AI Is Moving Fast. How We Build It Matters More Than Ever.

Written By Maliha Charania

Over the past few days, the conversation around Claude Mythos has been hard to miss.

A model described as capable of identifying vulnerabilities and assisting in their exploitation.
A restricted rollout through Project Glasswing.
A growing narrative that AI is entering a new phase in cybersecurity.

At the same time, something else happened.

A separate issue involving the release of Claude Code led to the unintended exposure of its source code through a packaging and release misconfiguration. Within days, the code was mirrored, analyzed, and vulnerabilities were identified by the broader community.

Two stories. Same company. Same moment.

And together, they tell a much more important story than either one alone.

A few weeks ago, I wrote about how AI is having a moment, and how leadership should be having one too. What we’re seeing now feels like what happens when those conversations meet reality.

The Gap We’re Not Talking About

On one side, we have a model that can:

  • analyze complex systems

  • discover vulnerabilities

  • and assist in generating exploit paths

On the other, we have a very familiar issue:

  • a packaging oversight

  • a release pipeline gap

  • a preventable exposure

This isn’t unusual. It’s something every organization in technology has either experienced or actively works to prevent.

But the contrast is hard to ignore.

We are building systems that surface risk faster than we can manage it.

What This Actually Shows

The exposure of Claude Code’s source code was not the result of a sophisticated attack.

It was not a failure of the AI model.

It was a breakdown in:

  • build configuration

  • artifact handling

  • and release validation

In a recent conversation I had with Monique Hart, a mentor to me and a leader in healthcare, cybersecurity, and technology, she pointed out something that stayed with me:

the same moment that highlighted advanced AI capability also exposed a breakdown in foundational security practices.

She also emphasized something even more important. These aren’t new expectations.

Secure coding practices, code reviews, and due diligence have always been part of how we build responsibly. What’s changing is the urgency.

AI doesn’t change the fundamentals. It makes it harder to ignore them.

And it raises an important consideration for all of us building, deploying, or integrating AI into our environments.

As we accelerate the development of AI-powered tools, the expectation isn’t just innovation. It’s responsibility.

That means:

  • secure coding practices remain foundational

  • source code scanning and vulnerability detection must be embedded into the development lifecycle

  • build and release pipelines require rigorous validation before distribution

  • and controls around exposure, access, and artifact management must be intentional, not assumed

And just as importantly, this is where human judgment has to remain part of the process.

Human-in-the-loop isn’t just about reviewing outputs. It’s about ensuring there is accountability at every stage of how these systems are built, validated, and released.

This is also where governance has to evolve alongside engineering.

Clear ownership, defined guardrails, and accountability for how AI systems and supporting tools are built, tested, and released are no longer optional. They are essential.

Because AI doesn’t replace these fundamentals.

If anything, it raises the stakes.

The Reality Check for AI in Cybersecurity

There’s a growing narrative that AI will transform cybersecurity overnight.

In some ways, it already is.

Models like Mythos suggest that:

  • vulnerability discovery can scale

  • analysis can accelerate

  • exploit development can be assisted or automated

But this moment highlights something equally important:

The most immediate risks are still rooted in how we build, ship, and govern software.

Not just what AI can do.

But what we continue to do.

What This Moment Really Represents

This isn’t a story about AI going rogue.

It’s a story about convergence.

Between:

  • capability and control

  • innovation and execution

  • governance and accountability

  • perception and reality

We are entering a phase where AI can surface and operationalize risk at machine speed.

But unless our systems, processes, and governance mature alongside it, those risks won’t stay theoretical for long.

And no matter how advanced these systems become, human judgment doesn’t go away.

AI can generate, analyze, and even exploit.

But it cannot take ownership.

That responsibility still sits with us.

Where This Leaves Us

Claude Mythos shows us where capability is going.

The source code exposure shows us where we are.

And right now, those two are not moving at the same pace.

AI isn’t something we can ignore.

But how we build with it matters just as much as what it can do.

That starts with understanding what problem we’re actually trying to solve, not just what the technology makes possible.

The organizations that move forward successfully won’t be the ones moving the fastest.

They’ll be the ones building with intention, with governance, with a clear sense of ownership and understanding of the risks they’re introducing along the way.

Maliha

Disclaimer: The content on this blog and website reflects a combination of my personal experiences, perspectives, and insights, as well as interviews and contributions from other individuals. It does not represent the opinions, policies, or strategies of any organization I am currently affiliated with or have been affiliated with in the past. This platform serves as a personal space for sharing ideas, lessons learned, and meaningful reflections.

Maliha Charania
Next

The Kind of Wisdom You Don’t Learn in Tech