On 9 April 2026, ASD published information on the cyber security implications of increasingly capable frontier artificial intelligence (AI) models. This followed the 7 April 2026 announcement from Anthropic about the release of Claude Mythos Preview, described as its most capable frontier AI model and highlighting its advanced software engineering and cyber security capabilities. Other capable AI models were also released in the intervening period, including OpenAI’s GPT-5.5. Since then, a clearer picture has emerged of what these kinds of models can, and cannot do, and what this means for Australian organisations.
What we have learned
Independent evaluations confirm meaningful AI capability uplift, with limits.
The United Kingdom’s AI Security Institute (AISI) published the first independent assessment of Claude Mythos finding that although the model was not dramatically more capable than previous frontier models on individual cyber tasks, it was the first to autonomously chain those tasks into an end‑to‑end intrusion, representing a meaningful uplift in overall capability. In testing, Claude Mythos completed a 32‑step simulated corporate network attack on some runs.
Importantly, the UK’s AISI noted these environments lacked active defenders, endpoint detection and response, and alerting. Where segmentation or more complex environments were introduced, particularly between IT and operational technology (OT), the model frequently failed to progress and required additional prompted guidance, highlighting that expert human users are still an important determinant to effectiveness. This reinforces that existing defensive controls, when properly implemented, remain an effective friction against AI‑enabled attacks.
Defensive use cases are already delivering results.
Mozilla reported that Claude Mythos identified 271 vulnerabilities fixed in a single Firefox release. This is an order‑of‑magnitude increase over previous AI‑assisted efforts. Mozilla emphasised the model did not discover new classes of vulnerabilities but dramatically increased the scale and speed at which existing defects could be found and remediated. This supports the view that AI’s primary cyber threat is in accelerating vulnerability discovery and exploitation. It does not introduce novel tactics or techniques. AI can be used effectively to harden defences through identifying and fixing vulnerabilities in systems.
Both frontier and open source AI models continue to improve.
Since our April announcement, researchers have shown many of the vulnerability discovery techniques demonstrated by Claude Mythos can already be reproduced using inexpensive open‑weight models. With the cost of operating capable models falling rapidly, the assumption hostile actors will lag frontier capabilities by many months is no longer safe. The implication for defenders is clear. Advanced AI‑enabled capabilities cannot be treated as rare or unique. This will be increasingly so into the future.
Attack economics are shifting.
The UK’s AISI’s assessment of Claude Mythos observed the system continued to improve with additional inference compute, with no performance plateau reached during testing. This suggests attacker capability will increasingly be a function of available compute and time, further increasing pressure on defenders to reduce exposure and response times.
While at present, the cost and access to compute required to run a frontier-level AI system may be out of reach for most individuals, those economics are rapidly changing. Organisations need to act now in preparation for a future where the access and resources required to run capable AI models is broadly available, including to individual threat actors.
What this means for Australian organisations
Developments since our announcement on 9 April confirm the advice provided in our initial guidance. Strong cyber security fundamentals are an important foundation to reducing cyber security risk, even against frontier AI‑enabled threats. Improving your fundamentals should be pursued now, not later.
However, the new age of AI will require more than getting the fundamentals right. Organisations need to consider how to use AI to identify, harden and protect their systems. As highly capable AI becomes more widely available, malicious actors will deliver cyber threats at greater scale and speed. Organisations that don’t improve their defences will be vulnerable to these AI-enabled cyber threats. This cannot be left to cyber defenders alone. It will require a rethink of process and require organisational change in some areas. ASD has a range of upcoming guidance to assist organisations on this journey.
For now, organisations should:
- strengthen cyber security fundamentals by regularly reviewing and validating core controls
- minimise attack surfaces by reducing exposure of systems and services to untrusted networks
- patch systems promptly, recognising that AI is accelerating vulnerability discovery and exploitation
- implement layered, defence-in-depth architectures that assume breach and restrict lateral movement
- prepare for incident response by maintaining and exercising incident response plans and playbooks
- use AI for defensive purposes, where appropriate, including identifying vulnerabilities and securing software before release.
No single mitigation can provide complete protection. However, the accumulating evidence shows organisations with mature cyber security practices remain significantly more resilient, even as tools used by malicious actors evolve.
ASD will continue to monitor frontier AI developments in close consultation with Five Eyes partners and the Australian cyber security community.