AI Cyber Capability: The Double-Edged Sword
By Andrew Horton
Australia's national security increasingly turns on its ability to anticipate threats early, move decisively and shape advantage in the digital domain.
Artificial intelligence now sits at the centre of that effort. It strengthens systems, improves assurance and exposes weaknesses with unprecedented precision. Used deliberately, it becomes a decisive asset for national resilience. Applied without coordination, it accelerates exposure and rewards those who move first.
This is the double-edged sword of AI cyber capability.
The shift is already underway.
AI has pushed cyber security into a new operational phase. Advanced systems now interrogate live environments, identify latent vulnerabilities and test defences continuously at machine speed. What once depended on scarce expertise and months of effort can now occur persistently, at scale and in near real time.
Recent developments in the global technology sector underscore the significance of this change. Anthropic's restricted-release Claude Mythos capability has reportedly identified thousands of high-severity vulnerabilities across major operating systems and software environments, often progressing rapidly from discovery to exploit development with limited human input. Shortly thereafter, OpenAI announced a purpose-built defensive cyber model focused on vulnerability research and threat analysis.
These developments matter less for their brand names than for what they signal.
Leading AI companies now treat cyber capability as a primary domain of competition. More importantly, they confirm a structural reality: large-scale vulnerability discovery is no longer scarce.
The defining variable has shifted.
Tempo now determines advantage.
For decades, cyber security operated under conditions that favoured defenders. Vulnerability discovery required specialised skill, exploitation took time, and organisations retained room to detect, coordinate and respond. That structure supported stability across governments, markets and critical infrastructure.
AI reshapes this environment by collapsing timelines.
Machine-driven systems can now identify vulnerabilities - including those embedded in trusted software for decades - at a pace that strains traditional assurance and patchmanagement models. A widely cited example involved a long-standing flaw in OpenBSD, an operating system recognised for its rigorous security discipline, which remained undetected for more than twenty years before AI-assisted analysis revealed it.
This reflects progress, not failure.
Digital infrastructure has expanded beyond the limits of human review alone. AI provides the means to interrogate that complexity continuously and at depth, strengthening confidence in the systems that underpin modern economies and national security.
Yet this is only one side of the equation.
The same capability that empowers defenders also empowers adversaries.
This is the strategic inflection point.
Historically, vulnerability discovery acted as a natural constraint. It demanded time, expertise and sustained investment. AI lowers that barrier. It reduces the cost of discovery, scales the process and shortens the pathway from identification to exploitation.
In adversarial hands, this capability becomes a force multiplier.
It enables continuous scanning of large attack surfaces, rapid prioritisation of highvalue targets and accelerated development of exploit pathways. The interval between discovery and exploitation narrows sharply - in some cases approaching zero.
This second edge of the sword elevates the premium on preparedness.
Velocity becomes decisive.
For Australia, this environment concentrates attention in two closely connected domains.
The first is inherited vulnerability.
Australia's critical infrastructure - spanning energy, telecommunications, finance, health and defence supply chains - is built on globally sourced software ecosystems. This architecture delivers scale, interoperability and economic efficiency. It also creates exposure.
AI-driven vulnerability discovery will interrogate these systems regardless of whether Australia leads or follows. The strategic choice is therefore clear: embed this capability within national systems and supply chains or respond later under pressure.
Applied defensively, AI enables early identification and remediation of weaknesses, strengthening resilience across the system. Applied externally, it accelerates adversarial insight into exploitable pathways.
The difference lies in who moves first.
The second domain is cryptographic durability.
In parallel, quantum computing continues its steady progression toward practical impact. Strategic planning across allied nations already assumes that sensitive data encrypted today must remain secure for decades. The logic of "harvest now, decrypt later" is now embedded in intelligence thinking.
Here, the duality sharpens.
AI strengthens the ability to identify weaknesses in cryptographic implementations and key management. Quantum computing places the encryption algorithms themselves on a finite timeline. Together, they increase both the visibility of vulnerabilities and the long-term value of exploiting them.
This convergence raises urgency.
Australia is well positioned to respond.
The Australian Signals Directorate has provided clear and practical guidance on postquantum cryptography, emphasising cryptographic agility, early planning and phased transition. This reflects operational realism and recognises the complexity of migrating national-scale infrastructure.
The foundation is strong.
The advantage now comes from pace.
As AI accelerates vulnerability discovery, early movement toward quantum-resistant encryption delivers compounding benefit. Aligning with emerging post-quantum standards - including those developed by the US National Institute of Standards and Technology (NIST) - strengthens present resilience while preserving interoperability with key partners.
NIST's role is central. Its cryptographic standards underpin global financial systems, cloud platforms and telecommunications networks. When NIST sets direction, governments and industry align to maintain trust and interoperability across allied ecosystems.
Early alignment strengthens Australia's position.
Australia's broader cyber posture supports decisive action. National strategies, regulatory frameworks and initiatives such as the Essential Eight already reflect a mature understanding of cyber security as a core national capability.
These settings enable acceleration.
The next step is integration.
AI-assisted vulnerability discovery, software assurance and post-quantum cryptography deliver the greatest impact when treated as a unified national capability. Alignment across policy, procurement and operational practice ensures that strength compounds across the system.
This is how the double-edged sword is controlled.
By embedding vulnerability discovery within trusted national systems - and by moving faster than potential adversaries - Australia ensures the first edge strengthens resilience while the second edge is actively managed.
This creates clear pathways forward.
Government procurement can prioritise cryptographic agility and quantum-ready architectures. Critical infrastructure frameworks can incorporate controlled AI-enabled assurance. Defence and intelligence agencies can integrate these capabilities into secure development pipelines while accelerating quantum-resistant communications across allied networks.
Industry responds to clarity. Consistent strategic direction attracts investment and accelerates capability development.
Tone matters. Confidence enables execution.
Current developments mark a capability shift already in motion. AI has brought vulnerability discovery to machine speed. Quantum computing continues to reshape the future of cryptography. These trends reinforce one another.
Together, they define the next edge of cyber power.
Australia's enduring strengths - early engagement, trusted alliances and a focus on shaping capability before it becomes contested - provide a clear advantage. Applying those strengths with pace and integration will strengthen resilience, reinforce deterrence and sustain confidence in an increasingly competitive digital environment.
The edge is double-sided.
The advantage belongs to those who move first - and move deliberately.