Taiwan urges stronger defences amid AI-driven cyber threats

Taiwan’s Administration for Cyber Security has warned that emerging AI models are lowering the cost and increasing the scale of cyberattacks, urging companies and government agencies to strengthen basic cyber resilience.

The agency said advanced AI models, including Anthropic’s Claude Mythos and OpenAI’s GPT-5.5, are showing stronger capabilities in vulnerability discovery and offensive cyber techniques. It said such developments could help attackers identify weaknesses faster and turn vulnerabilities into practical attack tools more efficiently.

According to the agency, recent international cybersecurity assessments suggest Claude Mythos Preview has identified thousands of high-severity vulnerabilities across major operating systems and web browsers. At the same time, GPT-5.5 could increase the efficiency and scale of existing attack methods.

Taiwan outlined three responses to the emerging threat. The administration said it would monitor defensive tools and international experience related to AI-enabled cyber operations, convene government, industry and academic decision-makers to discuss national-level response strategies, and strengthen support for small and medium-sized enterprises through TWCERT/CC.

The agency also urged organisations to return to cybersecurity basics, including vulnerability management, offline and recoverable backups, business continuity planning, least-privilege access, multi-factor authentication, passkeys based on FIDO2 standards, and the disabling of unnecessary external services and test interfaces.

Taiwan’s cyber agency said AI is changing the speed and cost of attacks, but not the core principles of cybersecurity. It said organisations should shift from focusing only on preventing breaches towards improving resilience, recovery time and damage control.

Why does it matter?

The warning shows how governments are beginning to treat AI-enabled vulnerability discovery and exploitation as a practical cybersecurity risk, not a future scenario. As AI reduces the time and expertise needed to identify and exploit weaknesses, organisations may need to place greater emphasis on resilience, rapid recovery, access controls and continuous vulnerability management, especially where smaller businesses and public bodies lack advanced cyber capabilities.

Would you like to learn more about AI, tech, and digital diplomacy? If so, ask our chatbot!