AI and Computer Security (CEFR Compare)

May 11, 2026, 18:11

AI and Computer Security

Introduction

Google found a group of hackers. These hackers used AI to find and fix mistakes in computer software to steal information.

Main Body

The hackers used AI to enter a system. Google saw that the hackers used AI because the code looked like a school book. Now, bad people in China, North Korea, and Russia use AI to attack computers faster. Some AI companies are worried. Anthropic made a strong AI called Mythos. They did not give it to everyone because it can find software mistakes. OpenAI also made a special AI tool for security experts. The US government wants to control AI. They talked with Google and Microsoft to check AI models before people use them. Experts say AI can help fix software, but for now, it helps hackers more.

Conclusion

Hackers and security experts are in a race. Both sides use AI to win.

Learning

🛠️ Building Sentences with 'To'

In the text, we see a pattern: Action $\rightarrow$ Goal.

When you want to explain why someone does something, use to + action word.

Examples from the story:

Use AI $\rightarrow$ to find mistakes
Use AI $\rightarrow$ to steal information
Use AI $\rightarrow$ to enter a system
Use AI $\rightarrow$ to attack computers

How to use this in your life:

I go to the store $\rightarrow$ to buy milk.
I study English $\rightarrow$ to get a job.
She calls her friend $\rightarrow$ to say hello.

Quick Word Swap Instead of saying "because I want to," just use "to": ❌ I study because I want to learn. $\rightarrow$ ✅ I study to learn.

Vocabulary Learning

hackers

People who break into computer systems to steal or damage data

Example:Hackers can steal your personal data.

software

Programs that run on computers

Example:I installed new software on my laptop.

information

Facts or data that can be stored or processed

Example:She shared useful information about the project.

system

A set of connected parts working together

Example:The heating system stopped working.

code

Instructions written for computers

Example:The teacher taught us how to write code.

attack

To try to harm or break into something

Example:The city defended against a cyber attack.

security

Measures to protect against danger or theft

Example:Security guards checked everyone’s ID.

government

The group that runs a country

Example:The government announced new rules.

control

To manage or direct something

Example:He can control the lights with a remote.

fix

To repair or correct something

Example:Can you fix the broken window?

Using Artificial Intelligence to Find and Use Software Vulnerabilities

Introduction

Google's Threat Intelligence Group (GTIG) has reported the stop of a large cyber attack. This operation used large language models (AI) to find and exploit a software vulnerability that was previously unknown.

Main Body

The attack targeted a web-based tool for system administration. The attackers used a logic error in the software to bypass two-factor authentication. GTIG discovered that AI was used because the Python scripts contained 'hallucinated' security scores and a textbook style, which are common in AI training data. Although the exact model is unknown, Google stated that its Gemini model was likely not used. Furthermore, this incident shows that criminal groups and state-linked actors from China, North Korea, and Russia are increasingly using commercial AI tools to make their attacks faster and larger. Because of these developments, companies are changing their security strategies. For example, Anthropic limited the release of its 'Mythos' model because it could find vulnerabilities in major operating systems and browsers. Consequently, they started Project Glasswing to coordinate security between tech and financial companies. Similarly, OpenAI has created a special cybersecurity version of its model, but it is only available to approved security professionals. Regarding government policy, the United States has had a changing approach to AI oversight. The Commerce Department recently made agreements with Google, Microsoft, and xAI to test powerful models before they are released to the public. However, the public records of these deals were later removed. Experts emphasize that while AI might eventually help make old software more secure, there is currently a period of high risk because AI can find flaws faster than humans can fix them.

Conclusion

The current situation is a race between AI-driven attacks and the development of organized defenses by major institutions.

Learning

⚡ The 'Logic' of Connection

At the A2 level, you likely use simple connectors like and, but, and because. To reach B2, you need to use Transition Words that show a professional relationship between ideas. These aren't just words; they are signals to your reader about how the story is moving.

🔍 The B2 Upgrade Map

Look at how the text moves from a simple fact to a complex result. Instead of saying "And then," the author uses these:

"Furthermore..." $\rightarrow$ (A2 equivalent: "Also")
- Usage: Use this when you have already given one strong point and want to add an even stronger one.
- Example: "The AI found a bug. Furthermore, it helped the hackers move faster."
"Consequently..." $\rightarrow$ (A2 equivalent: "So")
- Usage: Use this to show a direct, formal result of an action.
- Example: "The model was too dangerous. Consequently, Anthropic limited its release."
"Similarly..." $\rightarrow$ (A2 equivalent: "Like this")
- Usage: Use this to compare two different companies or people doing the same thing.
- Example: "Anthropic limited its model. Similarly, OpenAI created a restricted version."

🛠️ Pro-Tip: The Semicolon-Style Pause

Notice that these words usually start a sentence and are followed by a comma ( , ). This creates a rhythmic pause that makes your English sound more academic and less like a list of random facts.

A2 Style: I like AI but it is dangerous so I am careful. B2 Style: I appreciate the utility of AI; however, it possesses inherent dangers. Consequently, I exercise caution.

💡 Vocabulary Pivot: From 'Change' to 'Developments'

Instead of saying "things are changing," the text uses "Because of these developments...".

Development (in this context) = a new event or situation that changes the current state.
Try this: Next time you describe a trend, don't say "The change is...", say "Due to these developments..."

Vocabulary Learning

vulnerability (n.)

A weakness or flaw that can be exploited to gain unauthorized access or cause damage.

Example:The software had a vulnerability that allowed attackers to gain unauthorized access.

authentication (n.)

The process of verifying a user's identity before granting access to a system.

Example:Two-factor authentication adds an extra layer of security.

bypass (v.)

To avoid or get around a security measure or rule.

Example:The hackers used a logic error to bypass the authentication system.

incident (n.)

An event, especially one that causes concern or requires attention.

Example:The incident highlighted the need for better monitoring.

commercial (adj.)

Relating to business or trade, especially for profit.

Example:Commercial AI tools are increasingly used by cybercriminals.

strategy (n.)

A plan or method for achieving a goal or solving a problem.

Example:Companies are updating their security strategies to counter new threats.

release (v.)

To make a product or information available to the public.

Example:The model was not released to the public until after testing.

coordinate (v.)

To organize or arrange efforts so that they work together effectively.

Example:Project Glasswing coordinates security efforts between tech and financial companies.

oversight (n.)

Supervision or monitoring to ensure compliance or proper conduct.

Example:The government is increasing oversight of AI development.

agreement (n.)

A negotiated arrangement between parties that outlines mutual commitments.

Example:The Commerce Department signed agreements with major tech firms.

public (adj.)

Open to everyone; not restricted to a particular group.

Example:The public records of the deals were later removed.

emphasize (v.)

To give special importance or attention to something.

Example:Experts emphasize the high risk of AI-driven attacks.

risk (n.)

The possibility of danger, loss, or harm.

Example:There is a high risk that AI will find flaws faster than humans can fix them.

flaw (n.)

A mistake, defect, or weakness in a system or object.

Example:The AI discovered a critical flaw in the operating system.

institution (n.)

An established organization, especially one that has a public or official role.

Example:Major institutions are developing organized defenses against AI attacks.

Integration of Artificial Intelligence in the Identification and Exploitation of Zero-Day Vulnerabilities

Introduction

Google's Threat Intelligence Group (GTIG) has reported the disruption of a large-scale cyber operation that utilized large language models to identify and exploit a previously unknown software vulnerability.

Main Body

The operation in question targeted a web-based system administration tool, leveraging a semantic logic flaw to circumvent two-factor authentication. GTIG identified the use of artificial intelligence through the presence of 'hallucinated' CVSS scores and textbook formatting within the Python scripts, which are characteristic of LLM training data. While the specific model employed remains unidentified, Google has indicated that its own Gemini model was likely not utilized. This incident aligns with broader observations that criminal entities and state-linked actors from China, North Korea, and Russia are increasingly utilizing commercial AI tools to enhance the velocity and scale of their offensive capabilities. Concurrent with these developments, the emergence of highly capable models, such as Anthropic's Mythos, has necessitated a strategic shift in defensive postures. Anthropic restricted the release of Mythos due to its capacity to identify zero-day vulnerabilities across major operating systems and browsers, subsequently establishing Project Glasswing to coordinate security efforts among major technology and financial institutions. Similarly, OpenAI has introduced a specialized cybersecurity iteration of its model, restricted to vetted infrastructure defenders. From a policy perspective, the United States administration has exhibited fluctuating stances regarding AI oversight. Despite an initial commitment to repeal previous regulatory guardrails, the Commerce Department recently entered agreements with Google, Microsoft, and xAI to evaluate high-capacity models prior to public dissemination, though the public record of these agreements was subsequently removed. Policy analysts suggest that while AI may eventually facilitate the hardening of legacy software, a transitional period of heightened systemic risk is anticipated as the capacity for automated exploitation currently outpaces the speed of defensive remediation.

Conclusion

The current landscape is characterized by an active race between AI-driven offensive exploitation and the development of coordinated institutional defenses.

Learning

The Architecture of 'Institutional Nominalization'

To move from B2 to C2, a student must stop describing actions and start describing states of existence and systemic processes. This article is a goldmine for Nominalization—the linguistic process of turning verbs or adjectives into nouns to achieve an academic, detached, and authoritative tone.

⚡ The 'C2 Shift': From Narrative to Analytical

Compare these two ways of conveying the same information:

B2 (Narrative): The US government changed its mind about how to oversee AI, even though they first said they would remove the rules.
C2 (Nominalized): The United States administration has exhibited fluctuating stances regarding AI oversight, despite an initial commitment to repeal previous regulatory guardrails.

In the C2 version, the "action" (fluctuating, overseeing, committing, repealing) is frozen into a noun. This allows the writer to treat complex concepts as single objects that can be modified by high-level adjectives.

🔍 Linguistic Dissection

Textual Segment	The 'Verb' Root	The C2 Nominalization	Effect
"...heightened systemic risk..."	To risk	Systemic risk	Shifts focus from the danger to the nature of the threat.
"...defensive remediation..."	To remediate	Remediation	Transforms a corrective action into a professional category.
"...public dissemination..."	To disseminate	Dissemination	Replaces 'spreading' with a formal, scholarly term for distribution.

🎓 Mastery Insight: The 'Velocity of Scale' Logic

Note the phrase: "...enhance the velocity and scale of their offensive capabilities."

At a C2 level, we don't just say "they can attack faster and more often." We use abstract nouns of measurement (velocity, scale) combined with functional nouns (capabilities). This creates a 'dense' information environment where a single sentence carries the weight of an entire paragraph of B2 English.

The Golden Rule for C2 Writing: If you find yourself using too many verbs to describe a trend, try to collapse those actions into a complex noun phrase. Instead of saying "because the AI can exploit things faster than people can fix them," use "as the capacity for automated exploitation currently outpaces the speed of defensive remediation."

Vocabulary Learning

circumvent (v.)

To find a way around or bypass an obstacle or restriction

Example:The attackers circumvented two‑factor authentication by exploiting a semantic logic flaw.

hallucinated (adj.)

Fabricated or imagined, especially in the context of AI generating false data

Example:The system produced hallucinated CVSS scores that misled the analysts.

characteristic (adj.)

Typical or distinguishing feature or quality of something

Example:The presence of hallucinated scores was a characteristic of LLM training data.

unidentified (adj.)

Not yet recognized or named

Example:The specific model employed remained unidentified at the time of the report.

state-linked (adj.)

Associated with or supported by a government

Example:State‑linked actors from China, North Korea, and Russia increased their use of AI tools.

velocity (n.)

Speed or rate of movement or change

Example:AI tools are enhancing the velocity of offensive operations.

emergence (n.)

The process of coming into existence or prominence

Example:The emergence of highly capable models prompted a strategic shift.

capable (adj.)

Having the ability or power to do something

Example:Anthropic’s Mythos is a capable model able to identify zero‑day vulnerabilities.

strategic (adj.)

Relating to the planning and execution of large‑scale actions

Example:A strategic shift in defensive postures was necessary.

postures (n.)

Stances or positions adopted in response to a situation

Example:Defensive postures had to be adjusted to counter new threats.

capacity (n.)

The maximum amount that can be contained or accomplished

Example:High‑capacity models were evaluated before public dissemination.

vulnerabilities (n.)

Weaknesses that can be exploited to compromise a system

Example:The model could identify zero‑day vulnerabilities across major operating systems.

subsequently (adv.)

Afterward; following in time or order

Example:The project was established subsequently to coordinate security efforts.

coordinate (v.)

To organize or bring together for a common purpose

Example:Project Glasswing coordinates security efforts among major institutions.

institutions (n.)

Organizations or establishments, especially formal ones

Example:Major technology and financial institutions were involved in the coordination.

specialized (adj.)

Designed for a particular purpose or field

Example:OpenAI introduced a specialized cybersecurity iteration of its model.

cybersecurity (n.)

The practice of protecting computer systems and networks from digital attacks

Example:The specialized model is tailored for cybersecurity defense.

iteration (n.)

A version or repeat of a process or product

Example:The model’s iteration focuses on vetted infrastructure defenders.

vetted (adj.)

Carefully examined and approved

Example:Only vetted defenders are allowed to use the specialized model.

regulatory (adj.)

Relating to rules or laws that govern conduct

Example:The administration considered repealing previous regulatory guardrails.

guardrails (n.)

Metaphorical barriers or guidelines that prevent undesirable outcomes

Example:Guardrails were in place to limit unchecked AI deployment.

dissemination (n.)

The act of spreading information widely

Example:High‑capacity models were evaluated before public dissemination.

remediation (n.)

The process of correcting or fixing a problem

Example:Defensive remediation efforts aim to close identified gaps.

hardening (n.)

The process of making a system more secure

Example:AI may eventually facilitate the hardening of legacy software.

legacy (adj.)

Existing from an earlier time, often still in use

Example:Legacy software can be vulnerable to new attack vectors.

transitional (adj.)

Relating to a period of change or transition

Example:A transitional period of heightened systemic risk is anticipated.

heightened (adj.)

Increased in intensity or degree

Example:The risk level was heightened during the transition.

systemic (adj.)

Relating to or affecting an entire system

Example:Systemic risk refers to threats that impact the whole ecosystem.

automated (adj.)

Operated by machines or software without human intervention

Example:Automated exploitation tools can outpace manual defenses.

outpaces (v.)

To move faster than or surpass in speed or progress

Example:The capacity for automated exploitation currently outpaces defensive remediation.