Artificial intelligence is beginning to reshape one of the most specialized areas of cybersecurity: ethical hacking.
Recent discussions in the security community have focused on Claude Mythos Preview, an advanced AI model from Anthropic that has demonstrated strong capabilities in identifying and exploiting software vulnerabilities. Anthropic introduced Mythos Preview in April 2026 as part of Project Glasswing, a defensive cybersecurity initiative intended to help selected partners find and fix weaknesses in critical software before attackers can exploit them.
The rise of tools like Mythos has created both excitement and concern. For defenders, AI-assisted vulnerability discovery could make software safer by finding hidden bugs faster than traditional manual review. For human researchers, however, it may also change the economics of bug hunting.
Valentina Palmiotti, widely known in the cybersecurity world as Chompie, is among the ethical hackers who have warned that AI could make some parts of vulnerability research much more competitive. According to reports, her concern is not that human hackers will disappear immediately, but that AI may increasingly handle easier or repetitive vulnerability discovery work that once gave independent researchers and bug bounty hunters more opportunities.
The scale of recent AI-assisted discoveries shows why the debate is intensifying. Mozilla said its Firefox 150 release included fixes for 271 vulnerabilities identified during an evaluation of Claude Mythos Preview. The Firefox team described the experience as a major shift for defenders, noting that such a large number of findings in a hardened browser would have been difficult to imagine just a short time ago.
Anthropic has also said Mythos Preview can identify and exploit zero-day vulnerabilities in major operating systems and web browsers when directed to do so. The company stated that many discovered vulnerabilities remain unpatched, which is why it has avoided publishing full technical details.
This creates a complicated cybersecurity moment. On one side, AI gives defenders a powerful new way to inspect code, test systems, and reduce risk. On the other side, similar capabilities could become dangerous if widely available to criminals or poorly controlled actors. Anthropic has said it is initially limiting access through Project Glasswing to support defensive use while the industry prepares for more powerful AI-assisted security tools.
Business and security analysts are also paying attention. Bain & Company has described Mythos-class systems as a significant cybersecurity concern because they can understand code intent, connect small weaknesses into larger attacks, reconstruct source logic from software, and operate with a level of automation that changes how quickly vulnerabilities can be discovered.
Still, many experts believe human researchers will remain essential. AI can accelerate scanning, testing, and proof-of-concept development, but cybersecurity often requires judgment, creativity, responsible disclosure, and a deep understanding of real-world risk. AI may find a bug, but humans still need to verify its impact, prioritize fixes, coordinate patches, and understand how an attacker might use it.
The bigger shift may be that ethical hacking is moving into a new phase. Instead of replacing skilled researchers completely, AI may push them toward higher-value work: validating AI findings, designing safer systems, studying complex attack chains, and building better defensive strategies.
For companies, the message is clear. Security teams should not ignore AI-powered vulnerability discovery. They need stronger patch management, better code review, secure development practices, and faster response systems. As AI makes hidden software flaws easier to find, the organizations that adapt early will be better prepared for the next generation of cyber risk.
Source Attribution Line
This article is based on public reporting about Chompie’s comments and technical disclosures from Anthropic, Mozilla, and cybersecurity industry analysis.
