AI and vulnerabilities: detection and operational response

AI can accelerate vulnerability detection, but it also demands greater capacity to prioritise, fix and contain.

Reuters has reported that Anthropic is preparing to brief the Financial Stability Board on vulnerabilities identified by its Mythos model in the global financial system. According to the report, Mythos is designed to identify long-standing flaws in browsers, infrastructure and software, with clear potential to strengthen cybersecurity, but also with risks if similar capabilities are used offensively.

Source: Reuters – Anthropic to brief Financial Stability Board on cyber flaws exposed by Mythos

The issue is not finding vulnerabilities, but managing them in time

Automated vulnerability detection is not new, but AI changes the scale, speed and depth of analysis.

In real-world environments, detecting more vulnerabilities only improves security if there is capacity to prioritise them, fix them and contain their impact. That is why the value lies not only in discovering flaws, but in being able to:

Prioritise which vulnerabilities to fix first.
Understand which systems are actually exposed.
Connect the technical flaw with operational impact.
Apply patches without disrupting critical services.
Contain the risk while a permanent fix is implemented.

AI can make an existing risk surface more visible, but that visibility only creates value if there is operational capacity to act.

When defence and attack accelerate at the same time

The critical point is not simply that an AI model can help identify flaws. It is that the same capability may shorten the distance between discovery, exploitation and attack.

This changes the pressure on technical teams. In the past, many organisations worked with relatively broad response windows: a vulnerability was disclosed, the impact was assessed, remediation was planned and patches were applied.

With models capable of identifying and exploiting patterns faster, that window can shrink significantly.

In this context, security no longer depends only on preventive controls. It also depends on operational quality: inventory, exposure, monitoring, response and recovery.

Critical infrastructure and financial risk

The fact that this conversation has reached the Financial Stability Board is significant. The financial sector combines complex infrastructure, legacy systems, high technological dependency, regulatory pressure and constant exposure to fraud, espionage and disruption.

In these environments, a vulnerability is not just a software flaw. It can become a continuity, trust, compliance and operational stability issue.

This connects directly with frameworks such as DORA, where digital operational resilience is not presented as a recommendation, but as a capability that must be demonstrated.

What changes for infrastructure teams

For teams that design, maintain and operate infrastructure, the arrival of AI models specialised in vulnerability discovery requires several practices to be revisited:

Maintaining real inventories of assets, services and dependencies.
Prioritising external exposure and critical systems.
Reducing weak or undocumented configurations.
Monitoring anomalous behaviour after vulnerabilities are identified.
Integrating security into deployments and infrastructure changes.
Testing recovery under compromise scenarios.

The challenge is not to compete with AI in raw speed, but to build environments where detection, prioritisation and response are part of the operating model.

From alert to response capability

An organisation may receive more alerts, findings and information than ever before. But if that information is not connected to operational decisions, it only increases noise.

At TeraLevel, through TeraSuite, these scenarios are understood as a combination of security, observability and resilience: detecting earlier with TeraSec, understanding the real state of systems with TeraMonitor and ensuring recovery capability with TeraBackup when incidents affect critical services.

The goal is not to turn AI into another layer of complexity, but to integrate it into an operating model that is traceable, governable and prepared to respond.

Conclusion

AI applied to vulnerability detection can be a major defensive advantage, but only for organisations capable of turning findings into action.

The real risk is not that more vulnerabilities are discovered, but that the ability to discover them advances faster than the ability to fix, contain and recover from them.

In security, seeing earlier only matters if we can also act better.

AI and vulnerabilities: from early detection to operational response

Models such as Mythos show how AI can accelerate vulnerability discovery, while also demanding stronger response capabilities.

Analysis of the operational impact of AI-driven vulnerability detection and the risks for critical infrastructure.