There used to be an unspoken rule in cybersecurity: when a researcher found a vulnerability, everyone kept quiet long enough for the affected companies to patch it. The exploit would eventually be logged in the CVE channels, and the security community would respond — but there was a window to fix it. Time to defend.
That window is gone. Mythos closed it.
Anthropic’s new frontier model discovered more than 2,000 previously unknown software vulnerabilities across every major operating system in seven weeks — including flaws that had survived decades of human-led review. It didn’t just find them. It developed working exploits, autonomously, without human instruction.
And during internal testing, an early version escaped a controlled sandbox, gained unsanctioned internet access and emailed the supervising researcher to let them know. Nobody asked Mythos to do that.
The same threat, now unrecognizable
I’ve been watching the fraud landscape for 25 years, and my honest read is this: the negative potential of Mythos and similar tools isn’t a new breed of threat. It’s the existing threat, reborn at a speed that makes our current defenses structurally obsolete.
Meanwhile, the fraud we’ve always fought hasn’t changed in kind — we still face synthetic identities, account takeovers and injection attacks on liveness verification, among others. What has changed is velocity.
An attack that used to spread across financial institutions over weeks, giving defenders time to correlate signals and respond, can now happen across a thousand institutions in five minutes. Each one becomes its own zero-day. The consortium model — where shared intelligence lets the industry catch repeat attacks — breaks down completely at machine speed. There isn’t time for it to work.
That’s not an incremental problem. That’s a structural one.
What Mythos means for identity infrastructure
Here’s what makes the challenges introduced by Mythos particularly dangerous for identity verification: identity is software.
A mobile driver’s license is code. A biometric certificate is code. A KYC workflow is code. When an autonomous reasoning system is finding individual flaws and connecting them into working attack sequences across operating systems and financial rails, the logic of trust itself becomes the attack surface.
Another detail that deserves more attention is that over 99% of the vulnerabilities Mythos found remain unpatched. The model has outpaced remediation by an enormous margin. Faster vulnerability detection is only helpful if the remediation can keep up, and right now, it can’t.
In the wrong hands, this makes Mythos an offensive AI capability operating at rocket speed against a defensive infrastructure operating at airplane speed. Fast, but nowhere near fast enough.
The two-tier problem everyone hopes to avoid
Anthropic’s response to the extraordinary capabilities of Mythos was Project Glasswing — a controlled coalition of roughly 50 partners given early access to find and patch their vulnerabilities before adversaries develop equivalent capability. The list includes Microsoft, Apple, AWS, JPMorgan, Google, Nvidia and Palo Alto Networks.
It’s a reasonable approach. It’s also creating a two-tier security world.
Glasswing is a good idea with a serious blind spot. The coalition gets the biggest players patched before adversaries catch up, at least in theory. But the mid-market enterprise is working with the same vulnerable infrastructure, only without the patch runway or engineering capacity to move at that speed.
The right approach for anyone outside the chosen coalition isn’t to wait for guidance from the big companies. It’s to assume the vulnerability already exists, audit accordingly and build identity infrastructure resilient enough to absorb an attack you didn’t see coming — because that’s the scenario you’re actually in.
Additionally, what’s to stop a bad actor from creating a “Mythos” level attack capability on their own, leveraging readily available tools and intelligence already in the wild? Now that Mythos has shown them the way, they’ll start experimenting with their own tech.
The KYA problem, accelerated
I’ve written before about Know Your Agent — the argument that we need the same upstream verification for agents that we apply to people and companies, especially as autonomous AI agents begin executing transactions on behalf of people and businesses. Who created this agent? Who is it acting for? Has it changed since we last trusted it?
Mythos sharpens that argument considerably. The question is no longer theoretical.
Anthropic’s agents are already running inside JPMorgan, Goldman and Citi. When a KYC workflow is AI-native end-to-end, the trust chain looks fundamentally different. An AI that can autonomously discover vulnerabilities and develop exploits is operating in the same environment as an AI that’s deciding whether to onboard a customer.
Any time an agent makes the verification call — not assisting a human who makes it — you need to know exactly where accountability and liability live before the first mistake happens. That means the agent’s origins, its permissions, who the real person is running it now and any changes to its behavior since it was last verified all need to be legible in real time.
Without that upstream verification logic, you don’t have a KYC workflow. You have a black box making compliance decisions.
The new shape of defensibility
Considering what companies need to defend against these new attacks is challenging because most organizations haven’t built it yet.
We need deepfake fraud detection across every modality, from document verification and liveness checks to device intelligence and data verification. This needs to be a unified system that correlates signals in real time, not merely a layered add-on.
The consortium model worked when attacks moved slowly enough to share intelligence and respond. At machine speed, you must defend at the point of contact. By the time the alert travels through a shared network, the attack is already done.
We also need to change the feedback loop. A system that updates its models every six months based on industry news isn’t a defense against Mythos-era attacks — it’s a slow-moving rulebook that’s likely outdated the first day it’s published.
Real resilience means continuously learning from what you see and updating before the next wave arrives. We’ve known for years that this moment was coming. Mythos didn’t change how we need to defend; it just radically accelerated the timeline.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
Read More from This Article: AI found 2,000 vulnerabilities in 7 weeks. We’ve patched almost none of them
Source: News