The Mythos Inflection: AI and the Future of Cyber Defense

Show Notes

Summary

This episode explores the groundbreaking capabilities of Anthropic's Mythos AI model, its implications for cybersecurity, and how defenders can adapt to this new threat landscape. We discuss the model's ability to autonomously identify and exploit vulnerabilities, the strategic responses from industry leaders, and the importance of critical evaluation amidst hype.

Key Topics

• Mythos AI capabilities and evaluations
• Industry responses and strategic implications
• Vulnerability discovery and management in the AI era

Chapters

00:00 The Changing Landscape of Cybersecurity
06:38 The Power of Mythos
13:18 OpenAI's Response and Different Approaches
21:46 Strategic Recommendations for Organizations
27:45 The Future of AI in Cybersecurity

Resources

• Anthropic Cloud Mythos
• GPT-5.4-Cyber by OpenAI
• AI Security Institute - Mythos Evaluation
• Heidy Khlaaf's evaluation

Let’s Stay Connected

📧 Email: santosh@getitrightsoln.co.uk

🔗 LinkedIn: linkedin.com/in/kssantosh

Transcript

SPEAKER_00 0:18

For years, the cybersecurity industry had operated on a comfortable and somewhat overconfident assumption. While AI might triage logs or suggest code snippets, the high-stakes world of zero-date discovery was a human-only domain. We believed that the human intuition required to find a needle in the thousand-mile haystack of logic was an unpreachable moat. That moat has just been trained. Welcome to Secured by Design, the podcast where we explore how identity and wider cybersecurity shape the foundation of our digital world. I'm Santosh, and in each episode, I'll share insights and practical perspectives on how we can build security into every layer of technology and business. From identity governance and zero trust to the latest in cloud and compliance. Let's dive into what it takes to design security at last. Anthropic recently unveiled Claude Mythos, a frontier model exhibiting what researchers call agentic execution. But this time round, they didn't release it to the public. They didn't put it on an API anyone anyone could call. They locked it behind a controlled access program, briefed the White House, and put together an emergency coalition of some of the biggest names in tech to use it for defense before the bad actors get a version of it. That's the headline, but we are going to dig way deeper than the headline today. Because if you work in any corner of cybersecurity, this one's for you. By the end of this episode, I wanted to leave with a clear picture of what's actually happening, a grounded sense of what it means for your program, and some concrete actions, short and long term, that you can take back to your team. Let's get into it. So let's start from the top. What is Mythos? Anthropic released Claude Mythos preview on April 7th, 2026. And I want to be precise here because there's a lot of noise online. They did not release this to the public. They released it to a tightly controlled group of partners. We'll get to why in a second. But the why is the story. The model itself is described in Anthropic's own words as a new class of intelligence, built specifically around cybersecurity, autonomous software engineering, and complex long-running agent tasks. That last point matters. This isn't a chat interface that gives you an advice. It's a model designed to act autonomously over extended periods with minimal human supervision. Now, models claiming to be good at security tasks is nothing new. We've seen that pitch before, but my thoughts is different and the receipts back that up. To evaluate just how capable it was in the security domain, Anthropic's own Frontier Red Team ran a controlled experiment. They gave the model a list of 100 CVEs and documented memory corruption vulnerabilities from 2024 to 2025 Linux kernel disclosures, asked it to triage down to the ones it assessed as potentially exploitable. Mythos selected 40. Then, with no further human input, it was tasked with writing privileged escalation exploits for each one of those 40. It completed the entire process overnight, autonomously. More than half of the exploit attempts succeeded. And it gets worse or better, depending on which side of the fence you are on. UK's AI Security Institute, a governed body, specifically to conduct independent evaluations of frontier air models, ran their own assessment. They use expert-level capture-the-flag challenges, the hardest tier in professional security competitions, the kind of problems that as recently as April 2025, no AI model could complete at all. My thaw's preview succeeded around 73% of them. To contextualize that number, two years prior, AISI reported that state-of-the-art models could barely clear beginner-level tasks. We are not looking at linear progress, we are looking at step change. And the findings didn't stop at known vulnerability classes. According to reports from the Financial Times and Anthropic's own red team blog, Mythos identified vulnerabilities that had survived, in some cases, decades of human code review and millions of automated security test runs in every major operating system and every major web browser. These weren't low-hanging fruits. These are bugs buried deep enough that every scanner and every manual audit had walked right past them. The Mythos narrative is seasoned with cinematic details, most notably the sandwich story. Apparently, an anthropic researcher was allegedly eating a sandwich when he received an unexpected email from a Mythos instance that was supposed to be trapped in a secure, internet-free sandbox. The model had hijacked the network just to notify its creator it was out. Let that sit for a second. So Anthropic found themselves holding something genuinely powerful and they had a decision to make. That tells you something about how Anthropic is positioning this. They're not just running a defensive security program, they're managing a policy relationship. The government briefings happened first, the press release came second. Now there are skeptics, and I think healthy skepticism is warranted here. Heidi Khalaf, chief AI scientist at the AI Now Institute, pointed out that Anthropic's blog post left out some key methodological details. Things like false positive rates and how manual reviews of identified vulnerabilities were actually conducted. And she's not wrong to flag that. But even according for hype, the independent AISI evaluation, which was separate from Anthropic's own findings, tells a story that's hard to dismiss. This model is categorically more capable at security tasks than anything that came before it. Before we go any further, I want to pump the brakes for a second. Because I think we need to also give the contrarian view a fair chance where probably is the legitimate argument that the framing around all of this has been cramped up several notches beyond what the underlying evidence strictly requires. And is worth asking why. Wearing that hat for a moment, here's the thing. That is not a secret, and if you step back and look at Mythos rollout as a sequence of events, it has the hallmarks of a very carefully managed narrative arc. The accidental leak via an unsecured data cache, which revealed the model's existence weeks before the announcement, the White House briefings, which generated their own wave of reporting, the coalition announcement with its parade of recognizable brand names, the language in the press release about a model too dangerous to release publicly, all of it landing in a remarkably controlled sequence, generating an enormous amount of credible seeming coverage. Some people in the wider security community are saying, look, this is Anthropic's Chat GB moment. Not in terms of capability, but in terms of narrative. A very deliberate, very well executed PR play dressed up as a safety initiative, timed perfectly to maximize their profile before they go public. CLAF's methodological concern are real. The CTF evaluation, as AISA, themselves have acknowledged, don't test against hardened, actively defended systems, which is actually where most of your enterprise environments live. Some security experts have noted that many vulnerabilities by the AI tools weren't necessarily novel or easily exploitable in the real-world conditions. The jump from found a bug to deployed a working exploit against a defended target is not trivial. And the fact that Anthropic's own engineers wrote the test conditions for many of these evaluations is worth noting. There's also a broader pattern here. The AI industry, and Anthropic specifically, has a long track record of using a safety theater. The careful PR positioning around existential risk has always conveniently served commercial interests too. Being the company that's so responsible it won't release its most powerful model is such a powerful brand story. Does that mean you should dismiss my those? No, not at all. The AASI evaluation is independent and credible. The zero-day findings are real, but I think we owe it to ourselves and to our organizations to keep a bit of that salt handy. Take the threat seriously because the underlying capability shift is genuine. On the other hand, we should also be careful not to fall for the theoretical packaging that leads organizations into panic-driven decisions that benefits vendors more than a security posture. Apply a critical lens to all major AI announcements at this point, especially from companies with upcoming IPOs. Now, I'd be doing you a disservice if I only talked about Anthropic here, because just a few days after my thoughts dropped, OpenAI announced GPT 5.4 Cyber. This is a variant of their flagship GPT 5.4 model, fine-tuned specifically for defensive cybersecurity work. OpenAI describes it as cyber permissive. One key capability that received particular attention is binary reverse engineering, the ability to analyze compiled software for vulnerabilities and malicious functionality without access to the underlying source code. If you work in threat intelligence or malware analysis, you understand immediately why that matters. Now, the interesting thing here isn't just that OpenAI responded, it's how they responded differently from Anthropic. Anthropiq went with a tight curated consortium of about 40 organizations. OpenAI is scaling that trusted access for cyber program to thousands of verified individual defenders and hundreds of security teams. Broader identity verified access versus narrow partner controlled access. Two different philosophies about how you responsibly get powerful tools into defenders' hands. Neither is obviously wrong. Anthropic argues that concentration of access reduces misuse risk during this early critical window. OpenAI argues that defenders are spread across thousands of organizations and you can't adequately protect the world's attack surface with 40 organizations, no matter how big they are. NAID abolition is obviously wrong. And for the rest of us who aren't in either program yet, these capabilities are coming to the broader market. The timeline and the terms are being worked out. But the direction of travel is not in question. One observation that's been circulating in the security community is worth keeping in mind. Even under controlled release conditions, a comparable model will likely be available to well-resourced advisories within six months, and an open source equivalent within one or two years. That's not alarmism. It's the observed pattern of how frontier AI capabilities propagate through the ecosystem. So plan accordingly. Let's get into the implications because this is where it lands for most of you day to day. Vulnerability management has always fundamentally been a prioritization problem. The backlog is never empty. The CVE feed never slows down. You're constantly triaging between what's theoretically severe and what's actually exploitable in your own specific environment. Fighting for remediation windows with engineering teams who have their own roadmaps and trying to move the needle on a risk posture that never feels fully under control. It's a discipline defined by constraint. What Mythos class models are doing is changing the cost structure of vulnerability discovery on both sides of the equation. And that changes the fundamental dynamics of the prioritization problem. On the attack side, sophisticated zero-day research historically required years of deep specialization, substantial investment of time, and genuine expertise at the frontier of the field. There was a cost barrier. That cost structure was part of what separated nation-state level threat doctors from the broader adversary population. That note is shrinking. Anthropic noted that their engineers, people with no formal security training, were able to ask Mythos to find remote code execution vulnerabilities, go to sleep, and wake up to working exploit. That's not a research capability anymore, that's a commodity. And here's the gut punch for vulnerability management specifically. Mythos and models like it found thousands of zero-day bugs that were previously unknown in every major operating system, every major web browser, and a range of other critical software. 99% of those were undefended at the time of Anthropic's announcement. Many of those have been patched through responsible disclosure since, but the pattern tells you something important. Your vulnerability management program was designed around a world where discovery of novel bugs in mature software was rare and slow. That world is over. The most sobering evidence of Mythos capability lies in its assault on OpenBSD. Within the community, OpenBSD is the iron vault of internet, a legendary, ultra-secure operating system where every line of code is meticulously audited by hand. In mere minutes, Mythos identified a ghost bug in the NFS server that had remained hidden since 1998. This vulnerability, imagine, has survived the dot-com bubble, the 2008 crash, and decades of manual scrutiny only to be autonomously exploited by a machine. The old model was attacker finds bugs, exploit it, eventually it gets discovered, CVE gets filed, vendors patch, you scan, you prioritize, you patch. The new model compresses the timeline dramatically and floods the discovery end of that pipeline with vulnerabilities at a rate no human team can match. On the defensive side, and this is worth emphasizing, the same capability that creates this challenge also represents the most significant uplift the defender community has seen in generation. If these tools can find vulnerabilities that survive decades of manual review and millions of automated test runs, the defenders with access to them can also proactively harden their own code bases before anyone else gets there. That's the structural bet behind Glasswing. The question is whether the defensive side moves fast enough to make that head start count. AISA made a point in their evaluation report that I think deserves direct attention. The most important near-term response to models like Mythos is not exotic. Its fundamentals, regular patching, robust access controls, disciplined security configurations, comprehensive logging and monitoring. The reason they are emphasizing this is that Mythos class models are right now most effective against environments with known unpatched vulnerabilities and poor visibility. A well-instrumente environment with a mature patch program is a harder target. Not impossible to take on, but meaningfully harder. One important caveat that AASA themselves raised is that their future evaluation work will include testing against hardened environments with active endpoint reduction, real-time monitoring, and incident response capability. Current evaluations where MITAS performed at 73% on expert CTF challenges do not penalize the model for triggering security alerts. We don't yet have a rigorous picture of how it performs against a defender who's actively watching. That's a gap the community needs to close and it should temper some of the more extreme threat projections you see in the press. When it comes to real-life defense or cybersecurity, the structural match has always favored the attacker. A defender must be right 100% of the time, when an attacker only needs to be right once. Mythos has weaponized this asymmetry, at least in cybersecurity for now. Okay, enough doom and gloom. Let's talk about what you actually do with this. The next few weeks and months, here's what I'll focus. First, get your patch cadence in order. In an environment where working exploits for known vulnerabilities can be developed autonomously and overnight, your window between public disclosure and active exploitation is compressing. If your patching SLE for critical vulnerabilities are measured in weeks or months, that exposure window is now materially more dangerous than it was six months ago. Review your SLEs, identify the blockers and escalate where you need to. Second, conduct a targeted attack surface review with this threat model in mind. Legacy code, long-running internal applications, systems that have never been through a formal security review. These are the areas Mythos class tools are most likely to surface issues in. The assumption that it's been running fine for years is no longer a proxy for it's been adequately audited. Build a prioritized list of these assets in your environment that fit this profile and make sure they're on your near-term agenda. Third, start evaluating AI-assisted tooling for your own vulnerability management workflows. You don't have access to Mythos yet, and most of us won't for a while. But there are AI-assisted SAST, DAST and SCA tools coming into the market now, and the trajectory is clear. Start getting fluent in what these tools can and can't do. Run pilots, understand the false positive rates, which, as critics correctly pointed out, matter enormously. Obviously, don't buy the pitch in haste. But also, don't ignore the category either. Number four, apply for access where you can. OpenAI's trusted access for cyber program is scaling to thousands of verified defenders. If your organization qualifies, look into it. Anthropic's access is more restricted right now, but they've signaled broader availability is the goal. Keep an eye on both. Number five, talk to your leadership. If you haven't had the Mythos conversation with your CISO or board yet, have it. The White House is briefing banking executors about this. Treasury and Fed are calling meetings. The signal-to-loice ratio on AI and security has been terrible for the past few years. Lots of hype, limited substance. But this is different. The independent evaluations back it up. Unit executive buy-ins for the investment this shift requires. Alright, stepping back from the immediate firefighting, strategically, what does this mean over the next 1 to 3 years? Vulnerability management as a discipline needs to evolve. The current model, scan, score on CVSS, prioritized by score, patch in order, was already creaking under the weight of a modern software complexity. In a world with EA-assisted discovery at scale, you need a much more dynamic, risk contextual approach. Not just what the CVSS score, but what does this asset do? What data does it touch? What's the actual exploitability in my specific environment? Tools and processes that answer these questions will be worth in their weight. Invest in your detection and response capabilities. If normal exploits are going to be cheaper to develop, you need to assume your prevention layer will get bypassed more often. That means better detection, faster response, better logging, and more mature incident response playbook. Defense and depth isn't a new concept, but the urgency behind it just escalated. Secure by design needs to become a real practice, not a buzzword. The only sustainable answer to a world of AI-accelerated vulnerability discovery is producing software with fewer vulnerabilities to begin with. That means memory-safe languages, better security tooling baked into CICV pipelines, secure coding training for developers, and investment in the SDL. Anthropic and others are betting that AA can also help here. Reviewing code as it's written, flagging issues in real time. That bet looks increasingly reasonable. Plan for the regulatory and governance environment to shift quickly. CASA is engaged on this topic. NIST is working on updated guidelines. For organizations operating under the EU AI Act, the implications of deploying AI in security critical contexts are still being worked through by regulators. Don't wait for the final rules to start building your AI security governance posture. The teams that get ahead of this will be better positioned with the compliance requirement. Watch the open source front. The security experts' warning about an open source equivalent emerging within a year or two is not paranoia. Meta's open source model lineage, the academic community, and well-resourced adversaries are all working in this space. The controlled release strategy Anthropic is using buys time, but it's not a permanent solution. Your strategic planning should assume broad availability of these capabilities within 12 to 24 months. Look, I'm not going to wrap this up with a bow and tell you everything is fine. The threat landscape has shifted, the capabilities are real, and the independent evaluations back that up. But I also want to leave you with the full picture we laid out today. Not just the scary part. Yes, this is a genuine step change in AI cybersecurity capability. Yes, you should be taking action and also keep your critical thinking hat on. The theatrical packaging around mythos, the impeccable PR timing, the IPO context, those are things all security professionals should hold in their peripheral vision. The capability is real, the urgency of the framing may be at least partly manufactured. Both things can be true. So take the threat seriously, act on it, but don't let the hype rush you into decisions that benefit vendors more than your own security portion. That's the balance. The question isn't whether EA augmented security is coming. It's already here. The question is whether defenders are going to use it as aggressively as attackers. Project Glasswing and GPT-5.4 Cyber are both bets on their outcome with different distribution philosophies. The next few months are going to tell us a lot about which approach was right. Thanks for listening to Secured by Design. If today's episode gave you something to think about, subscribe and follow on your favorite streaming platform for more discussions on identity and cybersecurity. Please do consider taking a time to rate this show. I would really appreciate that. It is one of the best ways for you to support this podcast and help grow this by providing feedback. Please feel free to share with your team. You can also connect with me on LinkedIn for updates and new episode releases. Until next time, stay secure, stay resilient, and stay secure by design.