John Z Black
Brunswick, ME • (207) 245-1010 • contact@johnzblack.com
The debate about whether AI would be weaponized is over. Not winding down. Over.
GPT-5.4-Cyber and Claude “Mythos” are both shipping now. Both are designed for security work. Both accept prompts that a standard model would refuse. OpenAI calls its access tier “Trusted Access for Cyber” and describes a “more permissive design” for vetted partners. Mythos claims to have surfaced thousands of major vulnerabilities since deployment.
For the first time, there’s a formal licensing framework for digital weapons. Not theoretical. Deployed, competitive, and growing.
While that’s happening at the top of the stack, something quieter is going on at the bottom. Researchers hijacked three widely-used AI agents integrated with GitHub Actions this month by submitting malicious pull requests. The agents processed them, exposed secrets, leaked tokens. The attack didn’t require sophisticated exploits. Just a prompt placed where an AI was already listening, with permissions a junior contractor would never get on day one.
Meanwhile, the Bordair dataset just dropped: 101,032 samples of multimodal prompt injection attacks covering text, image, and audio. It documents chart-poisoning, audio hijacking, and a new one worth noting: reasoning-token attacks that target the visible thinking traces in models that expose them. Inject into the trace, corrupt the reasoning, change the conclusion.
And Pentera’s 2026 survey found every single CISO they talked to is now using AI in security operations. Not most. All of them. The organizations running fully autonomous setups are learning that unrepeatable results aren’t a feature.
“Intelligence needs guardrails.” That’s the consensus from practitioners who’ve been at this a year or two. The irony is clean: the attack models are explicitly designed to remove guardrails. The enterprise security world is simultaneously learning that pure autonomy creates its own class of risk.
This is April 2026. Not a projection. Present tense.