Champion ethical hacker warns AI tools like Mythos could put her out of business

32 minutes agoShareSaveAdd as preferred on GoogleJoe TidyCyber correspondent, BBC World Service

Pwn2Own Berlin

An ethical hacker who just won major prizes at a prestigious international competition says her days of competing could be numbered due to the rise of AI tools like Claude Mythos.

Valentina Palmiotti – better known as Chompie – was the most successful individual at the annual Pwn2Own hacking competition in Berlin.

She told BBC News that, for now, AI tools were helping her to win “bug bounties” – money given to hackers who spot vulnerabilities in online systems before they can be exploited by cyber-criminals.

But she said systems like Mythos were so powerful that even champion hackers like her would soon struggle to compete with them.

AI has shaken the cyber-security world, with concerns focussing on Mythos in particular.

Its maker, Anthropic, claims the model has been able to find 1,600 vulnerabilities in hundreds of software programmes.

It says that makes Mythos so potentially dangerous that it can only be released to a select few governments and cyber-security institutions.

Pwn2Own is run by the ZeroDay Initiative and invites human ethical hackers around the world to find vulnerabilities in specific products.

Nearly $1.3m (£970,000) was awarded to hackers this year who collectively discovered 47 brand new hacking methods on various programmes, websites and software.

The flaws have all been reported to grateful companies which are now fixing them before criminals can find the same holes.

On day one of the contest, Chompie successfully demonstrated how to hack one system linked to Nvidia – wining $20,000.

But she then said she had to enter what she called “zombie hacker mode” to prepare for the next day.

“As soon as I won the first prize I ran back to my hotel room to keep working on the other one. I worked from 6pm til 6am and didn’t sleep,” she said.

It was worth it, and footage from the event shows her looking happy and tired on stage as she successfully hacked into a Linux based system to win $50,000.

Chompie described “zombie hacker mode” as being locked into research and testing for hours fulled by energy drinks and adrenaline, often wearing a black hoodie.

“It’s not healthy,” she laughed, but she insisted it was necessary.

Trend AI Zero Day Initiative

This year many champions like Chompie have been using AI to help them while in zombie mode.

She said tools like Claude Code are enabled her to work faster for competitions, and in her day job as a security researcher for for IBM X-Force.

Her view was that hackers like her were in a “in a sweet spot” where AI was an aid.

But she predicted the tide would turn soon thanks to new models like Claude Mythos and GPT 5.5 Cyber.

“I competed in Pwn2Own this year because I thought it might be my last chance,” she explained.

“That isn’t to say that I think that there’s going to be no room for security research or ethical hacking, but I think that a lot of the lower-hanging fruit will start to go away.”

Chompie – who became the joint-first woman to compete in the 2024 Pwn2Own -said good or great hackers wouldn’t be needed soon, and only the very best would be able to find new bugs and win prizes.

In that category she put people like Orange Tsai – another big winner in Berlin who has won many previous hacking prizes.

The hacker from Taiwan, who doesn’t like to use his real name, led his team to win $375,000 (£278,000) by finding extremely complex hacking pathways.

Trend AI Zero Day Initiative

He was more positive about the future for human bug hunters.

“For me, AI feels more like a really awesome assistant that helps accelerate my research workflow,” he said.

“During research I usually come up with many interesting ideas, but unfortunately I still need to sleep, so I can’t test everything one by one. AI can finally help free my hands,” he says.

Orange Tsai agreed AI was already forcing the bar higher but he hoped human creativity and intuition would always be able to find vulnerabilities that AI tools missed.

What about the bad guys?

If it gets harder for the good hackers to find ways into online systems, what does this mean for criminal hackers?

There is growing research that criminals are using AI to speed up their attacks – and in some cases create new pathways into systems – to carry out data breaches and ransomware attacks.

However, the vast majority of cyber-attacks use long established and simpler methods without needing to find new bugs.

These can include phishing or social engineering – gaining access by sending fake emails to employees who click a nefarious link which gives hackers access to a company’s systems.

Chompie thinks that ultimately AI tools will make it harder for all hackers which is good for internet security.

“I think that the tide is turning against offensive hackers. I think defence stands to gain a lot from the from this capability,” she said.

But the benefits of AI to cyber security defenders could only be realised if these products are released responsibly, she added.

The good guys like her need to have access to the most powerful tools first, she argued, to find and fix holes before the bad guys.

Sign up for our Tech Decoded newsletter to follow the world’s top tech stories and trends. Outside the UK? Sign up here.

Cyber-securityArtificial intelligenceComputer hackingCyber-attacksTechnology