The draft revision of the Artificial Intelligence Basic Plan highlights the growing risk of cyberattacks that exploit AI.

"Defenders cannot afford to take weeks to patch," one Cybersecurity and Infrastructure Security Agency official warned on Wednesday. With new generations of AI models fueling both rapid software vulnerability discovery and the potential for faster exploitation by malicious hackers, the United States Cybersecurity and Infrastructure Security Agency released a new directive on Wednesday that requires more rapid and efficient software patching by federal civilian agencies. The "binding operational directive" (BOD) lays out a rubric for how quickly bugs must be fixed based on four assessments of urgency, with a turnaround time in critical cases of just three days. Chris Butera, CISA's acting executive assistant director for cybersecurity, told reporters on Wednesday that the goal of the directive is to help agencies prioritize, so they can address the most problematic vulnerabilities first while taking more time to remediate bugs that pose a less-pressing risk. The directive comes as private companies and governments have been scrambling to assess the extent of the cybersecurity reckoning that AI vulnerability and exploit development capabilities could unleash.

The transport ministry urged executives of infrastructure operators to play active roles in taking measures against cyberattacks and secure sufficient funding and personnel. The transport ministry called on railway firms and other infrastructure operators Thursday to take measures against the misuse of high-performance artificial intelligence models, including U.S. startup Anthropic's Claude Mythos. The instructions were made at a meeting with operators from six infrastructure sectors, also including ports, airports, logistics and water supply. The ministry said that it will set up support desks for those operators regarding cybersecurity. Mythos is said to have advanced capabilities in detecting system vulnerabilities. The Japanese government has already made similar requests to telecommunications operators, broadcasters, financial institutions and local governments.

'There's a misconception that the AI vulnerability race is imminent. The reality is it's already begun,' said John Hultquist at Google's threat intelligence group. 'There's a misconception that the AI vulnerability race is imminent. The reality is it's already begun,' said John Hultquist at Google's threat intelligence group. In just three months, AI-powered hacking has gone from a nascent problem to an industrial-scale threat, according to a report from Google .

NHS England is pulling its open-source software from the internet because of fears around computer-hacking AI models like Mythos. A decision by NHS England to withdraw open-source code created with UK taxpayer funds because of the risk posed by computer-hacking AI models is attracting growing backlash. Last month, Mythos, an AI created by technology firm Anthropic, was widely reported to be capable of discovering flaws in virtually any software, potentially allowing hackers to break into systems running it. NHS England has now told staff that existing and future software must be pulled from public view and kept behind closed doors by 11 May because of this risk. The decision goes against the NHS service standard, which requires that staff make any software they produce open-source so that tools can be built upon, improved and used without the need for duplicated effort.

Do you need to worry about Mythos, Anthropic's computer-hacking AI? A powerful AI kept from public access because of its ability to hack computers with impunity is making headlines around the world. But what is Mythos, does it really represent a risk and might it even be used to improve cybersecurity? Anthropic's Project Glasswing aims to improve online security The past few weeks have brought apparently alarming news of Mythos, an AI that can identify cybersecurity flaws in a matter of moments, leaving operating systems and software vulnerable to hackers. The cybersecurity community is now beginning to get a better sense of how Mythos may change the face of cybersecurity - and not necessarily for the worse.

Moreover, we observe that the focus in the few related works falls on quantifying similarity in malware, often overlooking the clean data. This one-sided quantification is especially dangerous in the context of detection bypass.

The names of two partial owners of firms linked to the Salt Typhoon hacker group also appeared in records for a Cisco training program--years before the group targeted Cisco's devices in a spy campaign. Cisco's Networking Academy, a global training program designed to educate IT students in the basics of IT networks and cybersecurity, proudly touts its accessibility to participants around the world: "We believe education can be the ultimate equalizer, enabling anyone, regardless of background, to develop expertise and shape their destiny in a digital era," reads the first line on its website. That laudable statement, however, reads a bit differently when the "destiny" of those students appears to be owning a majority stake in companies linked to one of the most successful Chinese state-sponsored hacking operations ever to target the West--and many of Cisco's own products . That's the surprising conclusion of Dakota Cary, a researcher at cybersecurity firm SentinelOne and the Atlantic Council, who, like many security analysts, has closely tracked the Chinese state-sponsored hacker group known as Salt Typhoon . That cyberespionage group gained notoriety last year when it was revealed that the hackers had penetrated at least nine telecom companies and gained the ability to spy on Americans' real-time calls and texts, specifically targeting then-presidential and vice presidential candidates Donald Trump and JD Vance, among many others.

The increasing complexity of cyber threats in distributed environments demands advanced frameworks for real-time detection and response across multimodal data streams. This paper introduces AgenticCyber, a generative AI powered multi-agent system that orchestrates specialized agents to monitor cloud logs, surveillance videos, and environmental audio concurrently. The solution achieves 96.2% F1-score in threat detection, reduces response latency to 420 ms, and enables adaptive security posture management using multimodal language models like Google's Gemini coupled with LangChain for agent orchestration. Benchmark datasets, such as AWS CloudTrail logs, UCF-Crime video frames, and UrbanSound8K audio clips, show greater performance over standard intrusion detection systems, reducing mean time to respond (MTTR) by 65% and improving situational awareness. This work introduces a scalable, modular proactive cybersecurity architecture for enterprise networks and IoT ecosystems that overcomes siloed security technologies with cross-modal reasoning and automated remediation.

Cybersecurity's evolving complexity presents unique challenges and opportunities for AI research and practice. This paper shares key lessons and insights from designing, building, and operating production-grade GenAI pipelines in cyberse-curity, with a focus on the continual adaptation required to keep pace with ever-shifting knowledge bases, tooling, and threats. Our goal is to provide an actionable perspective for AI practitioners and industry stakeholders navigating the frontier of GenAI for cybersecurity, with particular attention to how different adaptation mechanisms complement each other in end-to-end systems. We present practical guidance derived from real-world deployments, propose best practices for leveraging retrieval-and model-level adaptation, and highlight open research directions for making GenAI more robust, precise, and auditable in cyber defense. Disclaimer: The ideas and analysis presented here are subjective. We share them based on our experience of establishing robust and efficient pipelines of generative AI for cybersecurity. In light of the age of generative AI, the objective of this document is not to provide generic descriptions of GenAI techniques, but rather to explain their practical relevance for specific contexts, and to illustrate where particular choices have worked well or poorly in our own deployments.