InvestMarketplaceEquityNews
Anthropic's Latest AI Model Is Rewriting the Rules of Smart Building Cybersecurity
Company Updates

Anthropic's Latest AI Model Is Rewriting the Rules of Smart Building Cybersecurity

Propmodo8d ago

Cybersecurity has always been a step behind innovation, but the gap may be widening. The latest generation of artificial intelligence is not just improving how systems are defended, it is fundamentally changing how they are attacked. Recent concern around advanced models like Anthropic's Mythos has less to do with what they are today and more to do with what they represent. These systems are becoming highly effective at identifying weaknesses in software at a scale and speed that was not previously possible, raising the possibility that the balance between attackers and defenders is shifting.

At the center of this shift is a concept that has long existed in cybersecurity but is now taking on new urgency: the zero-day vulnerability. A zero-day is a flaw in software that is unknown to the company that created it. Because it has not been discovered or disclosed, there is no fix available, which makes it especially valuable to attackers. In the past, uncovering these vulnerabilities required a high level of technical expertise and time. AI is compressing that process. Models can now scan large codebases, identify patterns that suggest weaknesses, and in some cases outline how those weaknesses could be exploited. The implication is not just that more vulnerabilities will be found, but that they will be found faster than organizations can reasonably respond.

That dynamic becomes more concerning when applied to the systems that operate buildings. Modern properties rely on a network of software platforms to manage everything from HVAC and lighting to elevators and access control. Many of these systems were designed in a different era, when connectivity was a feature rather than a liability. As a result, they often lack the kind of security architecture that has become standard in other industries. Some run on legacy operating systems, others depend on third-party vendors for updates, and many are connected to broader networks in ways that were never fully mapped or secured.

There are already examples that illustrate how exposed these systems can be. Security researchers have demonstrated the ability to access building management systems through unsecured network connections, adjusting temperatures, shutting down ventilation, or gaining insight into occupancy patterns. In one of the most widely cited cyber incidents, attackers gained access to a major retailer's internal network through credentials tied to an HVAC contractor, eventually leading to a massive data breach. The vulnerability was not in a traditional IT system, but in the infrastructure that helps run a physical space. These kinds of entry points are not rare. They are a byproduct of how buildings have been digitized over time.

What changes with AI is the scale at which these vulnerabilities can be identified and exploited. A flaw in a widely used building automation system is no longer just a single point of risk. It can exist across thousands of properties that rely on the same vendor or platform. If an AI model can identify that flaw once, it can theoretically identify it everywhere. That creates a form of systemic exposure that is difficult to contain, especially when many of these systems are not updated regularly or lack centralized oversight.

This moment is starting to look less like a continuation of existing cybersecurity trends and more like the beginning of a new phase. The traditional model assumed that vulnerabilities would be discovered gradually and patched over time. AI disrupts that cadence. It accelerates discovery to the point where the volume of known vulnerabilities could outpace the ability to fix them. Security teams are not just defending against attacks, they are managing an expanding backlog of potential risks, many of which may already be exploitable.

At the same time, the tools being used to defend systems are also improving. AI can monitor network activity, detect anomalies, and flag unusual behavior far more efficiently than manual processes. But that symmetry is what makes the current moment so unstable. The same capabilities that allow defenders to act faster also allow attackers to move faster. The advantage no longer lies in having better tools, but in how quickly those tools can be deployed and integrated into a broader security strategy.

The built environment sits in an unusual position within this shift. Buildings have become increasingly sophisticated, layered with sensors, connected devices, and centralized management platforms. That sophistication has delivered real gains in efficiency and performance, but it has also expanded the attack surface in ways that are only now being fully understood. Systems that were once isolated are now part of a larger digital ecosystem, and vulnerabilities in one part of that system can have cascading effects elsewhere.

There is also a structural challenge that makes this harder to address. Responsibility for building systems is often fragmented across owners, operators, vendors, and service providers. Each may control a different piece of the technology stack, which makes it difficult to create a unified approach to security. When vulnerabilities are discovered, the process of identifying who is responsible for fixing them can be as complex as the technical fix itself.

The result is a growing recognition that cybersecurity in buildings is no longer just an IT issue. It is an operational issue, a vendor management issue, and increasingly, a strategic one. As AI continues to accelerate the discovery of vulnerabilities, the focus is likely to shift toward visibility and coordination. Knowing what systems are in place, how they are connected, and where the risks lie becomes just as important as having the tools to defend them.

The industry is unlikely to face a single moment that defines this transition. Instead, the shift will unfold gradually, as one vulnerability after another is discovered and addressed. But the underlying change is already underway. Cybersecurity is moving from a reactive discipline to a continuous process shaped by the speed of AI. Buildings, now deeply intertwined with software, are part of that process, whether they were designed for it or not.

Originally published by Propmodo

Read original source →
Anthropic