Back to all videos

New Anthropic AI tool unlocks capabilities no one has found before, says cyber expert John Carlin

By CNBC Television

CybersecurityArtificial IntelligenceNational SecurityTechnology Policy
Share:

Key Concepts

  • Unpatched Vulnerabilities: Security flaws in software that remain unaddressed, often due to outdated systems that cannot be updated.
  • AI-Enabled Cyberattacks: The use of artificial intelligence to automate the discovery and exploitation of software vulnerabilities, lowering the barrier to entry for attackers.
  • Legacy Systems: Older IT infrastructure that is no longer supported or capable of receiving security patches.
  • Responsible Disclosure: The practice of identifying security flaws and sharing them with relevant parties (like software vendors) to allow for remediation before public release.
  • Critical Infrastructure: Essential systems (energy, finance, government) that are highly susceptible to state-sponsored cyber threats.

1. The Scale of the Cybersecurity Threat

John Carlin, former Assistant Attorney General for National Security, emphasizes that cybersecurity is a multi-trillion-dollar problem driven by nation-states, terrorists, and criminal groups. A significant portion of these attacks exploits "low-hanging fruit"—vulnerabilities that have existed for years.

  • Data Points: According to a Cisco report, 20% of the top ten exploits used in 2025 were over a decade old. Furthermore, one-third of the top 100 exploits were also more than ten years old.
  • The "Unpatchable" Problem: Approximately 40% of exploited vulnerabilities exist on IT systems so outdated that they cannot be patched; they require a complete hardware or software overhaul to secure.

2. The Impact of AI (Anthropic’s Model)

The introduction of AI tools capable of scanning for vulnerabilities changes the threat landscape by democratizing cyber warfare.

  • Lowering the Barrier: Users no longer need to be expert coders or cybersecurity professionals to find critical flaws.
  • Speed and Scale: AI can identify vulnerabilities across every major operating system and web browser simultaneously. Once a flaw is found, the same AI can be used to execute attacks at a speed and scale previously impossible.
  • The "Genie" Metaphor: Carlin describes this as a "genie coming out of the bottle," where the ability to find and exploit flaws is now accessible to the average person.

3. Frameworks for Responsible Deployment

The discussion highlights a tension between the risk of releasing powerful AI tools and the necessity of using them to bolster defenses.

  • The "Glasswing" Model: Carlin cites this as a positive example of responsible development. By allowing cybersecurity companies and potentially vulnerable entities to access the tool first, they can identify and fix their own weaknesses before the technology is released into the "wild."
  • The Need for a New Framework: There is an urgent requirement for a systemic approach to fix vulnerabilities at scale. While Fortune 500 companies have the resources to upgrade, small and medium-sized businesses (SMBs) remain "sitting ducks" due to a lack of resources to replace legacy systems.

4. Geopolitical Context and Strategic Necessity

The conversation frames the deployment of AI-driven security tools as a geopolitical imperative.

  • The Threat Environment: The U.S. is currently facing active cyber threats from nation-states like Russia and Iran, the latter of which has explicitly threatened U.S. corporate infrastructure.
  • The "First-Mover" Advantage: Carlin argues that if a U.S.-based company like Anthropic develops this technology, it is strategically vital that they reach the capability first. If they do not, adversarial nations (China, Iran, Russia) will inevitably develop similar tools.
  • Proactive Defense: Rather than viewing the AI as purely a threat, it should be viewed as a tool to "sound the alarm." By identifying vulnerabilities, companies can reinforce their defenses before malicious actors use the same technology to cause damage.

Synthesis and Conclusion

The core takeaway is that the cybersecurity landscape is shifting from a manual, slow-moving process to an AI-accelerated environment. The existence of decade-old, unpatched vulnerabilities represents a massive systemic risk. While the release of AI tools that can identify these flaws creates immediate danger, it also provides a necessary catalyst for organizations to modernize their infrastructure. The consensus is that responsible, controlled deployment—where defenders are given the tools to patch before attackers can exploit them—is the only viable path forward in an era of state-sponsored cyber warfare.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "New Anthropic AI tool unlocks capabilities no one has found before, says cyber expert John Carlin". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video