AI is changing the speed at which cybersecurity issues emerge and are exploited, compressing what were once manageable response windows into hours or days. As capabilities like those demonstrated in models such as Mythos and Fable move into broader use, the distinction between defensive and offensive application becomes harder to separate.
In this report, Ecosystm Principal Advisor, Darian Bird examines how this shift is already playing out across vulnerability discovery, automated attacks, and fraud, and what it means for how organisations prioritise security. The focus is on a simple but uncomfortable reality: most security operating models were not built for the pace at which threats now evolve.
1. What is Mythos 5 in AI cybersecurity?
Mythos 5 refers to a frontier AI model described in the report that can assist with vulnerability analysis and exploit research. It highlights how advanced models may accelerate offensive cybersecurity tasks, raising concerns about faster vulnerability discovery and potential misuse by threat actors.
2. What is Fable 5 in AI security models?
Fable 5 is an AI model referenced in the report with advanced cybersecurity capabilities, including vulnerability analysis. It represents a new class of AI systems that can support both defensive security research and potentially offensive exploitation, depending on how they are used or controlled.
3. What is Project Glasswing?
Project Glasswing is an AI security evaluation programme involving major technology and cybersecurity firms. It tests whether frontier AI models can meaningfully assist in vulnerability discovery and defensive security research, while also assessing safety limitations and risks of misuse.
4. What is vishing in cybersecurity?
Vishing (voice phishing) is a social engineering attack where criminals use phone calls or AI-generated voice cloning to impersonate trusted entities. It is increasingly powered by generative AI, making scams more realistic and harder to detect.
5. What is Haotian in AI fraud tools?
Haotian is a software tool mentioned in the report that enables voice cloning and face swapping. While marketed for legitimate use cases, it is also used by fraudsters to create realistic impersonations for scams such as “pig butchering” fraud.
6. What is OnlyFake?
OnlyFake is a service referenced in the report that allows criminals to generate fake identity documents such as IDs, pay slips, and utility bills. These tools are used to bypass onboarding and KYC checks in financial and digital platforms.
7. What is BogusBazar?
BogusBazar is a large-scale fraudulent e-commerce network identified in the report, consisting of over 75,000 fake websites. It used AI-generated storefronts, fake reviews, and SEO manipulation to deceive users and facilitate large-scale financial fraud.
8. What is AI-enabled bot traffic?
AI-enabled bot traffic refers to automated internet activity generated by intelligent bots that mimic human behaviour. These bots are used for credential stuffing, scraping, and fraud, and are increasingly difficult to detect due to adaptive behaviour and evasion techniques.
9. What is credential stuffing in AI attacks?
Credential stuffing is a cyberattack where stolen login credentials are reused across multiple platforms. AI enhances these attacks by scaling attempts, adapting behaviour, and bypassing detection systems such as CAPTCHAs and fingerprinting tools.
10. What is exploit chaining in cybersecurity AI?
Exploit chaining is the process of linking multiple vulnerabilities together to create a full attack path. AI systems can accelerate this by identifying relationships between weaknesses and generating working exploit sequences faster than traditional methods.
11. What is synthetic identity creation using AI?
Synthetic identity creation uses AI-generated data, documents, and profiles to build fake but convincing identities. These identities can pass verification checks and are used for fraud, credit abuse, and account creation at scale.
12. What is AI-powered vulnerability discovery?
AI-powered vulnerability discovery refers to the use of machine learning models to analyse code and identify security weaknesses. It significantly reduces the time required to detect flaws and increases the risk of rapid exploitation after disclosure.
13. What is AI-driven exploit research?
AI-driven exploit research uses advanced models to identify, test, and validate software vulnerabilities. It can generate proof-of-concept exploits and link multiple weaknesses, enabling faster transition from discovery to real-world attack.
14. What is the Mythos and Fable controversy in AI security?
The Mythos and Fable controversy refers to concerns that advanced AI models could accelerate offensive cybersecurity capabilities. The debate focuses on whether such models should be restricted due to risks of enabling faster vulnerability exploitation by attackers.
