If you underwrote or acquired a business in the past few years, you may be undermodeling cyber risk, and, based on recent developments, the gap may be about to widen.
Why offense wins: asymmetry of responsibility
There’s a term gaining traction in AI circles: “offense-dominant.” Anthropic CEO Dario Amodei has been using it in his writing and public remarks to describe what happens when AI capabilities make attack structurally easier than defense.[1]
In late March, we found out why it might have been on his mind: leaked Anthropic documents called its new model “currently far ahead of any other AI model in cyber capabilities.”[2] The documents warned that the model “presages an upcoming wave of models that can exploit vulnerabilities in ways that far outpace the efforts of defenders.” Anthropic confirmed the model is real. A spokesperson called it “a step change.”[3]
There’s a basic asymmetry in cybersecurity that’s easy to understand. An attacker just has to find one way in. But a defender has to close every way in.[4]
AI makes this worse. A model that can read code and reason about how systems fit together can find bugs that humans missed for decades. Anthropic says their current model (i.e., not the one warned about above) already found over 500 vulnerabilities in widely-used open-source software. These are bugs that in some cases had survived years of expert review.[5]
So that the world isn’t totally flat footed, Anthropic is reportedly giving cyber defenders new model access first, “giving them a head start.”[6] They’ve also reportedly been using Claude to quietly find and fix bugs in public code before anyone can exploit them.[7] A recent source code leak revealed an internal feature literally called “Undercover Mode,” stealth contributions to open-source projects, with instructions to hide not just the Anthropic brand but the fact that AI wrote the code at all.[8]
A few things happening at once
- Frontier AI models are getting dramatically better at finding and exploiting software vulnerabilities. This is not speculation.[9]
- Open-source and locally-run models keep closing the gap with frontier models. They’re behind, but less behind every cycle. What only the best model can do today, many models will be able to do later.[10]
- The deeper societal ramifications of the above I’ll leave to others, but let me drill down on the implications in a domain I know well:
The data on small and mid-sized businesses is telling. Somewhere between 40 and 70 percent of small and mid-sized businesses report a cyber incident in any given year.[11] Nearly half of all cyberattacks target small businesses.[12] The numbers have been going up: the Verizon 2025 Data Breach Investigations Report found ransomware attacks rose 37 percent year-over-year and were present in 88 percent of SMB breaches, while exploitation of vulnerabilities surged 34 percent.[13]
Right now, cyber insurance is relatively cheap. Lots of capital is flowing into the market. Insurers see cyber as one of the biggest growth opportunities in the industry.[14] Premiums are expected to rise about 15 percent in 2026, in part driven by the increase of AI-related threats.[15]
The squeeze
I think about coastal property insurance in Florida. There was a time when you could get it easily for fairly cheap. Eventually, insurers repriced dramatically or stopped offering coverage altogether.
The underlying cause was structural and it wasn’t going away.
And critically, the risk was correlated. A hurricane doesn’t hit one house. It hits ten thousand houses on the same afternoon.
AI-driven cyberattacks are starting to look the same way. This week, a supply-chain attack on LiteLLM, an open-source library downloaded millions of times a day, affected Mercor, a $10 billion AI startup, along with thousands of other companies. The fallout is still unfolding.[16] In 2023, a similar attack exploiting a flaw in MOVEit, a common file transfer tool, hit hundreds of organizations simultaneously and affected nearly 100 million individuals.[17] That looks a lot like a hurricane. When insurers realize they’re holding that kind of systemic, correlated risk, the market hardens. If that’s right, then cyber insurance is going to get a lot more expensive, require deeper investments in CapEx and OpEx to maintain coverage, and/or pull out of some markets altogether.
Now think about what that means for a specific kind of business: distributors, resellers, grocery. These are low-margin operations, and in the case of acquisitions, often carrying debt with covenants and repayment requirements. There’s little margin to give.
So what? The people building these AI models are warning us, as is basic intuition, that offense is winning now and could reasonably pull away very soon.
If you’re underwriting or acquiring lower middle market businesses, the insurance and IT lines in your model deserve a harder look. Model deeply conservative assumptions on insurance, IT OpEx, and IT CapEx for sensitivity analysis.
Notes
[1] Amodei, “The Adolescence of Technology,” January 26, 2026. In the essay, Amodei warns that “AI-led cyberattacks have actually happened in the wild” and will “become a serious and unprecedented threat to the integrity of computer systems around the world.” On the Dwarkesh Podcast (February 13, 2026), Amodei applied the concept more broadly: “We might live in an offense-dominant world where one person or one AI model is smart enough to do something that causes damage for everything else.” darioamodei.com; dwarkesh.com
[2] Beatrice Nolan, “Exclusive: Anthropic acknowledges testing new AI model representing ‘step change’ in capabilities,” Fortune, March 26, 2026. The model is referred to internally as both “Claude Mythos” and “Capybara.” fortune.com
[3] See note 2.
[4] My dad and uncle were both NHL hockey players, and my hockey coaches growing up. My dad, a defenseman, resented the forwards: “On defense, you have to be perfect all game, but a forward can play terrible, have one good shift, score a goal, and all of a sudden they’re the best player on the ice.” I think a lot of athletes understand this asymmetry intuitively.
[5] Anthropic, “Claude Code Security,” February 20, 2026. Anthropic reported finding over 500 vulnerabilities in production open-source codebases using Claude Opus 4.6. anthropic.com
[6] See note 2.
[7] See note 5.
[8] The Claude Code source was inadvertently exposed via a source map file in npm package version 2.1.88 on March 31, 2026. The leaked code contained a system prompt for “Undercover Mode” with instructions to hide AI authorship. The Hacker News; The Register; Fortune
[9] Anthropic acknowledged dual-use cyber risks with its Opus 4.6 release in February 2026. OpenAI classified its GPT-5.3-Codex as its first “high capability” model for cybersecurity tasks. fortune.com
[10] Nathan Lambert, “What Comes Next With Open Models,” Interconnects, March 13, 2026. interconnects.ai; Epoch AI
[11] Range reflects variation across surveys and geographies. U.S. figures cluster around 41–46%; Canadian SMBs report as high as 72–73%. See Verizon DBIR (2024, 2025); Sophos State of Ransomware (2025). deepstrike.io
[12] Verizon Data Breach Investigations Report; Packetlabs (2024). The commonly cited figure is 43% of all cyberattacks targeting small businesses. packetlabs.net
[13] Verizon, 2025 Data Breach Investigations Report (April 2025). Analyzed over 22,000 security incidents including 12,195 confirmed breaches. verizon.com
[14] WTW, “Cyber Risk: A Look Ahead to 2026,” February 2026. Estimates $16 billion in 2025 premiums projected to reach $40 billion by 2030. wtwco.com
[15] Forrester Research, “Predictions 2026: Insurance,” via Insurance Journal, November 5, 2025. Forrester projects written cyber premiums will rise 15% in 2026. See also Chubb, 2026 Cyber Claims Report, finding average claim severity doubled to $4.4 million in 2025. insurancejournal.com
[16] Beatrice Nolan, “Mercor, a $10 billion AI startup… confirms major data breach,” Fortune, April 2, 2026. For the 2023 MOVEit attack, Cybernews reported the Cl0p campaign hit nearly 100 million individuals. Fortune; The Register
[17] See note 16.