When the AI That Finds Your Vulnerabilities Goes Mainstream: The New Cybersecurity Arms Race

Something shifted this week in the relationship between artificial intelligence and the systems it was built to protect. On the same day that Anthropic agreed to brief the Financial Stability Board - the global body that coordinates financial regulation across the G20 - on cybersecurity vulnerabilities exposed by its own Mythos model, the hacktivist group ShinyHunters was busy defacing login pages at 330 schools using Instructure's Canvas platform. Meanwhile Lapsus$, the teenage extortion collective that refuses to die, was dumping Vodafone's internal source code onto GitHub after the telecom giant refused to pay.

These are not separate stories. They are the same story, told from different angles: AI has become simultaneously the most powerful weapon and the most essential shield in cybersecurity, and the gap between offense and defense is closing fast enough to make every security professional on the planet sweat.

Photo: Unsplash

The Mythos Problem: An AI That Finds What Humans Can't

Anthropic's Mythos is, on paper, a general-purpose language model. In practice, it is something far more unsettling: a system that can identify and exploit software vulnerabilities at a scale and speed that no human team - or human-led red team - can match. A leaked draft blog post from Anthropic, reported by InfoWorld in March, described Mythos as having "advanced reasoning tailored for security workloads." That is corporate understatement. In controlled testing, Mythos identified zero-day vulnerabilities in open-source codebases that had gone undetected for years.

The model was announced alongside Project Glasswing, Anthropic's cybersecurity initiative that brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, and Microsoft. The coalition is meant to harden critical infrastructure against the exact kinds of attacks Mythos proves are now possible. But the paradox is built in: the same capabilities that let Mythos find vulnerabilities for defenders can, in the wrong hands, find those same vulnerabilities for attackers.

On May 18, Reuters reported that Anthropic will brief the Financial Stability Board on Mythos-exposed cyber weaknesses. Bank of Canada governor Tiff Macklem, who heads the FSB's committee for monitoring risks, made the stakes clear: there may be no immediate crisis, but institutions have to get ahead of a changing security landscape. The Financial Post described it more bluntly - Mythos has "spooked bankers." When the people who manage systemic risk for a living are alarmed, the rest of us should pay attention.

"The FSB is going to share the information with members so they can build resilience," said one official familiar with the discussions. The implication: global banks are not currently resilient against what Mythos can find.

OpenAI Fires Back: Enter Daybreak

Anthropic may have had a one-month head start, but OpenAI is not letting that gap persist. On May 11, OpenAI announced Daybreak, a full-stack cybersecurity platform built on GPT-5.5. Where Mythos is a model with security applications, Daybreak is an integrated platform: vulnerability detection, patch validation, and secure software development lifecycle automation, all wrapped in a commercial product.

The positioning is telling. OpenAI is not just building a smarter AI - it is building a business around the fear that smarter AI creates. As Business Insider reported on May 18, the two companies have effectively "kicked off a new arms race for cyber defense." The article quotes security professionals describing a landscape where attackers armed with advanced AI models could "soon crack systems worldwide."

But here is the catch, and it is a darkly funny one: after publicly criticizing Anthropic for restricting Mythos access, OpenAI has restricted access to its own cyber capabilities too. The company that argued for open deployment of security AI tools now faces the same uncomfortable reality Anthropic confronted - that the line between defensive vulnerability scanning and offensive exploitation is thinner than a silicon wafer.

This is the fundamental tension of the current moment. The AI companies are building tools that can find any crack in any system. They want to sell those tools to defenders. But every defensive capability is, by definition, also an offensive capability. The question is not whether AI will be used to hack. The question is whether the defense will scale faster than the offense.

Photo: Unsplash

The Proof Is Already Here: ShinyHunters and the Canvas Catastrophe

While Anthropic and OpenAI debate the ethics of AI-powered security tools, the real world is providing brutal object lessons in why this conversation matters. The ShinyHunters breach of Instructure's Canvas LMS is now the largest educational security incident in history.

The timeline tells the story of escalation:

The details are uglier than the headline. ShinyHunters did not just steal data. They weaponized the platform itself, replacing login pages with defacement messages that told students their data was for sale. This is not a quiet data exfiltration - it is psychological warfare against an educational system already straining under pressure. And Instructure's response, paying the extortionists, has set a precedent that security professionals will debate for years.

As Help Net Security noted, Instructure "took a risky approach" by reaching a deal with ShinyHunters. There is never any guarantee that attackers actually delete stolen data, and the payment signals to every other extortion group that targeting ed-tech platforms is profitable.

Lapsus$ Returns: The Vodafone Source Code Dump

As if the Canvas breach was not enough, Lapsus$ - the extortion group whose members were teenagers when they first burst onto the scene in 2022 - has returned with a vengeance. After claiming a breach of Vodafone UK's internal network infrastructure in late April, the group made good on its threats when Vodafone refused to pay.

On May 11, Lapsus$ dumped Vodafone's internal source code onto GitHub after the telecom giant refused to negotiate. The dataset, described as a "blueprint for the telecom giant's operations," represents exactly the kind of proprietary infrastructure code that nation-state actors would pay millions for. The fact that it is now publicly available is a catastrophe for Vodafone and a gift to every telecom-hunting threat group on the planet.

Lapsus$ is also actively recruiting. Their website, lapsus.by, openly solicits insiders at T-Mobile, Claro, Telefonica, AT&T, Microsoft, and other major corporations. The group's model - social engineering combined with insider access - represents a different threat vector than what Mythos or Daybreak address, but it illustrates the same principle: the attack surface of modern digital infrastructure is vast, and AI is about to make exploiting it dramatically easier.

Photo: Unsplash

Google's Gemini Spark: The Consumer AI Agent Arrives

While the cybersecurity world was focused on Mythos and Daybreak, Google was quietly preparing its own entry into the AI agent race. Gemini Spark, revealed through code in the Gemini web app beta ahead of I/O 2026, is an always-on AI agent that handles your inbox, tasks, and shopping in the background.

According to leaked details, Spark can place orders without user confirmation, build shopping carts, and book reservations - all autonomously. The code reveals a "skill system" and "task scheduler" that suggests Google is building not just a chatbot but a genuine digital proxy: an AI that acts on your behalf across the web.

On May 12, Google announced Gemini Intelligence for Android, bringing proactive AI features that understand screen context and complete multi-step tasks. As CNBC reported, Google is racing to put Gemini at the center of Android before Apple's next AI push. The agent wars are not just about security - they are about who becomes the default interface between humans and the digital world.

But here is what makes Spark relevant to the cybersecurity conversation: an AI agent that can place orders, access inboxes, and make financial decisions on your behalf is also an AI agent that, if compromised, can do all of those things for an attacker. The attack surface of an autonomous agent is fundamentally different from the attack surface of a chatbot. When your AI can spend your money, the security requirements are not incremental - they are transformational.

The Convergence: Why This Week Matters

What makes the second week of May 2026 significant is not any single event but the convergence of three trends that have been developing on parallel tracks:

First, AI security capabilities are now commercially deployable. Mythos and Daybreak are not research papers or demo videos. They are products with pricing pages and enterprise sales teams. The same week that Anthropic briefs financial regulators, OpenAI launches a competing platform. The market for AI-powered security tools has gone from zero to competitive in under 60 days.

Second, the real-world attack surface has proven to be catastrophically larger than anyone estimated. The Canvas breach exposed 275 million records. The Vodafone dump revealed that even the most sophisticated telecom infrastructure is vulnerable to a group whose leaders were literally in secondary school three years ago. These are not theoretical risks - they are confirmed, materialized, actively-exploited vulnerabilities.

Third, consumer AI agents are crossing the autonomy threshold. Gemini Spark is not a chatbot that tells you what to do. It is a system that does things for you. The distance between "I found a vulnerability" and "I exploited a vulnerability" was already short. The distance between "I can act on your behalf" and "someone else can make me act on their behalf" is even shorter.

New York Magazine captured the absurdity with characteristic precision: "Worried About AI? Here, Have Some AI." The solution to AI-created security risks is, apparently, more AI. This is not wrong - it is just deeply uncomfortable. As Darktrace noted, the decline in the role of traditional disclosure and coordinated vulnerability response means security teams are facing a challenge they are not structured to handle.

"There is never any guarantee that attackers have actually deleted stolen data." - Computing UK, on Instructure's decision to pay ShinyHunters

The FSB Briefing: What We Know

The Financial Stability Board briefing, first reported by the Financial Times and confirmed by multiple outlets on May 18, represents an unprecedented step in the relationship between AI companies and global financial regulators. The FSB, which coordinates financial regulation across the G20 nations, will receive technical details about the vulnerabilities Mythos identified.

This is not a routine security advisory. The FSB does not issue briefings about individual software vulnerabilities. This is a systemic risk assessment: the financial system relies on software that, until now, has been secured primarily through obscurity and the difficulty of finding bugs at scale. Mythos removes both of those protections. If a model can find zero-days in days that took human researchers years to identify, the calculus of financial cybersecurity changes fundamentally.

Bank of Canada governor Macklem's language was carefully chosen: "no immediate crisis" but "institutions have to get ahead of a changing security landscape." Translation: the banks are not ready. The FSB briefing is a recognition that the defensive side of the equation needs to scale as fast as the offensive side, and right now it is not even close.

Photo: Unsplash

The OpenAI Contradiction: Restrictions for Thee, Not for Me

The most revealing moment in the AI cybersecurity arms race came not from a product announcement but from a policy reversal. After OpenAI publicly criticized Anthropic for restricting access to Mythos, arguing that defensive capabilities should be widely available, the company then restricted access to its own cybersecurity features in Daybreak.

This is not hypocrisy - it is the inevitable consequence of building tools that are equally useful for offense and defense. Every AI company that enters the cybersecurity space will face the same bind: the more capable the model, the more dangerous it is in the wrong hands. OpenAI's Daybreak platform, built on GPT-5.5 and Codex, automates vulnerability detection, patch validation, and secure software development lifecycle management. All of those capabilities have offensive mirrors.

InformationWeek's analysis framed the challenge precisely: Mythos forces a "rethink of vulnerability management." The old model - where bugs were rare, hard to find, and disclosed through coordinated processes - assumed human-speed discovery. AI does not just accelerate discovery; it changes the economics of exploitation entirely.

What the Security Community Is Saying

The response from cybersecurity professionals has been a mixture of vindication and alarm. IBM's analysis described Mythos as "rewriting assumptions about what artificial intelligence can do" in the security domain. NetSecurity called it "a paradigm shift in vulnerability discovery and critical infrastructure risk."

The consensus is forming around a position that would have sounded extreme six months ago: AI vulnerability discovery has crossed a threshold from "useful tool" to "strategic capability." When a model can audit an entire codebase in hours and identify bugs that human researchers would take months to find - if they found them at all - the implications for critical infrastructure, financial systems, and national security are profound.

4BIS, a cybersecurity firm, put it plainly: the model's capabilities "could be exploited" and it "was able to breach the company's own safeguards." That last detail is the one that should keep security professionals awake. If Mythos can break through Anthropic's own safety rails, the idea that guardrails will reliably prevent misuse by malicious actors is, at best, aspirational.

OpenAI's Personal Finance Pivot: A Distraction or a Signal?

In a week dominated by cybersecurity, it is worth noting a quieter OpenAI move: the launch of AI personal finance tools and the consolidation of products under co-founder Greg Brockman. This is not unrelated to the security conversation.

Personal finance tools handle bank credentials, transaction histories, and investment portfolios - exactly the kind of sensitive data that a compromised AI agent could weaponize. OpenAI is simultaneously building the most powerful offensive cybersecurity tool (Daybreak) and a consumer product (finance tools) that would be a prime target for exactly the kind of attacks Daybreak is designed to find. The company is creating its own threat landscape and then selling the solution to it.

This pattern - creating a problem and then selling the cure - is not new in tech. But the stakes are higher when the problem is "every vulnerability in every system can be found in hours" and the cure is "buy our tool to find them first."

GPT-5.3-Codex Takes Over GitHub Copilot

Another piece of the puzzle clicked into place on May 17, when GitHub announced that GPT-5.3-Codex is now the base model for Copilot Business and Enterprise, replacing GPT-4.1. This is significant because code generation is where the offensive/defensive duality of AI is most acute.

A model that writes better code also writes better exploits. A model that understands code structure well enough to suggest improvements can also understand it well enough to find vulnerabilities. By deploying GPT-5.3-Codex to millions of developers through Copilot, GitHub is essentially distributing a powerful code-analysis capability across the entire software development ecosystem. The net security effect depends entirely on which side learns to use it faster.

The Road Ahead: What Changes After This Week

The convergence of Mythos, Daybreak, ShinyHunters, Lapsus$, and Gemini Spark in a single week is not coincidence. It is the acceleration of a trend that has been building since AI models first demonstrated meaningful code understanding. Here is what changes:

Vulnerability windows shrink dramatically. The time between a bug being introduced and a bug being found drops from years to days. For defenders, this is good news - if you are using the AI tools. For attackers, this is even better news, because most organizations are not using them yet.

Ransomware economics shift toward data extortion. ShinyHunters did not encrypt Canvas systems. They stole data and threatened to leak it. The Instructure "agreement" validates this model. Expect more groups to follow this playbook, because it works and the legal consequences are minimal.

AI agent security becomes an existential concern. Gemini Spark and similar agents will handle financial transactions, personal communications, and authentication. Securing these agents is not a feature request - it is a prerequisite for the product category to exist.

Regulatory response accelerates. The FSB briefing is a signal that global financial regulators are treating AI security risk as systemic. Expect new requirements for AI model security assessments, vulnerability disclosure frameworks adapted for AI-discovered bugs, and potentially restrictions on who can deploy advanced security AI.

The offensive-defensive gap remains. Despite Anthropic and OpenAI's best efforts to commercialize defensive AI, the fundamental asymmetry of cybersecurity persists: attackers only need to find one vulnerability, while defenders need to secure every surface. AI narrows but does not eliminate this gap, and the organizations that will suffer most are the ones that assume buying Daybreak or Glasswing means they are safe.

Photo: Unsplash

The Bottom Line

Anthropic is briefing the Financial Stability Board because AI can now find vulnerabilities that global banking infrastructure cannot defend against. OpenAI launched Daybreak because the market for AI-powered security tools went from zero to competitive in 60 days. ShinyHunters compromised 275 million student records because an ed-tech platform had a supply-chain vulnerability in its free tier. Lapsus$ dumped Vodafone's source code because extortion works when companies will pay to make problems go away. Google is about to put an always-on AI agent on every Android phone.

These are not disconnected events. They are the same tectonic shift, viewed from different angles. AI has made the digital world simultaneously more powerful and more fragile, and the institutions we rely on - banks, schools, telecoms, governments - are not ready for what comes next.

The arms race is not between Anthropic and OpenAI. It is between AI-accelerated offense and AI-accelerated defense. And right now, offense has a head start.