Terry Garton We’ve been reading a lot of headlines lately about Anthropic’s new AI model, Mythos, and the alarms it raises. When companies restrict access to their AI tools for fear of misuse, they can quickly gain attention. When you think about what’s happening now, what does that response tell you about how tools like this can or are changing the cyber threat landscape?
Justin Miller Well, I have to look at cybersecurity through people, process, and technology. That’s how I put it together. And we’re now at the point where we need to understand that technology. We have really smart people working on it, so we need to make sure we have the right people to manage it, understand the responsibility of this cyber ecosystem to be able to operate it ethically, morally, and understand the capabilities that AI brings to the cyber domain and what impact it will have. Therefore, you need to make sure you understand the policy and how to manage it. What we need in cyberspace are people who help us remain positive-thinking, correct, moral, and professional. That’s what I want. When I get asked that question, I think:
Terry Garton I’ll come back to these topics in a moment, but first I want to talk a little bit about the AI part. Security researchers have been searching for software vulnerabilities for years. For example, what makes it different from an AI-driven tool like Mythos that can quickly identify previously unknown defects at scale?
Justin Miller Well, AI is a power multiplier, right? And zero-days are specific undiscovered vulnerabilities. And to be able to think faster, we need some form of artificial intelligence to help us find these vulnerabilities. Its hidden weaknesses can be extremely dangerous and we must quickly identify the subtleties within and sound the alarm sooner. And again, if we’re using AI for the right reasons and for the right purposes, I think that’s where AI can help us.
Terry Garton It seems like we need AI to respond to AI because the human brain doesn’t work that fast. So what is the danger of AI escalation here?
Justin Miller Well, it moves fast again, right? This means dramatically accelerating the way vulnerabilities can be weaponized. But on the other hand, AI can accelerate vulnerability discovery and protection. So it’s almost machine-to-machine and that’s where you should be able to train best. And hopefully, our cyber policy and governance people are doing a better job than our adversaries in training their AI and our own.
Terry Garton Let’s return to the question of ethics and morality. Because in my simple mind, cyber-attacks are done by bad guys and cyber-defense is done by good guys. But based on your experience, when you think about these new kinds of AI-enabled capabilities, who is most likely to be an early adopter of this capability and why?
Justin Miller Well, given my background, I always look at it from an evil angle. And when you look at cybercriminals and rogue states, AI lowers the barrier to entry for some cyber operations and increases the speed and scale of attacks. But one thing I have learned over time is that we will be fighting a trained and trained enemy. And as we train students in college, are they better off later in life? And when they graduate and enter these jobs and industries and enter the cyber ecosystem, they’re not really exposed to fast-paced, high-level trained adversaries. And in order to confirm this, on-the-job training is an important element. I tell my students that they will be lucky if they can participate in a breach investigation right away. Because everything is a real world environment and there’s the old adage that everyone has a plan until they get slapped in the mouth, right? It changes the whole dynamic. And being able to effectively confront adversaries who are trained and trained is the kind of dynamic that we’re creating here at the University of Tulsa, and I think all cybersecurity student practitioners need to keep practicing. I think you need to get trained and continue to do more advanced training. Because they fight a well-trained, well-financed adversary who has been focused on and focused on things that could destroy the United States for years.
Terry Garton Justin Miller is an associate professor practicing cyber research at the University of Tulsa. Mr. Miller, if attackers are becoming more well-funded, organized, practiced, and nimble as we just described, how does that change the way agencies and organizations actually need to approach detection, patching, and incident response?
Justin Miller We need more practical applications in the classroom. And you need to increase that stress level. And as we’ve been training students, we’ve found that students coming back from the industry are saying, “Hey, you guys are sending us really smart people, but they’re not good at transferring technical knowledge quickly.” That’s what we practice in the classroom. So while we’re putting students in front of computers and giving them hands-on exercises, we’re also forcing them to ask questions and communicate what they’re doing in real time, effectively creating a more immediate response in the real industry.
Terry Garton Will this new capability tilt the playing field toward offensive cyber operations by nation states?
Justin Miller You think nation-states are going to be aggressive, right? And the United States, I think the overall strategy, if you look back at 2010, is that we started Cyber Command because we started to realize that there was a fifth domain within military operations, which was land, sea, air, and space. There’s land, sea, air, space, and now cyberspace, or the cyber domain, is the fifth domain, blurring the operational capabilities we were trying to protect. Because I think the hardest part of it is that private and public networks are all intertwined on the Internet, where many important systems are connected. So we’re looking to partner with transportation, hospitals, utilities, telecommunications, logistics, finance, all these networks that are securing their cloud dependencies. It created a large ecosystem with the US recognizing it in Cyber Command in 2010 and then choosing to call it a Russian influence operation in the 2016 presidential election. That led the US to create CISA in 2018 because they recognized that it was not just a technical operation, but one based on influence. And cybersecurity goes beyond machine-to-machine. Now it’s aggressive in terms of influencing. And you’re looking at it today, right? The report this morning is that Iran has responded to this via its social media pages, right? As a result, cyber has grown exponentially and we are now seeing machine-to-machine zero-day attacks as well as operations with offensive impact.
Terry Garton What organizations and activities do you assess as most vulnerable to this type of offensive and influence operations?
Justin Miller You can look at our transportation sector, our public works sector, our water sector, our communications sector. That’s my position. When you look back at people, processes and technology, I think people are building very strategic partnerships. And it is these people that we need to pay attention to. That’s because people like late-night janitors and late-night workers at utility and water treatment plants whose only job is to sit there for 8-10 hours looking at a screen and managing network flows. Because these people place great importance on the people and processes they play in network management. And I think it’s these people who have important insights into critical infrastructure like water, utilities, hospitals. We also want to make sure everyone is at the same table when talking about cyber. One of the things we noticed as we sat in the room was that there were a lot of lawyers in this room looking at things, and not a lot of engineers. When I look at cyber operations, I often want to see physical security personnel. I would like to talk to the manager. To better understand what’s going on in the system, we want to talk to the late-night guys and see what they’re seeing. So it’s not just the role that the whole ecosystem, the IT people, the cyber people, that holistic approach, everyone in that company has to play on cyber. And whether you’re an admin or a system monitor, I think it’s worth seeing what they see when they access your company every day. Whether it’s physical security, parking to cyber operations, it pays to evaluate your employees.
Terry Garton You spent 25 years as a special agent in the intelligence community, what worries you most about the cyber world we live in today?
Justin Miller In fact, what worries me most is the cascading effects between multiple actors. If you look at the combination of these four actors: China, Russia, Iran, and most recently North Korea, I have seen and experienced investigations related to these individuals, nation-states, over the course of my career over the past 25 years. And we know they are in our communication systems. We have seen the Iranians try to attack the Bowman Dam. They are demonstrating additional capabilities in cyber operations. But I think the knock-on effect if all four of these actors came together to target us at once would be terrifying.
Copyright © 2026 Federal News Network. Unauthorized reproduction is prohibited. This website is not directed to users within the European Economic Area.
