Cybersecurity

AI is on its way to upending cybersecurity

By Cade Metz and Kate Conger
OpenAI's ChatGPT on a laptop in San Francisco, March 21, 2025. As tech companies prepare to release new and more powerful AI systems in the coming weeks, cybersecurity experts have become increasingly vocal in their warnings that AI technologies are fundamentally changing cybersecurity. — Kelsey McClellan/The New York Times

SAN FRANCISCO: Anthropic said late last year that state-sponsored Chinese hackers had used its artificial intelligence technology in an effort to infiltrate the computer systems of roughly 30 companies and government agencies around the world.

In a blog post, Anthropic said it was the first reported case of a cyberattack in which AI technologies had gathered sensitive information with limited help from human operators. Human hackers, the company said, handled about 10% to 20% of the work needed to conduct the attack.

Five months later, that remains the only known example of a cyberattack driven largely by an “AI agent” – technology that can write computer code and use software on its own. But as Anthropic and its chief rival, OpenAI, prepare to release new and more powerful AI systems, cybersecurity experts are increasingly vocal in their warnings that AI is fundamentally changing cybersecurity.

Technology from Anthropic, OpenAI, Google and other companies could allow hackers to identify security holes in computer systems far faster than in the past, vastly raising the stakes in the decades-long fight between hackers and the security experts guarding computer networks.

But like other tools from the long history of cybersecurity, the latest AI can be used for both offence and defence. As hackers deploy AI to break and steal, security experts are also leaning on AI to spot flaws in their systems – including some that had gone unnoticed for decades. The question is who finds the flaws first.

“This is the most change in the cyber environment, ever,” said Francis deSouza, the chief operating officer and president of security products at Google Cloud. “You have to fight AI with AI.”

Since last year, the leading open-source software projects – which provide the underlying infrastructure for sites and services across the internet – have been flooded with messages from people using AI to identify security holes.

Many of these so-called bug reports were erroneous, because of mistakes made by the AI systems. But in recent months, as AI has improved, they have started to identify legitimate bugs at a remarkable rate, and programmers have raced to make fixes.

“These AI models are augmenting what humans can do,” said Daniel Stenberg, who runs an important and popular open source project called Curl. “If you use these tools correctly, they can really raise your ability to find problems in software.”

In February, Anthropic said that it had used its AI technologies to find more than 500 so-called zero-day vulnerabilities – security holes that were unknown to software makers – in various pieces of commonly used open source software. The next month, a researcher at Anthropic revealed that he had used AI to find a serious security vulnerability in the core of the Linux operating system, which is software that powers much of the internet, and is used in computer servers, cloud computing services, Android phones and Teslas.

The bug had existed, apparently undiscovered, since 2003.

Experts disagree on whether one side of this struggle has gained a significant advantage through AI. And they are unsure how the battle will play out in the coming years. But most agree that the companies and governments that do not embrace the latest AI for defensive purposes will leave themselves enormously vulnerable.

Chatbots like Anthropic’s Claude and OpenAI’s GPT have become very good at writing computer code. These systems can help engineers create new software. They can use internet tools, like email programs and online calendars. And they can probe the weak points in software and online services, looking for security vulnerabilities.

Over the past several months, new AI tools like Anthropic’s Claude Code and OpenAI’s Codex – specifically made for coding – have helped developers create AI agents that can handle a wide variety of tasks largely on their own. That includes identifying and exploiting security holes in software.

“Four or five months ago, we had a step change in what these systems could do,” said Zico Kolter, an OpenAI board member and a professor of computer science at Carnegie Mellon University who specialises in security and AI.

AI is helping attackers in other ways. Some have used chatbots to draft phishing emails and ransom notes, cybersecurity experts said. Others have used AI to parse large quantities of stolen data and determine what information might be valuable. Without help from AI, attackers could sometimes break into computer networks within minutes, deSouza said, but with the help of AI, breaches can take just seconds.

Some hackers specialise in breaking into systems and then selling off their access to other attackers. Those handoffs used to take as much as eight hours, as hackers negotiated the sales and passed along the compromised entry points, deSouza said. Now that process has accelerated to about 20 seconds, he said, with hackers sometimes using AI agents to speed up the process.

Anthropic, OpenAI and other AI companies have tried to add guardrails to their tools to prevent them from being turned into cyberweapons. But attackers have been able to circumvent these barriers by telling the AI systems that they are not actually attacking.

For instance, they will say that they are just playing “capture the flag” games – cybersecurity exercises that simulate real attacks and allow engineers to practice finding and exploiting vulnerabilities.

Some experts argue that the guardrails added by companies like Anthropic and OpenAI can actually provide an advantage to malicious attackers. Guardrails could cause a chatbot to deny help to a user trying to defend a system from an attack, they argue, but persistent hackers could be more diligent about finding vulnerabilities – and keeping those tricks to themselves.

Although AI technologies have put new powers in the hands of offensive hackers, experts are divided over whether these tools give attackers an overall advantage over defenders.

Even after months of steady improvements, AI technologies are still flawed – which means they require the expertise of seasoned cybersecurity experts. In many cases, the tools are still limited by the skills of the people who use them.

“You still need a software architect in the loop with these systems,” Kolter said.

He and others argue that defenders have an advantage because they have the easier job. They just have to find the holes. Offensive hackers must both find and exploit the holes.

“It is easier to find a vulnerability than to meaningfully exploit it,” Kolter said. – ©2026 The New York Times Company

This article originally appeared in The New York Times

     

    Related stories:
    Follow us on our official WhatsApp channel for breaking news alerts and key updates!

    Next In Tech News
    The Big Bang: AI has created a code overload
    ‘Tom Clancy’s The Division Resurgence’ adapts series’ action to mobile screens
    Apple's foldable iPhone faces engineering snags, potential shipment delays, Nikkei Asia reports
    Screenshots:�A sound strategy for countering hate online
    Samsung is discontinuing its texting app, tells impacted US users to switch to Google Messages
    How to calibrate your phone or laptop if battery level drops suddenly
    Broadcom signs long-term deal to develop Google’s custom AI chips
    OpenAI urges California, Delaware to investigate Musk's 'anti-competitive behavior’
    Nvidia acquisition of SchedMD sparks worry among AI specialists about software access
    Netflix debuts new 'Playground' gaming app for kids

    Trending in Tech

    Others Also Read

    Load more

    Copyright © 1995- Star Media Group Berhad [197101000523 (10894-D)]

    Best viewed on Chrome browsers.