Cybersecurity corporations Theori Inc. projected that high-performance artificial intelligence (AI) models with powerful vulnerability detection capabilities, like Anthropic's "Mitos," will become widespread within the next 6 to 18 months.
In a white paper published on the 29th, Theori Inc. analyzed the Mitos case and said, "As powerful vulnerability detection and exploit (attack code) capabilities, currently available only to a limited number of organizations, become widespread, attackers will launch cyberattacks using high-performance AI within 6 to 18 months."
It said attackers will soon acquire the capability to mount large-scale attacks on national critical infrastructure or the source code of corporations using open-source or commercial AI without special models. Theori Inc. said, "Before attackers get their hands on AI weapons, building defense systems ahead of them is more urgent than ever."
It added that advanced engineering-based automation solutions, such as its AI-based code analysis solution "Zint Code," could be the answer.
According to Theori Inc., when its researchers applied Zint Code to the same four codebases tested by Mitos, they reproduced the four major vulnerabilities disclosed by Anthropic and additionally identified 12 zero-day vulnerabilities that Mitos did not find.
A company official said, "Even without special access like Mitos, we recorded a higher detection rate using only disclosed commercial models such as Claude Opus 4.6 and GPT 5.4," adding, "This proves that the 'design capability of the overall security system'—which analyzes massive source code, filters false positives, and produces results in a form that can actually be patched—is the core of security, rather than simply using a good AI model."
Theori Inc. also pointed out that Anthropic's model relies on the manual operation of 21 experts and has a patch completion rate of less than 1%.
Park Se-jun, CEO of Theori Inc., said, "A speed race between offense and defense has begun with advances in AI technology," adding, "To avoid ceding the initiative to attackers, vulnerabilities must be managed preemptively through a proven AI security system."