The security industry is currently on high alert as rapidly evolving AI begins to pose a threat that could fundamentally transform corporate crisis management.
A symbolic event occurred in early April. The American AI company Anthropic announced a new AI model (a large language model similar to ChatGPT) called “Mythos,” only for it to be pulled from public release almost immediately. The reason: the model’s capabilities were terrifyingly high. For instance, without any human instruction, it autonomously discovered “zero-day” vulnerabilities—undisclosed flaws usable for cyberattacks that humans had overlooked for decades—within major operating systems like Windows and leading browsers such as Chrome and Safari. Furthermore, it autonomously sent emails to relevant parties and even posted its own activities online.
From a corporate crisis management perspective, AI at this level has the potential to destroy any company’s systems. If such technology falls into the hands of malicious actors, including criminals or state-sponsored agencies, companies will find their vulnerabilities exposed and breached at an unprecedented speed. It is safe to say it is now technically possible for AI to be exploited for attacks on critical infrastructure, ransomware campaigns, and espionage, easily outpacing the cycle of security updates and patching.
Moreover, even low-skilled attackers will be able to leverage AI for sophisticated operations. This would dramatically increase the volume and success rate of breaches, leading to a catastrophic destabilization of global digital systems. AI capabilities have reached a dimension where this is a reality.
As someone witnessing this AI evolution at the front lines of security, I believe humans have no choice but to treat AI as a “strategic partner” and coexist with it. Rather than completely replacing jobs with AI, we should use it for “augmentation.” For critical decisions, we must maintain a “human-in-the-loop” approach.
The tool companies should now focus on to make this possible is the “AI Agent.” An AI agent is an autonomous or semi-autonomous software system that goes far beyond the framework of traditional AI models. While traditional models primarily predict or generate outputs based on input data—such as answering questions, classifying images, or summarizing text—AI agents perceive their environment, reason, plan sequences of actions, make decisions, and execute tasks in the real world through external software. They can adapt to a user’s goals based on feedback and new information. While they may not possess the deep autonomy seen in the “Mythos” example, AI agents are systems that are easier for corporations to implement.
Beyond just performing research or tasks under defined supervision, they spontaneously carry out activities such as sending emails or making purchases based on user instructions. Furthermore, by combining several AI agents, they can collaborate as a team to produce results even in complex scenarios.
In a world where AI is the norm, the challenge lies in how to manage it. If humans exercise governance, AI can become a powerful weapon. Corporations should involve teams from security, legal, IT, and business departments at an early stage, utilizing AI with clear metrics. By using it proactively, AI can become a potent “force multiplier” in cybersecurity.
To achieve this, investment in employee upskilling and the regular updating of policies must begin now. We must embrace this transformative power while building resilient defenses against both external AI-driven threats and internal risks. Companies that can implement superior AI security capabilities while simultaneously controlling the security of the AI itself will gain a significant advantage. Otherwise, they will simply be at the mercy of runaway AI.
Author: Kumar After engaging in cyber operations for British intelligence and serving as a senior executive at a British energy company, he is currently the CEO of the Singapore-based security firm CYFIRMA. He is a globally recognized security expert in the fields of cyber and AI.
