Champion ethical hacker warns AI tools like Mythos could put her out of business
Source: BBC Technology
22 minutes ago – Joe Tidy, Cyber correspondent, BBC World Service
Pwn2Own Berlin
An ethical hacker who just won major prizes at a prestigious international competition says her days of competing could be numbered due to the rise of AI tools like Claude Mythos. Valentina Palmiotti – better known as “Chompie” – was the most successful individual at the annual Pwn2Own hacking competition in Berlin. She told BBC News that, for now, AI tools are helping her to win bug bounties – money paid to hackers who spot vulnerabilities before cyber‑criminals can exploit them. But she warned that systems like Mythos are so powerful that even champion hackers could soon struggle to compete with them.
AI’s impact on cyber‑security
- Anthropic, the maker of Mythos, claims the model has already found 1 600 vulnerabilities across hundreds of software programmes.
- Because of this, Anthropic says Mythos can only be released to a select few governments and cyber‑security institutions.
Pwn2Own at a glance
- Run by the ZeroDay Initiative, the contest invites ethical hackers worldwide to find vulnerabilities in specific products.
- This year, nearly £970 000 ($1.3 m) was awarded to participants who collectively discovered 47 brand‑new hacking methods.
- All reported flaws are now being patched by the affected companies.
Chompie’s highlights
| Day | Target | Prize |
|---|---|---|
| 1 | Nvidia‑linked system | $20 000 |
| 2 | Linux‑based system | $50 000 |
“As soon as I won the first prize I ran back to my hotel room to keep working on the next one. I worked from 6 pm till 6 am and didn’t sleep,” she recalled.
“I was in what I call zombie‑hacker mode – locked into research and testing for hours, fuelled by energy drinks, adrenaline and a black hoodie. It’s not healthy, but it was necessary.”
Chompie displaying her prize‑winning hack.
AI as a double‑edged sword
Many champions, including Chompie, have been using AI to boost their performance while in “zombie mode”. She explained that tools such as Claude Code enable her to work faster both in competitions and in her day job as a security researcher for IBM X‑Force.
“We’re in a sweet spot where AI is an aid,” she said. “But the tide will turn soon with new models like Claude Mythos and GPT 5.5 Cyber.”
She added:
“I competed this year because I thought it might be my last chance. That isn’t to say there will be no room for security research or ethical hacking, but the lower‑hanging fruit will start to disappear.”
A contrasting perspective: Orange Tsai
Orange Tsai – another big winner in Berlin who prefers to keep his real name private – led his team to a $375 000 (£278 000) prize by uncovering extremely complex attack pathways.
Orange Tsai, a veteran competitive hacker.
“For me, AI feels more like a really awesome assistant that helps accelerate my research workflow,” he said. “During research I usually come up with many interesting ideas, but I still need sleep, so I can’t test everything one by one. AI finally helps free my hands.”
Tsai remains optimistic that human creativity and intuition will continue to uncover vulnerabilities that AI tools miss, even as the bar is raised.
The rise of powerful AI models is reshaping the landscape of ethical hacking. While some see it as a threat to their livelihood, others view it as a powerful collaborator that could redefine the future of cyber‑security research.
What About the Bad Guys?
If it becomes harder for “good” hackers to find ways into online systems, what does this mean for criminal hackers? Research shows criminals are using AI to speed up attacks—and, in some cases, to create new pathways into systems for data breaches and ransomware. However, the vast majority of cyber‑attacks still rely on long‑established, simpler methods that don’t require discovering new bugs, such as:
- Phishing or social engineering – sending fake emails to employees who click a malicious link, giving hackers access to a company’s systems.
The Outlook from a Defender’s Perspective
“I think the tide is turning against offensive hackers. Defence stands to gain a lot from this capability,” says Chompie, a cyber‑security expert.
“But the benefits of AI to cyber‑security defenders can only be realised if these products are released responsibly. The good guys need to have access to the most powerful tools first, so we can find and fix holes before the bad guys.”
Visuals
