I’m scared about the future of security

AI models are rapidly transforming vulnerability research, making it dramatically easier and cheaper to discover security exploits. GPT-5.4 Pro solved previously unsolvable cryptography puzzles at Defcon, Claude Opus 4.6 found 22 Firefox vulnerabilities and 500 validated high-severity bugs, and simple agent loops are already generating working exploits in popular software like Ghost CMS. The core argument is that software security has historically relied on a scarcity of elite hacker attention — that scarcity is now gone. AI agents never get bored, encode vast knowledge of bug classes and code patterns, and can parallelize exploit discovery at scale. This threatens open source software sustainability, could overwhelm maintainers with verified high-severity CVEs, and may trigger poorly crafted regulation. The leaked Anthropic 'Mythos' model post signals even more capable models are coming, with Anthropic itself conducting internal zero-day discovery runs to get ahead of the risk.