Champion ethical hacker warns AI tools like Mythos will make competing harder

A leading ethical hacker has warned that the rapid advancement of artificial intelligence tools like Claude Mythos could soon render human competitors obsolete in high-stakes cybersecurity challenges. Valentina Palmiotti, known in the hacking community as Chompie, emerged as the top individual performer at this year’s Pwn2Own competition in Berlin, securing multiple victories and nearly $70,000 in prize money. Yet despite her success, she expressed deep concern that AI-driven systems are evolving at such a pace that even elite human hackers may struggle to keep pace in future contests. Palmiotti highlighted how tools like Anthropic’s Mythos—a model reported to have identified over 1,600 software vulnerabilities—are becoming so sophisticated that they could soon automate much of what human researchers do today.

For now, Palmiotti uses AI to enhance her own capabilities, particularly in her role as a security researcher for IBM X-Force and during competitions like Pwn2Own, where she routinely enters what she calls “zombie hacker mode”—long, caffeine-fuelled sessions of deep technical work. This year, AI assistants such as Claude Code helped her streamline vulnerability discovery and exploit development, enabling faster progress. Yet she cautioned that this advantage may be temporary. “I competed in Pwn2Own this year because I thought it might be my last chance,” she told BBC News. “That isn’t to say ethical hacking will disappear, but a lot of the low-hanging fruit will start to vanish as AI takes over the basics.”

The Pwn2Own competition, organised by the Zero Day Initiative, offers cash rewards for discovering and exploiting previously unknown flaws in widely used software, websites and systems. This year, participants collectively uncovered 47 new vulnerabilities, earning nearly $1.3 million in prizes. On the first day of the event, Palmiotti demonstrated a successful attack on an Nvidia-linked system, securing $20,000 before returning to her hotel to work through the night refining another exploit—a gruelling 12-hour sprint that culminated in a $50,000 prize for compromising a Linux-based system. While she acknowledged the unhealthy intensity of such sessions, she stressed their necessity in an increasingly competitive field.

Palmiotti’s warnings reflect broader anxieties within the cybersecurity community about the dual-use nature of AI. While organisations like Anthropic restrict access to powerful models like Mythos—citing potential misuse—there are growing concerns that such tools could fall into the wrong hands or render manual hacking obsolete for many professionals. Although Palmiotti believes top-tier human expertise will still be valued, she predicts that only the most exceptional researchers will remain competitive as AI systems absorb routine tasks. “There won’t be a need for good or even great hackers soon,” she said. “Only the very best will survive.”