IMAGINE a hacker that never sleeps — one that can scan millions of lines of software code in seconds and patiently search for weaknesses without ever getting tired.

Until recently, that sounded like science fiction. Today, it is becoming a real concern in cybersecurity circles.

Researchers are experimenting with a new artificial intelligence system known as Mythos, developed by the AI company Anthropic. Unlike most AI tools designed to write essays or generate computer code, Mythos focuses on something very different: identifying vulnerabilities in software systems.

Early reports suggest the system can analyse complex codebases and uncover security weaknesses, sometimes even generating demonstrations of how those flaws could be exploited. Simply put, it can find the digital equivalent of unlocked doors — and show how someone might break in.

The implications are unsettling.

For many years, sophisticated cyberattacks required deep technical expertise. Discovering a vulnerability in widely used software could take weeks or even months of careful investigation by experienced researchers. Developing a reliable exploit required patience, skill and often a great deal of trial and error.

Artificial intelligence may dramatically shorten that process. Instead of manually examining software, a malicious actor could theoretically instruct an AI system to analyse vast amounts of code and identify weaknesses automatically. Tasks that once demanded highly specialised knowledge might become far easier to execute.

To be clear, Mythos itself is not available to the public and remains under restricted testing. But the broader trend is unmistakable. AI systems are becoming increasingly capable, and the tools that power cybersecurity research today could potentially be repurposed for malicious use tomorrow.

That possibility is already raising concerns among security experts.

Cybersecurity has always been a race between attackers and defenders. When one side gains a technological advantage, the balance shifts.

Artificial intelligence has already proven useful in strengthening cyber defence. Security analysts increasingly rely on AI to detect unusual patterns in network traffic, identify malware behaviour and respond to incidents more quickly than human teams alone could manage.

Yet, the same technology could also make offensive cyber operations more efficient. An AI system capable of automatically identifying vulnerabilities could scan thousands of systems simultaneously, uncover weaknesses and generate attack pathways faster than defenders can react.

Combined with automated phishing campaigns or AI-generated malware, this could significantly increase both the scale and speed of cyberattacks.

For countries like Malaysia that are rapidly digitising their economy and public services, this presents a serious challenge.

Banking platforms, telecommunications networks, healthcare systems and government services are now deeply interconnected through digital infrastructure. While this transformation has brought enormous benefits, it has also expanded the potential attack surface for cybercriminals.

As Malaysia accelerates its digital transformation under initiatives such as the MyDIGITAL programme and the Malaysia Digital Economy Blueprint, strengthening cybersecurity will be essential to ensuring that innovation and economic growth are not undermined by increasingly sophisticated cyber threats.

Recent trends suggest that cyber threats in Malaysia are already on the rise. Reports from the National Cyber Security Agency (Nacsa) indicate that thousands of cybersecurity incidents are recorded annually, ranging from ransomware attacks and phishing scams to attempts targeting critical infrastructure. At the same time, online scams continue to grow at an alarming rate, costing Malaysians billions of ringgit each year.

If these attacks are already increasing under current conditions, the introduction of AI-assisted hacking tools could accelerate the threat even further.

In my own work training cybersecurity professionals and government officers, one concern comes up repeatedly. Many organisations are still struggling with basic cyber hygiene — patch management, access control and incident response planning. If defending against today’s threats is already difficult, the prospect of AI-assisted attacks makes the need for preparedness even more urgent.

Malaysia has nevertheless made meaningful progress in strengthening its cybersecurity posture. The Cyber Security Act 2024 represents an important step forward in establishing a national framework for managing cyber risks. The legislation strengthens oversight of cybersecurity services and provides mechanisms to protect critical national infrastructure.

This development reflects an important shift in perspective. Cybersecurity is no longer viewed merely as an IT problem but as an issue of national resilience.

However, regulation alone will not be enough. Building long-term cyber resilience also requires sustained investment in knowledge, research and talent. One initiative contributing to this effort is Pusat Teknologi dan Pengurusan Kriptologi Malaysia (PTPKM), established at Universiti Putra Malaysia (UPM) in collaboration with Nacsa. The centre focuses on advancing Malaysia’s capabilities in cryptography research, secure communications and the management of cryptographic technologies.

Although cryptography may seem highly specialised, it forms the backbone of modern digital security. Everything from online banking transactions to government communications relies on encryption to protect sensitive information.

As cyber threats become more sophisticated — particularly with the rise of AI-assisted attacks — strong cryptographic systems will become even more important.

But technology and legislation alone cannot solve the cybersecurity problem. Many successful cyberattacks still exploit simple human vulnerabilities: weak passwords, outdated software or poor security practices. In an environment where attackers may soon be assisted by artificial intelligence, such weaknesses could be exploited even more rapidly.

This is why public awareness and professional training remain essential. Universities, government agencies and private organisations must work together to promote stronger cybersecurity practices and develop the next generation of digital security professionals.

In the age of artificial intelligence, cybersecurity is no longer merely a technical challenge; it is a matter of national resilience. We must ensure that innovation strengthens our defences rather than empowers the next generation of cyber attackers.

DR MOHD FAIRUZ ISKANDAR OTHMAN

Senior lecturer, cybersecurity researcher and trainer, Faculty of Information and Communication Technology, Universiti Teknikal Malaysia Melaka (UTeM)'