top of page

The Rise of the APT Kiddie

  • 23 hours ago
  • 5 min read

Cyber Thoughts Newsletter


JULY 2026


We’d like to coin a new term: APT Kiddies.

Back in the day, hackers who couldn’t write their own tools were called Script Kiddies. They relied on exploits written by others. That doesn’t mean they were harmless; au contraire, Script Kiddies caused plenty of headaches. But they lacked real skill.


Then along came APTs (Advanced Persistent Threats): nation-state operators armed with zero-days, custom malware, and seemingly unlimited budgets. These were the hackers who could break into almost anything and remain hidden for months or years.


Today, those APT capabilities are starting to trickle down to technically competent actors that can drive a frontier AI model. But it won’t be long until they trickle down to everyone else.


Welcome to the Era of the APT Kiddie.


Open Weight Models

When we speak with practitioners using Fable, they are quick to point out something interesting: much of what it can do can already be replicated by fine-tuning previous-generation open-weight models.


What makes Fable and Mythos impressive isn’t that they’re good at cybersecurity. It’s that they weren’t built for cybersecurity.


That means these capabilities are being democratized much faster than expected.


The upshot is that we don’t have to wait for the next frontier model to become publicly available to access “next frontier model”-level cybersecurity capabilities. Companies and open source projects are already tuning existing models for offensive and defensive security tasks.


One example is Tulongfeng, better known as Dragon Saber, Qihoo 360’s AI cybersecurity platform in China. Unfortunately, those spoilsports won’t let us download it because it’s an “Enterprise Product.”


We would, however, like to take a moment to recognize that Dragon Saber is an absolutely GOAT AF name. (Yes, our summer intern taught us that phrase.)


Fortunately, you don’t need Dragon Saber.


Open-weight models like Zhipu AI’s GLM-5.2 are already available on Hugging Face and GitHub, and plenty of hosting providers will happily spin one up and help you fine-tune it for your own use.


Somewhere, a young David Lightman is already trying to break into Protovision so he can download the latest games.


The point isn’t that everyone will have access to Mythos. The point is that everyone won’t need it.


A Brief Detour

Happy Birthday America! The American Revolution was won in no small part due to James Lovell, a school teacher turned one-man NSA who broke the British’s cipher. How’d he do it? He noticed the British reused their cipher unless they learned it had been compromised. With an assortment of intercepted letters he was able to crack their key, leading to intelligence that re-routed George Washington from the outskirts of New York City to Yorktown, Virginia, where he defeated General Cornwallis at the Battle of Yorktown, the last major battle of the Revolutionary War.


When was the last time you rotated your organization’s keys?  


Fable is Back!

Since our last newsletter, Fable is back.


The U.S. government has allowed Anthropic to make the model generally available again, albeit with stricter safety filters. It has limited access to the internet and will redirect certain prompts to other models.


Through July 12th, Fable is included with normal subscriptions. After that it moves to Anthropic’s new premium token pricing, an acknowledgment that frontier models are becoming expensive enough to meter separately.


Patch Tuesday Record

Microsoft patched 206 CVEs in June, a new record.

Don’t expect it to be the last.



As AI gets better at finding vulnerabilities, vulnerability discovery becomes cheaper. That means more bugs, more patches, and a growing gap between organizations that patch quickly and those that don’t.


BlackHat 2026 Startup Spotlight Competition

We’ll once again be mentoring and judging the Black Hat Startup Spotlight Competition.


This year also marks the debut of the Global Startup Spotlight, where winners from Black Hat Asia, Europe, MEA, SecTor, and Black Hat USA will compete for the overall title. It’s like a battle royale but for cybersecurity startups…so basically a normal battle royale. 


We’ll be at Black Hat and sticking around for DEF CON afterward, for those of you with a devious side. If you’re in Vegas, drop us a line. We’d love to catch up.


Lastly, if you appreciate our highlights and heresies, follow us on Twitter and LinkedIn, we post regularly about real things worthy of your attention.


What We're Reading

Here's a curated list of things we found interesting.


China Has Matched Anthropic in Cybersecurity, Resetting AI Race

Chinese companies have released an Open Weight model that rivals top US LLMs. This actually isn’t a surprise, tuning the last generation on LLMs for security has already been proven to work. With that said, we might just go download one of these so we can hack into Snohomish High School and ‘fix’ that D we got in Home Economics. 


Security researchers said that a new AI model, released this month by China’s Zhipu AI, also known as Z.ai, can match the latest U.S. models when it comes to finding security bugs, although it still lags behind Anthropic’s and OpenAI’s products in other tasks.





A Microsoft researcher sent some goats on a mission in Age of Empires II to make a point about LLMs

For the young’ns Age of Empires is a video game. A researcher used it to model a neural net to prove a point. Spite-based research papers are the best. 


Adrian de Wynter was getting a little tired of all this LLM anthropomorphism… To illustrate the problem, de Wynter did what any reasonable researcher would do. He took a decades-old computer game and used it to build a neural network out of goats.





Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration

People speak of Q day, the day on which quantum computers actually live up to their potential and ruin the internet as we know it. The current administration is taking this seriously and should be applauded for that. 


President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography.




Transactions

Deals that caught our eye.


Accenture takes majority stake in Dragos

Accenture acquired a majority stake in industrial cybersecurity leader Dragos for an undisclosed amount. Dragos, which has raised over $438 million to date, will continue operating as an independent company. A strong signal that protecting critical infrastructure remains a strategic priority.








Podcasts

What we’re listening to.


N2K Cyberwire AI Security Brief: Is the next frontier model your biggest threat or your best defender?

If you think the recent wave of AI-discovered vulnerabilities is a problem, Rob Bair of Anthropic has a reframe for you. Discovery is the easy part. Closing the remediation gap is now the defining security challenge.










About Lytical

Lytical Ventures is a New York City-based venture firm investing at the intersection of Cybersecurity and AI. We aim to be the most connected, most helpful team for founders, investors, and anyone else who cares about cybersecurity and its adjacencies.

 
 
bottom of page