Ethical Hacker Warns AI Tools Like Mythos Could Transform Competitive Cyber Security

Artificial intelligence is rapidly reshaping the cyber-security industry, with some of the world’s leading ethical hackers warning that advanced AI systems may soon outperform even highly skilled human researchers.

At this year’s Pwn2Own hacking competition in Berlin, one of the event’s top winners said emerging AI tools such as Claude Mythos could fundamentally change the future of bug hunting and cyber defence.

AI Tools Are Changing Ethical Hacking

Pwn2Own is one of the most respected competitions in the cyber-security sector. Organised by the Zero Day Initiative, the event invites ethical hackers from around the world to uncover previously unknown flaws in software, websites and connected systems.

This year, hackers collectively earned nearly $1.3 million (£970,000) after discovering 47 new vulnerabilities. The flaws were reported directly to technology companies so they could be fixed before criminal groups exploit them.

Among the standout competitors was Valentina Palmiotti, better known online as “Chompie”, who secured major prizes during the Berlin contest.

Speaking to BBC News, she said AI-powered coding and research tools are already helping ethical hackers work faster and more efficiently. However, she warned that future systems may reduce the role of all but the most elite researchers.

‘Zombie Hacker Mode’ Behind the Competition

During the event, Chompie successfully demonstrated a hack targeting a system linked to Nvidia, earning $20,000.

After the win, she immediately returned to her hotel to continue preparing for another challenge.

“As soon as I won the first prize I ran back to my hotel room to keep working on the other one. I worked from 6pm till 6am and didn’t sleep,” she said.

Her overnight effort paid off when she later compromised a Linux-based system and secured another $50,000 prize.

Chompie described the intense preparation process as entering “zombie hacker mode” — long hours of research, testing and debugging powered by adrenaline, caffeine and little sleep.

“It’s not healthy,” she admitted, adding that the pressure and pace of elite hacking competitions often leave competitors exhausted.

What Is Claude Mythos?

Much of the concern within cyber security currently centres on Claude Mythos, an advanced AI system developed by Anthropic.

According to Anthropic, the model has identified around 1,600 vulnerabilities across hundreds of software applications. Because of the potential risks associated with the technology, access is reportedly restricted to selected governments and cyber-security organisations.

The growing sophistication of AI systems has sparked debate across the industry, including among researchers in the UK’s expanding cyber-security sector centred around hubs such as London, Manchester and Cheltenham.

Chompie said AI tools such as Claude Code are already helping her in both competitions and her work with IBM X-Force.

For now, she believes human hackers are benefiting from a “sweet spot” where AI acts as an assistant rather than a replacement.

However, she fears that advantage may not last.

“I competed in Pwn2Own this year because I thought it might be my last chance,” she explained.

“That isn’t to say that I think there’s going to be no room for security research or ethical hacking, but I think that a lot of the lower-hanging fruit will start to go away.”

Will Only Elite Hackers Remain Competitive?

Chompie believes AI will increasingly automate the discovery of simpler vulnerabilities, leaving only highly complex flaws for human experts to uncover.

She pointed to veteran competitor Orange Tsai as an example of the level of expertise that may still be required in the future.

Tsai and his team earned $375,000 (£278,000) in Berlin by identifying highly complex attack chains and software weaknesses.

Unlike Chompie, however, he remains optimistic about the long-term role of human researchers.

“For me, AI feels more like a really awesome assistant that helps accelerate my research workflow,” he said.

“During research I usually come up with many interesting ideas, but unfortunately I still need to sleep, so I can’t test everything one by one. AI can finally help free my hands.”

He argued that human intuition and creativity could continue to uncover vulnerabilities that automated systems may overlook.

What About Criminal Hackers?

The rise of AI has also raised concerns about how cyber-criminals may use the technology.

Researchers have already observed criminals employing AI to automate phishing campaigns, speed up ransomware attacks and identify weaknesses more efficiently.

However, many cyber-attacks still rely on well-established techniques such as phishing emails and social engineering rather than sophisticated new vulnerabilities.

These methods often involve tricking employees into clicking malicious links or handing over sensitive credentials.

Despite the risks, Chompie believes AI could ultimately strengthen online security if deployed responsibly.

“I think that the tide is turning against offensive hackers,” she said. “I think defence stands to gain a lot from this capability.”

As AI continues to evolve, cyber-security experts expect the balance between attackers and defenders to shift rapidly — potentially redefining the future of ethical hacking altogether.

Leave a Reply

Your email address will not be published. Required fields are marked *