AI-powered cyberattacks reach a "pivotal moment," experts warn

Friday 03 April 2026 - 15:50

By: Dakir Madiha

AI-powered cyberattacks reach a "pivotal moment," experts warn

The cybersecurity world is confronting a new reality: artificial intelligence has crossed a threshold that fundamentally shifts the balance between attackers and defenders. That warning emerged with force over the past two weeks, driven by a leaked Anthropic document, new data from Microsoft, and alarm signals sounded at the RSA Conference 2026 in San Francisco.

A draft blog post from Anthropic, accidentally exposed through a misconfigured storage space late last month and first reported by Fortune, revealed that the company's next AI model — called Mythos — is "currently well ahead of all other AI models in terms of cybersecurity capabilities." The document warned that Mythos "heralds an imminent wave of models capable of exploiting vulnerabilities in ways that far outpace defenders' efforts."

Anthropic is restricting early access to cyber defense-focused organizations, giving them a head start to harden their systems "against the imminent wave of AI-driven exploits," the draft stated. The company is also privately briefing government officials on the potential for large-scale cyberattacks made possible by Mythos, according to Axios.

The concern extends beyond a single company. OpenAI warned in December that its upcoming models are likely to pose a "high" cybersecurity risk — the second most severe classification in its Preparedness Framework — as models demonstrate a growing ability to operate autonomously for extended periods, facilitating brute-force attacks and complex intrusions, according to Reuters. In a report shared exclusively with Axios, OpenAI noted that its models' scores on capture-the-flag exercises had risen sharply across versions.

Microsoft's security blog highlighted how AI tools are now embedded at every stage of cyberattacks, from reconnaissance to post-compromise operations. A related Microsoft analysis found that generative AI produces phishing click-through rates 450 percent higher than traditional campaigns, while industrialized adversary-in-the-middle attack kits such as Tycoon2FA — linked to roughly 100,000 compromised organizations — have scaled phishing to tens of millions of messages per month.

At the RSAC 2026 conference, which concluded on March 26, the SANS Institute warned that AI systems can now "identify vulnerabilities and generate exploits at scale, potentially producing hundreds of zero-day exploits per week." Microsoft data presented at the conference showed that the time between an attacker's initial access and data exfiltration has fallen from eight hours in 2022 to 22 seconds in 2025.

Shlomo Kramer, founder and CEO of Cato Networks and a co-founder of Check Point Software, described the moment in unambiguous terms. "Agentic attackers are coming," Kramer told CNN. "This is a pivotal event in the history of cybersecurity."

The threat is already materializing. In January, a Russian-speaking cybercriminal used multiple AI tools — including Anthropic's Claude and China-developed DeepSeek — to compromise more than 600 devices running a widely used firewall across 55 countries, despite limited technical skills, according to Amazon Web Services security research cited by CNN. In February, a hacker used Claude in a series of attacks against Mexican government entities, resulting in the theft of sensitive tax and electoral data, Bloomberg reported.

"AI gives hackers of all skill levels superpowers by simplifying the technical knowledge needed to exploit systems," said Eyal Sela, threat researcher at Gambit Security.