Anthropic’s highest profile AI product is Claude, a rival to OpenAI’s ChatGPT. In April 2026, Anthropic revealed its Mythos product – an AI model which it claimed could outperform the hacking capabilities of humans.
It led to significant consternation among policymakers and financial institutions because Anthropic claimed Mythos had exposed many cyber vulnerabilities in critical digital services. In response to the concerns raised about Mythos’s capabilities, Anthropic withdrew the product from the market.
Shortly afterwards, NCE was invited by e2e-assure to attend a simulated AI-powered cyberattack using a Mythos-level AI capability, targeting a fictional water treatment works.
The hypothetical attacker was using a chatbot-style interface to plan and execute the attack with the AI. The attack took less than a minute to execute. e2e-assure CEO Rob Demain warned about the advent of sub-second attacks, which don’t give security operations centres (SOCs) staffed by people enough time to intercept the attack.
In the latter half of the simulation, attendees were educated about defending against the hypothetical attack. Demain made clear that SOCs running on AI were able to prevent, detect and intercept more effectively.
Speaking to NCE after the simulation, Demain explained that the key difference that the availability of Mythos-level AI tools has made is that before, “you’d need a really skilled team of dedicated, highly-trained people to do a cyberattack of any scale.”
“Now, potentially very unskilled people could do one, and that changes the economics of it. It changes the threat profiles – anyone with a grudge could launch a cyberattack. That didn’t happen a year ago,” he said.
Demain warned that a critical difference between traditional cyberattacks and cyberattacks which rely on AI is that the latter can be executed much more rapidly.
“Automated attacks have been around for years, but self-fixing AI, where it’s sorting itself out and moving without the human operating it, that’s another real worry,” he said.
“Typically, it takes a lot of time for an attacker to get to somewhere bad; they’ve got lots of different gates to get through, and it takes time, and often that gives the [defenders] time to detect them somewhere in this stage.”
“If that is moving to an AI system where it’s mainly automated with a human clicking ‘next’ or ‘yes’, that could run a lot quicker than it typically does. Now that’s also a problem because humans can’t keep up with it. You can’t do the analysis in time before they move on to the next step.”
This is part of Demain’s proposition for e2e-assure’s offering, which is the provision of AI-powered security operations centres (SOCs) – believing that defenders need to use AI in defence to protect against AI attacks.
Demain said that the vulnerability of CNI assets is partly defined by how visible their respective “attack surfaces” are – meaning what hardware and software are reachable by potential adversaries.
“Somewhere like water [infrastructure assets] may have thousands of little connections, little water pumps, little sensors, so that’s got a big attack surface,” he said.
“It may also have lots of legacy equipment – that means outdated equipment. Whereas a new system that’s being deployed today might look quite different, might be more centralised, it might have modern equipment.”
He explained that older systems that were not connected to the internet tend to be protected from cyberattacks, whereas digitalisation programmes will expose them to that risk.
Demain also said newer projects face risks of being subject to cyberattacks because of the opportunity they present to give attackers notoriety and profile if they are successful.
“If you think about criminals and people who wish to do cyberattacks, it’s normally [motivated by] money, and then infamy is the next driver, [and] kudos,” he said
“Bringing down a new flagship project gets headline news. An attacker who’s motivated by that would want to go for that, simply because it’s a big profile name, and they’re going to get on BBC News. That’s a real motivation for some of these types of hackers.”
He went on to reassure that there is a good culture among CNI leaders, including those who are not cyber experts, in terms of working to update systems to ensure cyber resilience.
“I think that’s where CNI can really work well in operational resilience”, he said.
“If you think about cyber, over the last 10 years, there’s been a big focus on data, the GDPR (General Data Protection Regulation), and the ICO (Information Commissioner’s Office).
“The data loss to CNI is not as big in the news as the power going off, or the water not being available, so CNI, these sectors have been very good at making sure operations stay running.
“At the heart of it, cyber resilience is business resilience; the two are identical, so if we’re really good at keeping things running, they’ll be really good at withstanding a cyberattack, typically, because it’s the same process.
“Whether it’s cyber that’s caused the outage, or it’s a physical issue that’s caused the outage, or something else, or a technical failure. Generally, these organisations have designed systems to cope with that type of failure.”
The National Cyber Security Centre (NCSC) helps organisations become resilient against cyberattacks and can help with responses to attacks when they happen. It is part of the UK’s GCHQ (Government Communications Headquarters) communications spy agency.
Demain said NSCS has provided advice around running exercises to try and promote awareness of the existence of people who may try to launch cyber attacks against their assets.
He said it has required a mindset shift among CNI managers.
“No one’s really wanted to attack them, mainly other than the big nation states, and that’s where you’re talking about NCSC and the advice there, and that’s been a well-practised pattern,” he said.
“The change there is that if anyone could do it with a grudge because they haven’t got their water today, or the power went off for two days, you’ve got a different threat to deal with, and NCSC can’t predict that; no one can predict what’s going to happen, and that’s what’s changed.”