The UK government has warned businesses that rapidly advancing AI models are now capable of identifying and exploiting software vulnerabilities at unprecedented speed and scale.
The warning follows testing by the UK’s AI Security Institute, which found Anthropic’s latest frontier model, Mythos, to be “substantially more capable at cyber offence than any model previously assessed.” The model is linked to Anthropic’s wider ‘Project Glasswing’ initiative.
Officials say AI capability is doubling roughly every four months, accelerating the urgency for organisations to adapt.
Sawan Joshi, Chief Information Security Officer, FDM Group said: “AI capabilities are accelerating faster than ever, and it comes with a price of amplified security risks. These days, traditional cybersecurity skills and methods are not enough to protect software from threats. Government and organisations must invest in their operational budgets to ensure modern tooling can be implemented to address this new and rapidly evolving threat landscape.
“To address such risks, technology needs to be simple to implement and easier to disconnect as technology needs will change in this area. But all this is powerless and a ballooning OPEX risk if the minds behind cybersecurity investments inside organisations are not up to date with education and awareness of their subject matter.
“There is a growing trend in productivity champions in organisations desiring to connect OpenClaw and similar to their computers by giving direct access to the filesystems. This can increase people’s capability to produce more work, but the computers are also the gateway to access systems, networks and integrations based on users’ access levels. Protection in this area needs different technology than was required for AI threats last year.”
Stuart Harvey, CEO of Datactics commented: “The real shift isn’t just that AI can find vulnerabilities faster, it’s that it lowers the barrier to entry for offensive capability while simultaneously overwhelming traditional defensive models. UK businesses are struggling with consistent, good quality data and AI is amplifying existing weaknesses. If your data is messy or poorly governed, AI-driven attacks simply exploit this faster.
“The bigger issue is that many UK businesses still treat cybersecurity as a compliance task rather than a core part of their data architecture and static audits won’t keep up. This isn’t just a cyber problem, but rather it’s a data and systems design issue. Businesses need continuous monitoring and modern, well-structured systems, not just awareness.”
In an open letter, Business Secretary Liz Kendall said the cyber threat landscape is shifting away from small numbers of highly skilled attackers toward AI-enabled systems capable of automating hacking techniques once requiring elite expertise.
While the National Cyber Security Centre and DSIT are expanding national cyber guidance and resilience programmes, the government stressed that business leadership engagement is now critical.
Kendall urged boards to actively oversee cyber risk, adopt frameworks such as the Cyber Governance Code of Practice, and ensure incident response planning is in place.
