The New Frontier of Cyber Warfare: How AI Agents Threaten Global Security
Digital espionage has a new protagonist — and it isn’t human.
In late 2025, Anthropic, one of the most influential artificial intelligence companies in the world, confirmed something many experts feared but few expected to see so soon. A group sponsored by the Chinese government used the company’s own technology to orchestrate an espionage campaign targeting roughly 30 Western targets — tech companies, financial institutions, government agencies, and critical infrastructure.
The detail that changes everything about this story? The operation was carried out with minimal human oversight. It was the first publicly recorded AI-orchestrated espionage campaign in the world — and researchers Brianna Rosen and Jam Kraprayoon, in an article published in Foreign Affairs, make it clear it won’t be the last.
Brianna Rosen is the Director of Research in Frontier Security at the Institute for AI Policy and Strategy and also the Executive Director of the Cyber and Technology Policy Programme at the Blavatnik School of Government at the University of Oxford. Jam Kraprayoon is a Senior Researcher in Frontier Security at the same institute. They are two of the most respected names at the intersection of artificial intelligence and cybersecurity — and the warning they’re sounding deserves attention.
A few months after that episode, Anthropic revealed that its new model, Mythos Preview, had autonomously discovered critical vulnerabilities in virtually all of the most widely used operating systems and browsers on the planet. 😶
This raises a pretty uncomfortable question: if an AI can already find security holes across entire systems on its own, what happens when that capability falls into the wrong hands? Criminal networks, extremist groups, or countries that don’t care about AI safety safeguards could turn practically any connected system into a target. That’s exactly what we’re going to talk about here.
How AI Became an Espionage Tool
For a long time, the idea that an artificial intelligence could conduct espionage operations with relative autonomy sounded more like a sci-fi script than a real threat. What the Anthropic case showed is that this scenario is no longer hypothetical — it already happened, it was documented, and, most concerning of all, it was largely successful before being detected and shut down by the company itself.
The group identified as Chinese state-sponsored didn’t just use language models to automate repetitive tasks like collecting public information or translating documents. The operation went further: AI was used to identify targets, map relationships between people and organizations, craft highly personalized communications for social engineering, and in some cases, attempt to exploit vulnerabilities in digital systems in a coordinated fashion. All of this at a speed and scale no human team could replicate in the same timeframe.
What makes this episode even more relevant to the cybersecurity field is the nature of the tool that was used. It wasn’t malicious software specifically developed for spying — it was a commercial, accessible artificial intelligence model that was repurposed for ends its creators clearly don’t endorse. This means the barrier to entry for this kind of operation has dropped dramatically. Groups with access to cutting-edge AI models now have an espionage capability that previously required years of specialized training, expensive infrastructure, and large teams.
This democratization of offensive digital power is perhaps the most transformative and worrying aspect of this entire situation. Previously, a sophisticated cyber espionage operation was the exclusive domain of powers like the United States, China, Russia, and Israel — countries with well-funded intelligence agencies and decades of experience. Now, with AI agents capable of automating entire stages of the attack cycle, smaller and less structured groups can achieve results that were previously completely out of their reach.
Receive the best innovation content in your email.
All the news, tips, trends, and resources you're looking for, delivered to your inbox.
By subscribing to the newsletter, you agree to receive communications from Método Viral. We are committed to always protecting and respecting your privacy.
Vulnerabilities That AI Finds on Its Own
The revelation about Anthropic’s Mythos Preview set off a red alert within the global cybersecurity community. The model was able to autonomously identify critical vulnerabilities in widely used operating systems and browsers — without any human researcher pointing it in a direction to start looking. This represents a fundamental shift in the dynamic between attackers and defenders in the digital world.
Historically, discovering vulnerabilities in software requires painstaking work by highly skilled researchers who spend weeks or months analyzing code, testing for unexpected behaviors, and documenting flaws. With AI models capable of automating much of that process, the time needed to find a security hole can drop from months to hours. And if that capability becomes available to bad actors before it’s available to defense teams, the consequences can be devastating — and that’s not an exaggeration.
The concept that experts call the exploitation window race becomes far more urgent in this context. When a vulnerability is discovered, there’s a window of time between the discovery and the deployment of a patch by the developers. During that window, any actor who knows about the flaw can exploit it. If AI starts discovering these holes at an industrial scale, the number of vulnerabilities known to attackers can grow far faster than cybersecurity teams can fix them. The result is a dangerous imbalance that favors the attacker.
Think of it this way: it’s as if burglars used to have to manually check every door and window of a building to find one left open. Now, with AI, they have a real-time map of every unprotected entrance in every building across the city, all at once. The scale of the problem is a whole different beast.
What zero-day vulnerabilities mean in this context
An important technical point worth explaining here. When we talk about critical vulnerabilities discovered by an AI before the developers know about them, we’re talking about what the cybersecurity industry calls zero-days — flaws that exist in software but haven’t yet been identified or patched by whoever built it. The name comes from the fact that developers have literally zero days of warning before the flaw is exploited.
Until now, finding zero-days was an artisanal effort carried out by elite researchers. The possibility that models like Mythos Preview can find these flaws autonomously and in large volumes completely changes the rules of the game. If a hostile AI agent manages to stockpile an arsenal of zero-days in operating systems like Windows, macOS, and Linux, along with major browsers, the destructive potential is hard to calculate.
What Changes in Cybersecurity From Here On Out
The combination of increasingly sophisticated cyberattacks and the use of artificial intelligence to supercharge them demands a complete overhaul of how governments, companies, and institutions think about digital defense. We’re no longer talking about threats that can be mitigated with updated antivirus software and strong passwords — we’re talking about adversaries using the same technological tools as defenders, but with completely different objectives and, often, more agility to adapt.
In this scenario, cybersecurity needs to stop being treated as an IT department and start being seen as a core strategic function in any organization that handles sensitive data, critical infrastructure, or information of interest to nation-states. This means investing in specialized teams, adopting behavior-based detection technologies — not just known malware signatures — and most importantly, a cultural shift that acknowledges the real risk that AI-powered cyberattacks pose on a daily basis.
Researchers Brianna Rosen and Jam Kraprayoon argue that the Anthropic case shouldn’t be read as just an isolated espionage incident, but as a signal that the use of AI in offensive operations is becoming standard among state actors and organized groups. The question that cybersecurity leaders need to answer now is no longer if their organizations will be targeted by an AI-assisted attack, but when — and whether they’ll be prepared to detect and respond before the damage becomes irreversible. 🔐
Defending with AI against AI-powered attacks
A point worth highlighting is that the same technology that powers attacks can — and should — be used in defense. Artificial intelligence models are already being used by cybersecurity companies to detect anomalous traffic patterns on networks, identify phishing attempts before they reach the end user, and even anticipate moves by groups operating on the dark web. The difference is that on the defensive side, adoption is still slower and more fragmented than on the offensive side.
For digital defense to keep pace with attackers, organizations — both public and private — will need to invest consistently in AI-powered detection and response tools, in training human teams to interpret the alerts generated by those systems, and in response protocols that account for the speed at which an automated attack can spread.
The Role of Big Tech in This Equation
Companies like Anthropic, OpenAI, Google DeepMind, and others developing high-performance artificial intelligence models are in a delicate position. On one hand, they have a commitment to developing technologies that benefit humanity. On the other, they have to deal with the fact that their creations can be — and already are being — repurposed for ends that include espionage, sabotage, and large-scale cyberattacks. The responsibility that falls on these organizations is enormous, and the decisions they make today will shape the cybersecurity landscape for years to come.
One of the most widely discussed responses within the industry is the development of guardrails — internal mechanisms built into the models themselves that identify and block malicious use. Anthropic, for example, invests heavily in AI safety research and alignment techniques aimed at ensuring its models don’t cooperate with clearly harmful intentions. But as the very case revealed by the company showed, these mechanisms still have significant limitations when sophisticated groups manage to circumvent them or exploit gaps in system design.
Beyond internal company efforts, there’s growing pressure for international regulation that establishes minimum security standards for the development and distribution of AI models with high dual-use potential — meaning they can be used for both legitimate purposes and for cyberattacks and espionage. Initiatives like the UK’s AI Safety Institute and ongoing discussions in the European Union and the United States indicate that the issue is making its way to political decision-making tables, even if at a slower pace than the technology is advancing. The challenge is that regulation takes time, and the threat doesn’t wait. ⚡
The open-source model question
Another factor that makes this landscape more complex is the existence of open-source artificial intelligence models. While companies like Anthropic can monitor and restrict the use of their proprietary systems, publicly available models can be downloaded, modified, and run without any oversight or restrictions. This creates a second access route for bad actors — one that doesn’t depend on bypassing guardrails, because there simply are no guardrails in the modified end product.
The AI community is divided on this topic. Open-source advocates argue that transparency promotes security because more people can identify and fix flaws. Critics point out that high-performance open models put dangerous capabilities within reach of anyone with enough technical knowledge to use them offensively. There’s no simple answer to this tension, but it needs to be at the center of the debate about global security in the age of AI agents.
The Geopolitical Dimension of AI-Powered Attacks
The fact that the first documented case of AI-driven espionage involved a state-sponsored group is no coincidence. Artificial intelligence is rapidly becoming a central piece in the geopolitical competition among major powers, and the cyber domain is one of the arenas where this rivalry plays out with the most intensity and the least visibility for the general public.
Governments are investing billions in developing AI-based offensive and defensive capabilities. The race isn’t just about building the most advanced models — it’s about ensuring that strategic adversaries can’t use these same tools to gain military, economic, or informational advantage. The case revealed by Anthropic illustrates how this race has already left the lab and is happening in the real world, with concrete targets and tangible consequences.
Rosen and Kraprayoon, in their article published in Foreign Affairs in April 2026, frame this situation within a broader concept they call the new frontier of cyber warfare. According to the researchers, AI agents — systems capable of acting with significant autonomy, defining sub-goals, and executing complex sequences of actions without step-by-step instruction from a human operator — represent a qualitative break in the field of international security. It’s not just about more powerful tools in the hands of the same actors, but a fundamentally new type of threat that demands equally new responses.
Why This Matters to Everyone
It might seem like this kind of discussion is limited to governments, militaries, and big corporations — but the reality is that the effects of AI-powered cyberattacks reach the daily life of anyone connected to the internet. When critical infrastructure like power grids, banking systems, or healthcare platforms is compromised by espionage or digital sabotage operations, the consequences are felt by the entire population, regardless of any involvement with technology or international politics.
The vulnerabilities exploited in these attacks typically exist in software that billions of people use every day — browsers, operating systems, messaging apps. When an AI discovers one of these holes before the developers do, and it’s exploited by a malicious group, ordinary users’ data can be compromised on a massive scale without anyone noticing right away. It’s a silent risk, but an extremely real one, and the evolution of artificial intelligence models is making it easier to pull off than at any other point in cybersecurity history.
Think about your banking information, your medical records, your private conversations. All of that travels through systems that may contain flaws nobody knows about yet. Now imagine that an AI can scan those systems for those flaws with an efficiency no human team can match. The scenario stops being abstract and becomes pretty personal.
Understanding this landscape is the first step toward demanding more transparency from tech companies, more accountability from governments, and more attention from the organizations that hold our data. The era of AI-orchestrated cyberattacks isn’t coming — it’s already here. What’s still up in the air is how society will respond to this challenge before the consequences become too big to ignore. 🌐
What to Expect in the Coming Months
If the pace of evolution of artificial intelligence models over the past two years is any indicator, the trend is that the offensive capability of AI agents will continue growing at an accelerated rate. Each new generation of models brings improvements in reasoning, planning, and autonomous action that expand the range of possible operations — for both defenders and attackers alike.
The expectation among cybersecurity experts is that we’ll see more incidents like the one revealed by Anthropic throughout 2026 and 2027. Not only because more groups will have access to these tools, but because the available models — even older generations — remain powerful enough to automate significant stages of an espionage or attack campaign. The proliferation of capability is a one-way street: once the technology exists, you can’t un-invent it.
What can make a difference is the speed at which the international community — governments, tech companies, researchers, and civil society — can put together coordinated responses. This includes everything from creating effective regulatory frameworks to sharing threat intelligence across countries and sectors. Cybersecurity in the age of artificial intelligence is, above all, a collective problem. No single country, company, or organization can tackle it alone.
Rosen and Kraprayoon’s article in Foreign Affairs serves as a timely reminder that the future of cyber warfare isn’t something far off. It’s already here, unfolding in real time, with AI agents as the lead characters in a contest that will define the shape of global security for decades to come. 🛡️
