Israel’s National Cyber Directorate warns that advanced AI models, led by Claude Mythos and GPT-5.4 Cyber, have lowered the barrier to cyberattack entry, shifting defense from prevention to resilience and enabling machine-speed vulnerabilities.

A binding deadline of May 31, 2026, is recommended for presenting threat assessments to corporate boards and audit committees, along with reassessing each organization’s risk appetite.

An international emergency coalition under the Glasswing project has formed, with Anthropic partnering with 12 major tech companies—including Apple, Microsoft, and Google—and over 40 cybersecurity groups to fix vulnerabilities, with outputs to be published within 90 days of discovery and faster security updates required.

The INCD urges a strategic shift from merely closing vulnerabilities to containment and operational resilience, advocating a “Breach Ready” posture where networks are assumed compromised and focus is on rapid recovery and continuity.

Tests and incidents show the models identified thousands of zero-day vulnerabilities across popular operating systems and browsers within weeks, with earlier data leaks revealing thousands of internal files and a large code repository exposed.

The report concludes that protecting organizations against AI-driven threats will require integrating AI tools and intelligent agents into defensive cybersecurity systems, signaling a move toward AI-augmented defense rather than traditional perimeter-based approaches.

Yossi Karadi, head of INCD, states that entry costs for high-quality attacks have dropped, making any organization a potential target and enabling automated attackers to exploit basic security gaps like misconfigurations and lack of multi-factor authentication.