fortune.com via Reddit

Snowflake Warns AI Exploits Now Form in Hours

cybersecurity generative ai ai-attacks cyberattacks enterprise-security

Key insights

  • AI now generates working exploits in hours, outrunning patch cycles that most enterprises run weekly, monthly, or quarterly.
  • Anthropic's Mythos model, deployed at Amazon, closes entire vulnerability classes but requires experienced engineers to suppress false alarms.
  • Criminals used AI-generated video and voice clones to steal approximately $25 million; automated end-to-end scams are expected within 12 to 24 months.

Why this matters

The compression of exploit development from days to hours means enterprises running quarterly patch cycles are structurally behind rather than just slow, and no amount of headcount fixes a timing mismatch of that magnitude. Anthropic's Mythos entering production security use at Amazon is the clearest signal yet that frontier AI models are being deployed as active defensive infrastructure, not just research tools, which raises the bar for every security vendor competing in that space. The $25 million deepfake theft and the 12-to-24-month forecast for automated social engineering scams mean mid-market security budgets built around perimeter defense and human-reviewed alerts are already misaligned with the actual threat trajectory.

Summary

AI-powered attacks now generate working exploits in hours while most enterprises patch on weekly, monthly, or quarterly cycles. Snowflake's Mayank Upadhyay frames the stakes plainly: "You have to use AI. It's not even a choice, because there's just so much data." Amazon's chief security officer reports Anthropic's Mythos model is already closing entire vulnerability classes in production, though it requires pairing with experienced engineers to filter false alarms. Essentially: (Snowflake, Amazon) are running AI-vs-AI defense cycles as the window to patch shrinks below what traditional schedules can absorb. - AI exploit generation now outpaces enterprise patch cadences by days or weeks. - Anthropic's Mythos is operational at Amazon, targeting whole vulnerability classes at once. - Criminals already used AI video and voice clones of a finance executive to steal approximately $25 million; researchers put convincing automated scams within 12 to 24 months. Snowflake's four-step AI defense cycle (set defenses, monitor for breaches, contain, rebuild controls) with daily war room exercises is becoming the new expected baseline, not a competitive edge.

Potential risks and opportunities

Risks

  • Enterprises still on quarterly patch schedules face a structural exploit window measured in days or weeks as AI-generated attacks reach deployment speed in hours.
  • Amazon's reliance on Anthropic's Mythos to close vulnerability classes creates concentration risk if the model is retrained, sunset, or found to have systematic blind spots.
  • The documented $25 million deepfake playbook lowers the replication barrier for similar attacks against mid-market finance teams that lack AI-aware fraud detection tooling.

Opportunities

  • Security vendors that can compress patch-cycle latency using AI-generated exploit detection stand to capture urgent budget from enterprises the Snowflake and Amazon warnings are now reaching.
  • Anthropic gains a high-profile enterprise reference deployment with Amazon's security team, positioning Mythos as a commercial security product for other large organizations evaluating AI-powered vulnerability tooling.
  • Vendors offering AI-driven daily war room simulation and rapid incident containment platforms are aligned with the specific preparedness standard Snowflake is publicly advocating as the new operational baseline.

What we don't know yet

  • Research organization behind the '12 to 24 months' automated scam prediction — not named or sourced in the article
  • Targeted company in the $25 million deepfake case — not identified, no reporting on fund recovery or prosecution outcome
  • Anthropic's Mythos false-alarm rate and the scale of Amazon's deployment — no metrics on coverage breadth or operational cost of engineer oversight

Originally reported by fortune.com

Read the original article →

Original headline: Fortune: AI Is Supercharging Cyberattacks and Most Companies Aren't Ready — Exploit Creation Now Takes Hours, Not Weeks