The cyber insurance market is preparing for another evolution of cyber risk sparked by Anthropic’s powerful “Mythos” model, with some insurers arguing the sector can adapt, though not every firm may survive the transition.
Mythos, an advanced artificial intelligence system, can reportedly identify software vulnerabilities at speeds far beyond human capability. It has already exposed thousands of previously unknown vulnerabilities across major operating systems and browsers, according to Anthropic and media reports.
For now, Anthropic has limited access to a small group of vetted organizations under “Project Glasswing” due to fears that the technology could be misused by threat actors. Insurers have voiced concerns not just about faster cyberattacks, but also about the possibility of machine-scale discovery of “zero-day” vulnerabilities, or flaws unknown to software vendors that can remain hidden for years.
“We’ll be able to respond to (AI-powered attacks) once we detect the patterns,” said Simon Hughes (pictured below), chief commercial officer at Cowbell. “The problem is the mass execution of finding vulnerabilities. The scale at which (Mythos) can do that is beyond what anyone is capable of defending against.”
The emergence of AI-assisted offensive cyber capabilities has triggered urgent discussions among banks, regulators and insurers worldwide. The International Monetary Fund recently warned that advanced AI models could create “systemic” cyber shocks for the financial system by accelerating correlated attacks across widely used software and cloud infrastructure.
“It is impressive to see what (Mythos) can do,” said Alessandro Lezzi (pictured below), group head of cyber risk at Beazley. “We are closely monitoring the implications for risk aggregation. Currently, these models require significant computational power and are expensive to operate, which limits threat actors' ability to access and deploy them at scale. That said, this could change over time.”
Despite those fears, executives across the cyber insurance market said the sector has already proven it can evolve rapidly when threat landscapes shift.
Jeff Kulikowski (pictured below), executive vice president and head of cyber and E&O at Westfield Specialty, said cyber insurers have spent years modelling catastrophic systemic cyber events and are now recalibrating those models to account for AI escalation.
“You can see the volume of incidents could grow at a much faster pace,” Kulikowski said. “It’s making us relook at our modelling… at how we forecast not just losses, but even what type of business we get into.”
According to Kulikowski, cyber insurance differs from traditional lines such as property insurance because insurers cannot easily diversify geographic risk. Instead, the industry faces concentration risk around a small number of dominant cloud and technology providers. “Technology companies have consolidated quite a bit, as have services,” he pointed out.
Still, Kulikowski argued that the cyber market has adapted before. He pointed to the ransomware explosion between 2016 and 2017, when cyber extortion claims suddenly surged from almost non-existent to roughly 80% of cyber claims.
“There was a year of pain because we weren’t pricing for ransomware,” Kulikowski said. “But we adjusted. We built a new model to address claims quickly and satisfactorily for insureds while still keeping carriers profitable.”
In the case of AI-driven cyber attacks, the adjustment will likely involve more sophisticated underwriting and clearer policy wording.
Beazley is one of a handful of carriers moving toward more explicit AI policy language rather than exclusions. Lezzi also noted that cyber forms need to be adapted to the escalating threat landscape.
“We need to ask different questions to clients, which also helps them understand where they stand compared to their peers,” Lezzi told Insurance Business. “For example, the questions we normally ask at the moment are about AI governance: which data they use, which models they’re using, how they’re using AI, whether they’re using agentic AI, what the human intervention is during deployment, and which checks and balances they have in place.”
Cowbell’s Hughes agrees that AI exclusions aren’t “the path forward” for the cyber insurance sector. “I think it's important we’re not just excluding the biggest errors and threats,” Hughes said. “We need to come to the table to provide a solid risk transfer solution for those clients because AI is not going away. We need to make sure we address them appropriately.”
At the same time, carriers expect to fight fire with fire. Some are already using AI-powered scanning tools and external telemetry to assess clients’ security posture, reducing the need for lengthy questionnaires.
For now, executives agree that the cyber insurance market remains stable… but only if it continues evolving at the same pace as the threat itself.
“I do think cyber insurers are prepared (for Mythos), although we haven’t seen anything yet,” said Kulikowski. “It can cause tumult, but we’ve shown as an industry that we adjust easily from a claims standpoint. We have internal know-how through our risk engineers, third-party modelers, and vendors who help us think through these things. That’s what makes cyber so unique.”
However, Lezzi warned systemic risk remains a central concern, particularly as Mythos-class systems become more accessible and computational costs decline over time. Beazley has already developed cyber catastrophe scenarios and purchased more than $1 billion in protection against systemic cyber aggregation risk, he said.
The ability to continuously monitor vulnerabilities across insured portfolios could soon become table stakes if AI models dramatically accelerate exploit development. But Hughes warned that not all carriers may have the technical infrastructure or capital resources to keep pace.
“Some carriers have invested heavily in the technology and infrastructure needed to operate effectively at scale, while others haven’t,” said Hughes. “The insurers that can respond rapidly and appropriately to these evolving threats are the ones that will succeed in this environment.”
