I seem to oscillate between extremes when it comes to AI's impact on technology and the future of humanity, but once in a while something is publicized that makes me wonder where we are heading. Anthropic's announcement of Mythos and the subsequent partnerships in Project Glasswing might be one of those moments. While Mythos shouldn't be a surprise as it feels like a natural progression of AppSec, it is important that we understand what it can and cannot do, and what it will ultimately do to the industry that we know today.
For starters, in the AppSec space, we've not had much trouble in generating findings over the dozen or more years that I've been in it. We could fire up scanning tools and dump out hundreds or thousands (or hundreds of thousands) of vulnerabilities and throw them at developers. But that's what got us in trouble to begin with. Were those findings actually reachable, exploitable? Who really knew unless you thoroughly triaged the findings. We just knew that we could generate security findings in code at will, without much context, because writing software is complex. And with complexity comes insecurity.
The real problem with turning over rocks to see what's under there is the question of "what's next?" Developers and defenders only have so much bandwidth to address the findings, and need to balance that against the feature requests that often take the higher priority.
[RELATED: Anthropic's Claude Mythos Signals a New Era in AI-Powered Cybersecurity—and a Race No One Is Ready For]
What we know about Mythos
While the details about Mythos will continue to become more clear over time, here is what is known today. Mythos is an agentic LLM that can autonomously plan, execute, and chain together complex multi-step tasks without human intervention. While originally built as a general-purpose AI, it excels specifically at cybersecurity, software engineering, and long-running agentic workflows. Perhaps most worrying, Mythos can be a zero-day generator capable of identifying and exploiting undiscovered vulnerabilities across major operating systems, web browsers, and critical software infrastructure. This is the reason that Anthropic partnered with more than 50 organizations such as AWS, Apple, Cisco, CrowdStike, Google, JPMorgan Chase, Microsoft, and others in order to provide them with early access and the ability to patch vulnerabilities in some of the most critical and widely used systems we know.
But wait, there's more. While most scanners today produce vanilla remediation guidance, Mythos can provide working exploits that a defender (or attacker) can use to prove out the potential vulnerability. And it does so with a higher success rate than previous models. If you've ever reviewed the output from a scanning tool that identifies a SQL injection vulnerability, you'll likely see the remediation listed as "use parametrized queries" or "sanitize your inputs." Those unhelpful messages would mean that developers were required to dig into the findings to identify the code path and formulate a custom remediation that would address the finding. It also likely meant sending a message to the AppSec team to ask for clarity on what the finding meant and help with the remediation. Essentially, a real "white-gloved" (and time consuming) approach to a single vulnerability.
But Mythos' provides for the ability to uncover and exploit vulnerabilities in systems at speed and scale. And with exploit code in hand, we know that the particular findings are exploitable.
Finding was never the hard part
After more than a decade of integrating SAST, DAST, SCA, IAST, and all the other ASTs available, we are still no more secure than we were back then. Product creation means writing code. Writing code means creating vulnerabilities. Creating vulnerabilities means developing remediation. But the number of false positives, unreachable code, low risk systems, and no context to the findings meant that most teams spun their wheels on trying to fight fires in an empty field. In other words, spending time on tasks that posed little risk to the organization. And with each passing vulnerability that never became "the one" (the front page news incident), the teams would trust the next finding just a little less.
So, with Mythos finding actionable vulnerabilities, do we have a reset opportunity? Well, no. We still have a bandwidth problem on the developers' side which is about to get exponentially worse. Now, instead of being flooded with findings that are of poor quality and likely never to be exploited, developers are about to be flooded with findings that are true positives that can be rapidly exploited. The known-but-unpatched surface area is now larger than the unknown surface area was six months ago. That's a new, higher category of risk.
What this likely means today is that the days of adversaries stockpiling zero-days and defenders chasing CVEs are likely over, and we're entering an era where these start to become less meaningful in favor of a perpetual state of attack and defend.
Who can patch the fastest
If CVE burndown and stockpiling zero-days stop becoming the measure of successful attack/defense, then what does the future of a cyber program look like? Bottom line: patch fast and automate controls. With the April 14th announcement that NIST will no longer enrich submitted CVEs to the NVD, due mostly to the surge in submissions, organizations will need to rely less on the structural and foundational methods of the past and move to a continuous patching posture. This shouldn't be a surprise as it's been preached by most AppSec folks over the years. The CVEs that have been released by the NVD are generic and are often not as actionable to an organization without context (i.e., a critical CVE identified today by the NVD may or may not be critical to your organization). So, while CVEs and the associated CVSS scores are a great starting point, they often don't match the reality of an organization's true posture.
What Mythos provides for organizations is the ability to identify the gaps in their current posture, at both scale and speed. Organizations should take the opportunity to establish their current baselines, leverage Mythos (once widely available) or other similar models to scan their environments for valid findings, and patch the findings most impactful to the overall risk of the organization. However, this is just a snapshot in time and doesn't do much for future ongoing attacks. Even if the organization identifies and fixes all vulnerabilities today, tomorrow their systems and code will change, exposing new vulnerabilities.
Fighting fire with fire
Enter the "Agentic Defender." Yes, it sounds like marketing-speak, but the underlying idea is right. Attackers are being empowered with AI tools and models capable of creating novel attack chains in an hour. The agentic defender will have to move beyond looking for known-bad and start looking for "not normal" using the same tools and probing the same way attackers do. This type of continuous agentic red-teaming isn't a replacement for your annual pentest (another likely relic soon to disappear); it's an acknowledgment that the annual pentest is now one afternoon of work for something like Mythos. The premise is simple: find the vulnerability before your adversary does.
Once vulnerabilities have been identified the defenders, AppSec, and development teams need to leverage the same speed offered by AI in a defensive manner. Develop, test, and deploy remediations to establish a self-healing environment where the defender's AI anticipates attack paths based on the adversarial testing and automatically develops remediations to close vulnerabilities before they can be exploited. The upside of all this automation is that your human analysts finally get to do the work you hired them for. Triage volume, alert enrichment, routine investigation? These should be agent tasks now. Threat hunting, architecture decisions, and supervising the autonomous workflows themselves are the human tasks.
[RELATED: Leadership in the Age of AI]
However, if you're going to turn agents loose on your own infrastructure, you need governance that isn't optional. Use scope limits with explicit written authorization for every target. Testing should be confined to sandboxed environments, not production, no matter how much a tool or vendor assures you the agent is "safe." Apply strict API and secret hygiene, because these agents will absolutely find the credentials you forgot you committed to a private repo. And create immutable audit trails for every action the agent takes, because when something goes sideways, you will need a record to reconstruct what happened.
Architecturally, organizations should be working with stateless environments that can handle nightly rebuilds. Patching can be slow when the environment must be carefully updated, with all the attendant anxiety about connection draining, session migration, in-flight transactions, and the one legacy database that nobody wants to touch. The fix is designing services that can be thrown away and rebuilt on a nightly cadence, where "patching" means means the next build picks up the updated dependency and rolls out in the morning. Containers, immutable infrastructure, and externalized state become the prerequisite for eventual agentic patching.
The other architectural shift is retiring the idea that your vulnerability management program's job is to eliminate vulnerabilities. It isn't, and it never was. With Mythos, there will be too many, they ship faster than you can patch, and now they come with working exploits attached. The job is to ensure that when a vulnerability does get exploited that the attacker finds themselves in a small, boring corner of your environment with nothing of value. In other words, a reduced blast radius for a small window of time.
The path forward
The announcement of Mythos is headline grabbing, but the reality is that it only exposed what most of us have already known. We don't have a finding problem, we have a fixing problem. This is only accelerated and made worse by Mythos and future models. The programs that make it through the coming months, and into the future, are the ones that invest in the layers Mythos doesn't touch: prioritization, reachability, architecture for blast-radius containment, runtime protection, and deployment pipelines fast enough to make "patch now" mean something. We're entering a world of autonomous exploitation. Organizations that do not adopt Mythos-level patching speeds and agentic defensive tools are no longer just at risk; they are sitting ducks. The machine is here. The only question is whether your defense can keep pace with its speed.
This article was published originally here.
