Cybersecurity Must Prepare for AI Driven Hardware Exploitation

Oh, so you thought Mythos and other AI models would only find vulnerabilities in software? Well, finding weaknesses in firmware and hardware is traditionally much more difficult, requiring specialized skills and in some cases very expensive tools. But AI is very proficient at specific types of hacks like memory corruption. Such architectures are embedded in CPUs, GPUs, and other processors as well as system memory.

This week, vulnerability researchers used Mythos to identify and exploit a kernel memory vulnerability in the Apple M5 computer chip that powers MacBooks and iPads. That is the core brain of the system.

The strategic takeaway is that new AI models like Anthropic’s Mythos will greatly expand the capabilities of responsible and malicious vulnerability researchers to find weaknesses in technology throughout the stack. Data, applications, interfaces, operating systems, virtualization environments, network transports, firmware, and hardware systems are all on the menu when it comes to the next generation of vulnerability detection and exploit creation.
Cybersecurity must approach this new challenge with the widest possible view and understand that the entire digital ecosystem will face greatly elevated risks. It is time to rethink our approaches to development security, cybersecurity operations, risk management, digital forensics, and incident response.

Companies like ARM, Apple, Qualcomm, Intel, AMD, Nvidia, and other chip designers should be moving aggressively to build strong defenses, detection features, and response capabilities within their product architectures. The design runway is much longer, often several years, before a new processor model makes it to market. Then patching that hardware and firmware once a vulnerability is detected is significantly more difficult, and in some cases impossible, as compared to software.

Chip designers must get ahead of these challenges in ways that don’t apply to software developers. It requires strategic thinking and long-term planning to outmaneuver threats that won’t emerge for years. Such challenges dwarf what current security operational teams must deal with. This is where cybersecurity strategists earn their pay and they better be working overtime to protect future generations of chips that run our global digital ecosystem!