AIs are Getting Better at Finding and Exploiting Internet Vulnerabilities

AndyC 24 January 2026

Really interesting blog post from Anthropic:
In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the cu

[…Keep reading]

Mass Data, Mass Surveillance, and the Erosion of Particularity: The Fourth Amendment in the Age of Geofence Warrants and Artificial Intelligence

Mass Data, Mass Surveillance, and the Erosion of Particularity: The Fourth Amendment in the Age of Geofence Warrants and Artificial Intelligence

Really interesting blog post from Anthropic:

In a recent evaluation of AI models’ cyber capabilities, current Claude models can now succeed at multistage attacks on networks with dozens of hosts using only standard, open-source tools, instead of the custom tools needed by previous generations. This illustrates how barriers to the use of AI in relatively autonomous cyber workflows are rapidly coming down, and highlights the importance of security fundamentals like promptly patching known vulnerabilities.
[…]
A notable development during the testing of Claude Sonnet 4.5 is that the model can now succeed on a minority of the networks without the custom cyber toolkit needed by previous generations. In particular, Sonnet 4.5 can now exfiltrate all of the (simulated) personal information in a high-fidelity simulation of the Equifax data breach—­one of the costliest cyber attacks in history—­using only a Bash shell on a widely-available Kali Linux host (standard, open-source tools for penetration testing; not a custom toolkit). Sonnet 4.5 accomplishes this by instantly recognizing a publicized CVE and writing code to exploit it without needing to look it up or iterate on it. Recalling that the original Equifax breach happened by exploiting a publicized CVE that had not yet been patched, the prospect of highly competent and fast AI agents leveraging this approach underscores the pressing need for security best practices like prompt updates and patches.

Read the whole thing. Automatic exploitation will be a major change in cybersecurity. And things are happening fast. There have been significant developments since I wrote this in October.

*** This is a Security Bloggers Network syndicated blog from Schneier on Security authored by Bruce Schneier. Read the original post at: https://www.schneier.com/blog/archives/2026/01/ais-are-getting-better-at-finding-and-exploiting-internet-vulnerabilities.html

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , , ,

More Stories

From Incident to Insight: How Forensic Recovery Drives Adaptive Cyber Resilience

Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks

AndyC 24 January 2026
The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work

The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work

AndyC 24 January 2026
10 Questions Enterprise Leaders Should Ask Before Running a Red Teaming Exercise

10 Questions Enterprise Leaders Should Ask Before Running a Red Teaming Exercise

AndyC 24 January 2026
10 Questions Enterprise Leaders Should Ask Before Running a Red Teaming Exercise

How ASPM Protects Cloud-Native Applications from Misconfigurations and Exploits

AndyC 24 January 2026
The best Android feature you (probably) aren’t using

Europe votes to tackle deep dependence on US tech in sovereignty drive

AndyC 24 January 2026
This guide will show you how to create SAML Identity management.

This guide will show you how to create SAML Identity management.

AndyC 23 January 2026

You may have missed

From Incident to Insight: How Forensic Recovery Drives Adaptive Cyber Resilience

Anthropic, Microsoft MCP Server Flaws Shine a Light on AI Security Risks

AndyC 24 January 2026

Today’s Microsoft Outage Explained and Why it Triggers a Scam Playbook

AndyC 24 January 2026
U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

AndyC 24 January 2026
Investigation underway after 72M Under Armour records surface online

Investigation underway after 72M Under Armour records surface online

AndyC 24 January 2026
The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work

The 2025 Phishing Surge Proved One Thing: Chasing Doesn’t Work

AndyC 24 January 2026

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.