively search for threats and can respond to any incident from the very first minute. Employing a proactive, continuous approach to threat detection is essential for identifying suspicious activity even when no alerts have been triggered, thereby enabling organisations to act to contain and eradicate it before it causes serious damage to the company.

In short, malicious actors are already using AI systems to identify vulnerabilities, develop exploits, and refine their techniques to gain access to corporate infrastructures, persist within them, perform lateral movement, escalate privileges, and evade detection and response mechanisms.

The emergence of cutting-edge AI models will further enhance cybercriminals’ offensive capabilities. As a result, organisations must rethink their cybersecurity strategies, focusing on proactivity and improving their resilience.

The relation of advanced AI models and cybersecurity will shape the coming years and will prove essential not only for companies but also for institutions and society as a whole.