Last month’s preannouncement of Anthropic’s Mythos, an unreleased AI model that the company warns is extraordinarily good at finding and exploiting security vulnerabilities in everything from operating systems and web browsers to industrial software and health-care platforms, sent ripples of panic through the corporate world and got government officials sitting up straight. Access to Mythos is limited to trusted partners, for now, but experts fear that similarly capable models that are cheaper, widely available, and deployed with fewer safeguards are just a few months behind. This sets up the possibility of a cybersecurity nightmare scenario in which countless valuable and load-bearing computer systems become easy targets for newly empowered and prolific hackers. The bad news, Anthropic said at the time, is that the arrival of tools like Mythos could lead to a “tumultuous” period in cybersecurity. The good news, they suggested, was that “security tooling has historically benefited defenders more than attackers” and that “the same will hold true here, too — eventually.” Mythos is scary, in other words, but don’t worry. Mythos can help.
Shortly after Anthropic’s announcement, OpenAI released a model update of its own, which by many measures was similarly capable of finding and operationalizing new hacks. Its leaders too talked about efforts to empower “defenders” by “enabling them to find and fix problems faster in the digital infrastructure everyone relies on.” In slight contrast to Anthropic, which has shared Mythos with a select group of partners, OpenAI made something closer to a sales pitch. The best way to survive the AI cybersecurity apocalypse, the company suggested this week, is to invest in AI cyberdefense, which it happens to be able to provide:
The risks may be unusually stark and well defined in this case, but the dynamic is familiar. As AI models have become more capable and available to more people, they’ve created problems that can be mitigated only with more AI. In 2023, it was already clear that verbose and overabundant emails generated by AI would beg for summarization by AI; now, in workplaces where AI adoption is encouraged, employees are using new tools to handle a flood of workslop. An internet filled with synthetic images and videos calls for new AI-powered authentication tools. Programmers using AI agents to generate more code than they can possibly keep track of are using AI agents to audit it. Cheap AI content overwhelmed search engines, a problem that can be addressed by using AI to turn search engines into summarization tools. This is the basic pitch for the new “agentic” online economy: The rise of more capable AI agents on the consumer side will necessitate the use of AI agents by businesses and vice versa.
This is neither a conspiracy nor specific to this wave of technology. New tech often creates novel, unexpected, and abundant demands for different sorts of labor and stuff, either distributed throughout the economy or largely contained within a new and fast-growing industry. The rise of personal computers, to reach for a relevant-ish example, created a massive attack surface for hackers, which resulted in a whole lot of people working on cybersecurity and sold a whole lot of personal antivirus software. More broadly, in the internet era, cybersecurity has grown into something that major firms and institutions of many types handle both in-house and with outside contractors. Software begat more software, eliminating some jobs, changing others, and creating vast new categories of work.
When it comes to another major concern about AI — job loss — precedents like this tell a more comforting story than the one about how white-collar work is about to evaporate. You have have heard people in tech bring up the Jevons paradox a lot lately: More efficient steam engines led to more demand for coal, not less; more efficient lightbulbs don’t translate to reduced energy demand but rather result in using more lights; more efficient software development will result in far more software for a much wider range of purposes, the thinking goes, rather than a collapse in demand for developers. Likewise, albeit more antagonistically, if hackers become more efficient, the list of plausible and economical targets expands dramatically; at the same time, cyberdefense becomes more accessible, so the targets on this expanded list will suddenly find themselves with new cybersecurity needs to meet, demanding new services to meet them. Whether “attackers” or “defenders” get the upper hand during this period, and for how long, is an open question. But, as this relatively optimistic story goes, the AI cybersecurity apocalypse as well as the economy’s response to it could, in the process of working itself out, produce an enormous amount of demand and perhaps new varieties of human work.
What makes this strain of technological optimism a bit harder to hold on to in 2026 is that, for the moment, a very small number of very large firms seem to be positioned to capture basically all of its upside. Frontier models are indeed creating unexpected and abundant demands for new services, but they are services frontier labs are best positioned to offer (see also the recent trend of AI companies spinning up internal consultancies to send “forward-deployed engineers” to client companies struggling with AI adoption, creating unexpected new jobs but also keeping them in-house). This is a consequence of a new “industry” that’s effectively made up of five firms, three of which are credibly near the frontier, and all of which —be they incumbent tech giants (Google, Meta), start-ups (OpenAI, Anthropic), or limbs of a personalized business conglomerate (SpaceXAI) — are, in one way or another, trillion-dollar concerns. These companies are promising to remake large sectors of the economy as they simultaneously construct a highly visible process of vertical integration. Not ideal!
It all sounds pretty good for the AI firms: If this is how things end up, which is far from certain in an extremely young, unpredictable, and speculative industry, it charts at least one possible path out from under their unprecedented capital expenditure and debt. For everyone else, this routine is starting to feel a bit claustrophobic. A new AI capability arrives, threatening to glut an existing system into uselessness or to rapidly disrupt, say, an already tenuous cybersecurity equilibrium. The only way to deal with these consequences, you’re told, is to fix them with AI, which, by the way, is getting more expensive. In numerous polls, the public has expressed discomfort and worry about a technology that seems to be narrowly controlled and aggressively deployed. Might American industry, which is currently racing to adopt AI as fast as possible, start to feel a bit trapped as well?
