Recently, we learned that Anthropic was developing Claude Capybara, also called Mythos, a powerful new AI model with substantially improved capabilities in vulnerability discovery, exploit development, and multi-step attack reasoning.
While the details emerged through a data leak rather than a formal launch, the market response was unmistakable: AI has crossed a critical cybersecurity threshold. The frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scales, speeds and through novel methods that previously were the domain of advanced nation state entities.
For security leaders, this development is both a warning and a call to action. It crystallizes a trend we’ve been closely monitoring and preparing for: the democratization and industrialization of cyber-attacks.
Two structural shifts redefining cyber risk
Claude Mythos is the early signal of two profound shifts in the threat landscape:
- Democratization of advanced attack capabilities
Capabilities that once required elite threat actors or well-funded nation-state teams will be accessible to cybercriminal groups and even low-skill actors leveraging AI assistance. We must assume adversaries will wield these capabilities. The paths are already clear: abuse frontier models directly, as threat actors did with Claude Code in September, or wait for the same capabilities to land in open-source, unmonitored models like DeepSeek, where no usage policies or safety layers stand in the way. This fundamentally lowers the barrier to entry for sophisticated attacks. Organizations that once considered themselves “safe” because they weren’t targets of advanced nation-state activity are now at risk from newly capable criminal groups armed with AI-powered tools. - Industrialization of cyber-attacks
With the expected advancement in agentic capabilities, threat actors will be able to scan legacy and SaaS technologies at unprecedented frequency and scale. This will lead to a near continuous flow of novel attack methods that target enterprise systems, networks and employees. AI enables threat actors to transition from manual, artisanal operations to repeatable, automated attack pipelines. Attacks are becoming systematic, scalable, and reproducible, like software manufacturing. This is the era of “AI attack factories.”
The convergence of these two forces produces a dangerous outcome: more attackers can execute more sophisticated attacks, simultaneously increasing both attack volume and velocity. The time-to-exploit window will collapse to near zero day.
Why this is important
We should all be alarmed by the leak associated with the new Claude model, but we should not be surprised.
Check Point has been continuously evaluating AI model capabilities and anticipating this evolution. We’ve known that advanced models would eventually demonstrate proficiency in code review, vulnerability discovery, and reverse engineering, and could integrate with tools and APIs that enable penetration testing and exploitation.
What’s important to understand: the gap between writing code and analyzing code is narrower than many realize. An AI system capable of generating sophisticated software can be trained or prompted to identify vulnerabilities within it. This capability, combined with exploit development and the ability to chain multi-step attacks, creates an entirely new threat surface.
Reassess your security posture now
In response to this evolving threat landscape, we urge security leaders to conduct a rigorous reassessment of their security foundations. This isn’t only about implementing new tools. It’s also about ensuring that your security tools themselves are secure.
Where to start:- Assess the security efficacy of your first line of defense. Networks, firewalls, WAF, endpoint, and email security are critical. But are they tuned for zero-day protection? Default security configurations are not optimized to defend against previously unknown exploits. If your perimeter and endpoint security are running standard baselines, you’re exposed.
- Evaluate your risk level. Look hard at your security vendors’ CVE history. When AI compresses exploitation timelines to hours, a pattern of frequent critical vulnerabilities is no longer a manageable operational burden; it’s a strategic liability.
- Hunt your blind spots: legacy servers, unpatched systems, accounts without MFA, unprotected remote access. The long tail of your infrastructure is where attacks typically land.
- Accelerate your patching cycles and evaluate solutions for automated virtual patching and safe remediation. Time-to-patch becomes increasingly critical as campaign timelines move from weeks to minutes.
- Redefine and reinforce network segmentation to protect your crown jewels. Assume breach, limit lateral movement, and ensure that critical assets are isolated from general network traffic.
Check Point brings decades of experience in preventing zero-day exploits. Our products are built with security as a first principle, not an afterthought. That’s why we achieve the industry’s lowest number of CVEs across our platform – not by luck, but by methodology. We employ teams of attackers who attempt to penetrate our own products. This adversarial approach to security development ensures that what we deliver to customers is actually secure.
Moving forward
The vulnerabilities we disclosed in Claude didn’t happen in isolation. They arrived alongside a sharp increase in open-source software supply chain attacks, both signals pointing to the same conclusion: the speed and surface area of attacks are accelerating.
Whether your organization has adopted AI or not is irrelevant. Threat actors have, and they will continue to push these capabilities further.
New models will continue pushing the boundaries of what’s possible, for defenders and attackers alike. That’s not a surprise; it’s the trajectory we’ve been tracking. What the recent disclosures make clear is that continuous reassessment is no longer optional.
