The government plans to announce a comprehensive response to AI-driven cybersecurity threats as early as late May. The move follows the discovery of a case in which Anthropic’s general-purpose AI model Opus 4.7 alone succeeded in penetrating a corporate service.

Choi Woo-hyuk (최우혁), director general for information security and network policy at the Ministry of Science and ICT, met reporters on May 8 after a meeting with experts responding to cybersecurity projects at global AI companies. He said the session was held behind closed doors because it included a case in which a real attack using Opus 4.7 succeeded with a company’s consent. He added that work that would take an expert hacker days by hand was found in just about 10 minutes. He said the ministry plans to announce comprehensive response directions in late May to early June, including the status of talks on joining Glasswing.

After the emergence of Anthropic’s high-performance model Mythos, concerns have grown that AI could be used for both defence and attack, prompting the government to step up its response. The government last month asked chief information security officers at about 30,000 companies nationwide to strengthen their security posture, and on April 30 distributed “corporate response guidelines and CEO action rules for AI-based cyberattacks,” continuing a step-by-step response.

The vulnerability was found during a simulated penetration conducted with a company’s consent as part of a rapid inspection programme run by the Korea Internet & Security Agency (KISA). Park Yong-gyu (박용규), head of KISA’s Digital Threat Response Division, said the team demonstrated a penetration process by finding vulnerabilities in an actual service operated by a company rather than in a solution vulnerability. He said they tested with AI a series of steps that obtained an account through a website authentication bypass vulnerability and accessed the site. A total of 7 vulnerabilities were identified, using a method in which AI generated a new password to obtain access. The company completed patching within days of the discovery.

It was also confirmed that guardrails exist but can be bypassed through prompting, and that even ordinary people could potentially use AI for hacking.

The government is also working to join Project Glasswing, which Anthropic operates based on Mythos. It is contacting Anthropic through the AI Safety Institute under the ministry and KISA. Choi said it was not a concept of negotiating with cards, drawing a line on bargaining-chip arguments. Fifty-two companies and institutions are currently participating in Glasswing, but most of the list is not disclosed.

Ryu Jae-myung (류재명), vice minister at the Ministry of Science and ICT, is scheduled to meet Anthropic on May 11, but the specific agenda is not disclosed. The ministry said it is also not at the stage of discussing follow-up measures if participation in Glasswing falls through.

Some South Korean companies are already participating in OpenAI’s cybersecurity cooperation project Trusted Access for Cyber, also known as TAC. Lee Dong-hyun (이동현), director at the ministry’s Information Security Industry Division, said it was confirmed that there are South Korean TAC participant companies and institutions. He said it was difficult to disclose the exact number of participating companies or whether government agencies are included.

The meeting was attended by developers of independent foundation models including SKT, Upstage and Motif Technologies, major AI companies, academic experts in AI security including the head of the Korea Institute of Information Security and Cryptology, heads of information security companies including the head of the Korea Information Security Industry Association, and CISOs at major companies. Deputy Prime Minister and Minister of Science and ICT Bae Kyung-hoon (배경훈) chaired the meeting.

At the meeting, experts cited reliance on legacy systems, which makes immediate vulnerability patching difficult, as a key risk. Examples were presented including the UK National Cyber Security Centre’s cyber alarm system tailored to IT assets and a European system that enforces patch deadlines for high-risk vulnerabilities. Participants also raised the view that switching to cloud-based services, or SaaS, could speed up patching, and called for institutionalising simulated penetration by white-hat hackers. While there was agreement on the need for AI security-specialised models, specific directions, such as using foundation models or advancing in-house models, remain undecided.