Agreement”—a bilateral arrangement managing imports of Mexican tomatoes—and imposed a 17% levy on them. But prices may keep climbing. Tomatoes, like other fresh produce, require fertiliser, the price of which has rocketed since the war with Iran broke out. Fuel costs are also starting to bite. How bad could the rise in grocery prices get? To understand how the energy shock will affect grocery bills, consider each step of the supply chain. Begin with farmers, who rely on fossil fuels. Fertilisers, which typically use natural gas as a feedstock, account for as much as 40% of their input costs. Add to that the diesel needed to fuel their tractors. Producers of commodities like wheat and maize, however, have little control over their prices, which are determined by the balance of global supply and demand. Much of the expense for this year’s growing season— rent, equipment, seeds and even some fertiliser purchases—would have already been incurred by the time the war began. The energy shock might force some farmers into the red this year, but many will still make more money by planting what seed they have, rather than letting it go to waste. That means crop supply may not change much this season. The effect on farm prices might therefore not be felt in full until next season, by when growers who suffered big losses this year may have packed it in. Next in the grocery-supply chain is processing—at least for products like maize destined for cereal or cattle fated to become minced meat. Here markets tend to be more concentrated: there are just four major meatpacking firms and a handful of processed-food giants, among them Kraft and General Mills. Yet there are two reasons not to expect the energy shock to lead these companies to raise prices significantly. The first is that they rely less on oil for energy and more on electricity and natural gas, the prices for which have risen much more slowly in America. The second is that processed-food producers jacked up prices during the post-pandemic wave of inflation, resulting in a loss of customers to new entrants and retailers’ in-house brands. Meatpackers have also already had to pass on higher beef prices, the result of a cattle shortage following a drought. At least for now, the biggest pressure on American grocery prices as a consequence of the Iran war may come from the next two stages of the supply chain: packaging and transport. A good deal of food packaging is made from plastic, which in turn is made from oil. Petrochemical feedstocks

are now around two-fifths higher in price. Here the greatest impact will be seen not on the food shelves but in the home-care and beauty aisles, stacked with products packaged in thick plastic. Grocery-store shampoo prices were up by about 10% year on year at the end of March, according to NielsenIQ, a data provider. Then there is transport, which accounts for a sixth of the food-supply chain’s total energy consumption but perhaps as much as half of its requirement for oil. According to the Department of Agriculture, 80-90% of America’s produce is transported on lorries. Costs are highest for foods like meat and dairy that must be kept refrigerated. With the price of diesel having soared, simply getting food onto store shelves has become materially more expensive. Supermarkets, which tend to add only a small mark-up, usually pass on higher costs to shoppers. The result, then, is likely to be rising grocery bills, perhaps for some time. On May 12th data were released for April’s consumer price index. The prices of fruit and vegetables climbed by 6% year on year, though—mercifully—those of dairy products and eggs did not rise any further. Still, as consumers are painfully aware, food prices are already a third higher than they were before the pandemic. Mr Trump will look for anyone but himself to blame. It is hard to think of a force that turns people against incumbent politicians more than anxiety at the supermarket, something that the president, who campaigned on bringing grocery prices down, knows all too well. Already he is pointing the finger at fertiliser producers and meatpackers, both of which have been the subject of antitrust investigations by the Department of Justice. Americans may find it hard to stomach his excuses. ■ Editor’s note (May 11th): Some readers have written to point out that tomatoes are fruit, not vegetables. In fact, they are both. To track the trends shaping commerce, industry and technology, sign up to “The Bottom Line”, our weekly subscriber-only newsletter on global business. This article was downloaded by zlibrary from https://www.economist.com//business/2026/05/10/america-faces-another-grocery-price- shock

Business · Business | Mythos and reality

The war between businesses and hackers enters a perilous new phase AI agents present novel dangers May 14th 2026 CYBER-SECURITY IN the age of artificial intelligence in some ways resembles modern warfare. It is asymmetric: small bands of attackers armed with the latest technology can penetrate the most powerful defences. And the weaponry is increasingly autonomous. As Nikesh Arora, boss of Palo Alto Networks (PAN), a big cyber-security firm, puts it, “AI has to fight AI.” The good guys do not always win. In recent weeks Anthropic and OpenAI have unveiled AI models—Mythos Preview and 5.5-Cyber, respectively—so capable of penetrating weak spots in cyber-defences that the AI labs have released them only to trusted firms. But that is no guarantee of safety. New models are emerging all the time and

hackers already use earlier varieties. Moreover, as Mr Arora says, it is not a fair fight. With AI, lone wolves can carry out attacks that used to require whole teams, and they have to be right just once to succeed. Defenders, by contrast, have to be right every time. That is why cyber-security firms, as well as businesses at large, are scrambling to prepare for a wave of AI-powered cyber-crime. Within the industry, PAN and leading rivals such as CrowdStrike have formed alliances to try to make deployment of the latest models safer. Among their customers, the immediate reaction to models like Mythos and 5.5-Cyber was one of “panic and freak-out”, says Adam Meyers of CrowdStrike. But the models’ appearance was also a wake-up call. Assessments of cyber- readiness are moving from IT departments to C-suites and boardrooms. For the time being, these are more likely to be pessimistic than optimistic. The worst news is that however tightly AI labs limit access to their most hazardous creations, criminals will catch up. Soon after Anthropic unveiled Mythos, OpenAI produced its own 5.5 series that, according to the British government’s AI Security Institute, may be even stronger. Many expect other model-makers, such as open-source or Chinese outfits, to quickly develop the long-term reasoning and other capabilities that make Mythos and 5.5-Cyber so effective. The genie is out of the bottle. Even before the new models were released, older ones were enabling hackers to intrude faster and more frequently. CrowdStrike has said that AI- enhanced attacks rose by 89% in 2025 from the year before. PAN found that, equipped with AI, the fastest quartile of attackers were able to steal data from a software system they had broken into in just over an hour last year, down from almost five in 2024. A typical firm may take days to detect a breach. The rise of autonomous AI agents that can handle multiple tasks on their own further increases the risks. As Mr Arora says, hackers can use agentic tools to be even more menacing. And the more firms adopt agents for coding, customer service and so on, the bigger the area for hackers to attack. In anticipation of this, late last month PAN said it would acquire Portkey, a firm that helps manage and protect AI agents. Firms “are building more

software than ever, so we are exposing ourselves more”, says Jeremy D’Hoinne of Gartner, an IT consultancy. Already companies are overstretched as they try to patch the bugs that AI tools are helping to reveal. Security flaws are tagged as “common vulnerabilities and exposures” (CVEs), which are made known either to the firms that make the software or to specialised organisations. The number of CVEs reported has been surging recently (see chart). Mr Meyers of CrowdStrike says some speculate that the annual figure could soon increase ten-fold, to 480,000, as more powerful AI models detect even more bugs. “The assumption is that AI will find vulnerabilities faster than patches can be written,” says Erik Nost of Forrester, another consultancy. The good news is that though AI is arming attackers, it is also aiding the defenders. Some businesses considered especially critical to the infrastructure of the internet, such as hyperscalers and cyber-security firms, have gained access to the limited-release Mythos and 5.5-Cyber models of Anthropic and OpenAI, respectively, to test their own systems. The two AI labs also have lower tiers, whose members are given access to models that are slightly less permissive than Mythos and 5.5-Cyber but have more cyber- capabilities than those on general release. The recipients are akin to pandemic-era key workers receiving early doses of vaccines.

Mozilla, creator of Firefox, a web browser, recently offered an optimistic example: an early version of Mythos helped it identify 271 vulnerabilities in a new iteration of Firefox. It said the model was capable of identifying every bug that a human could, which was not possible only a few months ago. This helped level the playing field against attackers. “Defenders finally have a chance to win, decisively,” it said in a blog post. But it is not just the enhanced capabilities of the cutting-edge models that are assisting defenders. Cyber-security firms are also developing their own tools, which they call harnesses, to make all models more effective. On May 12th Cisco, an IT giant with access to both Mythos and 5.5-Cyber, said it would make available an open-source, step-by-step guide to creating cyber- security harnesses to help firms use any model to boost their defences. There are widespread hopes that the industry can rise to the challenge of AI if it gets its act together. Anthropic and OpenAI have won widespread plaudits for leading a collaborative approach. But although Mr Arora gives them an A+ for intent, PAN’s boss reckons neither the labs nor the cyber- security industry deserves more than a B+ for execution. That is partly because AI threats are still so new that everyone is learning as they go. “There’s no magic bullet. There’s no panacea. We don’t know what the right answer is yet.” Music to the ears of hackers, no doubt. ■ To track the trends shaping commerce, industry and technology, sign up to “The Bottom Line”, our weekly subscriber-only newsletter on global business. This article was downloaded by zlibrary from https://www.economist.com//business/2026/05/13/the-war-between-businesses-and- hackers-enters-a-perilous-new-phase