[Editorial] National Security Strategy Must Be Overhauled for the Age of AI Hacking

The global security industry is on edge. A new kind of hacking technique has emerged with the rise of Artificial Intelligence (AI), unlike anything seen before. Anthropic's next-generation AI model, Claude Mythos Preview, not only autonomously detected an operating system design flaw that had gone unnoticed for 27 years, but also demonstrated that it could use this flaw to carry out real-world attacks. This so-called Mythos shock has stunned experts. It is more than a remarkable technical event; it marks a turning point that signals a fundamental shift in the paradigm of cybersecurity.
Looking back, our society has already suffered countless major hacking incidents in finance, credit cards, telecommunications, and platform services. Cases in which the personal data of millions was leaked or financial transactions were paralyzed are all too common. These breaches have repeatedly destroyed public trust in companies. In response, the government has imposed strict administrative measures and announced prevention plans to stop such incidents in these industries. Yet in reality, personal data leaks and various hacking crimes continue to occur on a routine basis, to the point that large-scale attacks threatening national security are now rampant.
Until now, many of these traditional hacking methods could be countered, at least to some degree, with existing security technologies and policies. What Mythos has revealed, however, is a form of autonomous AI hacking that is on a completely different level, and that is deeply worrying. AI agents can now independently discover unknown vulnerabilities, generate exploit code, and attempt large-scale, simultaneous intrusions. We must pay attention to the fact that this level of penetration capability is now combined with unprecedented speed. A world is approaching in which vulnerability discovery and exploitation, which used to take human hackers months, can be completed in just a few hours. Existing defense systems will be rendered helpless in the face of such terrifying intrusions. There is growing concern that an asymmetric war is emerging in which the speed of attack overwhelms the speed of defense.
At this point, it is time to design a new level of security policy and order that goes beyond conventional concepts of cybersecurity. In reality, the industrial adoption of AI is accelerating. Under these circumstances, what good are security measures that remain confined to old-fashioned hacking scenarios?
The pace of AI development is already outstripping the speed at which we can update our systems and regulations. AI can be a powerful tool for human well-being and industrial growth. At the same time, it can be weaponized for hacking, and there is a real risk that AI itself could trigger security incidents that defy human judgment and control. The absence of a major disaster today is no excuse for inaction. If we fail to address AI-related security risks preemptively, our national infrastructure and financial networks could be endangered in the future. We must not miss the critical window for establishing AI security measures. We cannot rule out the possibility that the personal data of tens of millions of citizens will be left defenseless before autonomous AI systems. The government must treat this not as a task for the security industry alone, but as a matter of national security, and present a comprehensive response.