TAI #204: Are AI Agents Starting A Cybersecurity Arms Race?

Also, Anthropic’s xAI deal, GPT-Realtime-2, ZAYA1–8B and more What happened this week in AI by Louie This week gave us the clearest picture yet of how large a mark AI agents will leave on cybersecurity. Mozilla published the best engineering write-up so far on how Claude Mythos Preview helped harden Firefox. OpenAI launched Daybreak and expanded GPT-5.5-Cyber access for vetted defenders. Google Threat Intelligence Group reported its first high-confidence case of a threat actor using an AI-developed zero-day exploit. Mini Shai-Hulud, a self-spreading npm supply-chain worm, turned trusted release automation into a malware distribution system. AI agents are pushing both attackers and defenders from manual security work to agentic workflows. Attackers can ask agents to profile targets, inspect code, validate proof-of-concepts, tailor phishing lures, and operate across developer infrastructure. Defenders can ask agents to scan codebases, reproduce bugs, validate patches, generate detections