I start most conversations now with the disclaimer that I’m not an AI like my namesake. But I’m also not a financial advisor or an investment analyst. I’m a former CISO and former cybersecurity industry analyst. I’m looking at the Mythos moment purely through the lens of someone who has lived inside the architectures now being stress-tested, and I think the market’s reaction reveals a misunderstanding of where cybersecurity value actually lives. In fact, that was the original title of this blog – The Market Missed the Point.
What Happened?
On March 26, a Fortune reporter found something in an unsecured Anthropic data cache: a draft blog post referencing an internal model called “Capybara,” later revealed as Claude Mythos. The market didn’t wait for details. CrowdStrike dropped 7.5%. Palo Alto Networks shed over 6%. Zscaler and Okta fell between 5 and 8%. Over three sessions, the damage deepened: Palo Alto down roughly 12%, Akamai 20%, CrowdStrike 11%, Fortinet 8%.
Then, on April 7, Anthropic formally launched Project Glasswing, a $100 million coalition partnering Claude Mythos Preview with AWS, Apple, Microsoft, Google, CrowdStrike, Palo Alto Networks, and others for defensive vulnerability discovery. Cybersecurity stocks reversed. CrowdStrike gained 3.5%. Palo Alto climbed 3%. That whipsaw invites an honest question. Was the sell-off a genuine repricing of risk, or was it profit-taking when a scary headline gave institutional investors convenient cover? Cybersecurity stocks had been on a strong run. Many were trading at elevated multiples. A story about an AI that breaks all software is exactly the kind of catalyst that lets funds take chips off the table without needing a company-specific thesis.
I suspect the answer is both, and that’s the problem. Whether the sell-off was conviction or convenience, it was undifferentiated. The market treated all cybersecurity companies as equally exposed to the same disruption. They aren’t. The architecture argument for why they aren’t is what the industry needs to internalize right now.
What Is Mythos?
Claude Mythos Preview is a general-purpose frontier model that is seemingly very good at cybersecurity tasks. Anthropic didn’t train it for security; the capabilities emerged from its agentic coding and reasoning. I encourage you to refresh your memory of the infinite monkey theorem. According to Anthropic, Mythos autonomously discovered thousands of high-severity zero-day vulnerabilities across every major operating system and browser. It chained four independent bugs into an exploit that bypassed both browser renderer and OS sandboxing. To a certain extent, this has been corroborated by “real-world testing”. The UK AI Security Institute confirmed that Mythos is a step up from previous frontier models, succeeding 73% of the time on expert-level Capture the Flag exercises and completing multi-stage attack simulations no other AI had finished.
But here’s the qualifier that most coverage buried. AISI noted that its test environments lacked the active defenders and defensive tooling present in real-world systems. Mythos worked against poorly defended systems. Whether it would succeed against well-defended ones was not definitely answered.
This matters less than you’d think. There are plenty of poorly defended systems out there.
The Asymmetry Between Attackers and Defenders After Mythos
Defining what is a well-defended system isn’t even really up to the defenders to decide, and the asymmetric advantage is already heavily stacked towards the attackers. The Cloud Security Alliance put the asymmetry simply: AI lowers the cost and skill required to find and exploit vulnerabilities, while defenders still run systems built for human-speed threats. CyberScoop doubled down on the reduction of skills for exploit creation: Mythos is closing the gap between amateur attackers and technically skilled nation state attackers. The line between discovering a vulnerability and weaponizing is almost non-existent in both time and skill as agentic coding and reasoning allows attackers to iterate at scale.
https://zerodayclock.com/
Anthropic themselves have been blunt in their own view of the impact – almost to the point of being deemed . They warned that Mythos-class capabilities will proliferate beyond responsible actors. Jerome Powell and Scott Bessent held an emergency meeting with major bank CEOs to talk through the implications. Mythos found a 17-year-old RCE vulnerability in FreeBSD and exploited it autonomously. The standard 90-day disclosure window was designed for human-speed research.
This Gating Has Already Failed
This week, unauthorized users gained access to Mythos through a third-party vendor environment. Anthropic confirmed this after the breach became public. A handful of people made educated guesses about the model’s location based on patterns in Anthropic’s previous deployments. Information about those patterns had been exposed in the Mercor supply-chain breach. Access came from a private Discord channel, and the group has reportedly been ‘playing around’ with it without malicious intent.
The breach reveals something more troubling than the model’s capabilities: the controlled release strategy collapsed at the weakest possible point. It didn’t require sophisticated attacks. A contractor with knowledge of Anthropic’s URL patterns made an educated guess on day one. The entire gating mechanism failed before the model’s capabilities were even relevant – so much for well-defended systems.
AppSec Can’t Scale
This is where the undifferentiated sell-off needs to be picked apart. What Mythos breaks is the find-and-fix paradigm: the assumption that if you discover flaws fast enough and patch them quickly enough, you stay ahead of attackers. That assumption was already failing. Anthropic reports that over 99% of Mythos-discovered vulnerabilities remain unpatched as of the April 14. No surprises there – the Checkmarx 2026 Industry Outlook found that 81% of organizations knowingly ship vulnerable code, over a third say 60%+ of their code is AI-generated, and 98% experienced a breach from vulnerable in-house code in the past year. Orca’s 2026 AppSec Report adds that 77% of critical vulnerabilities persist for 90+ days.
Wiz said it plainly: “We will never be able to patch fast enough.”
AI accelerates the appearance of vulnerabilities. The remediation pipeline, which runs predominantly on human triage, change control, regression testing, and deployment, does not speed up to match. The big question now is whether with AI generating the code that introduces the vulnerabilities in the first place, have we created a perpetual vulnerability machine?
So What Does Scale? Reducing the Attack Surface and Blast Radius
If patching can’t keep pace, the question changes. Instead of “how fast can we fix?” you have to ask: how much of our environment is exposed when a vulnerability gets exploited, and how far can an attacker get once inside? ISACA recommended that organizations “advocate for architectural changes that reduce blast radius, increase network segmentation, and reduce manual patching activities.” That’s not a call for better scanning tools. It’s an acknowledgment that AppSec as a primary defense layer has hit a ceiling.
I want to be clear: I’m writing this as a former CISO and industry analyst, not as someone picking stocks. But the architectural logic points in a clear direction on winners and losers in this race. Companies whose value depends on the find-and-fix cycle face real pressure. Their tools will remain necessary, but their effectiveness as a primary defense layer is capped by a remediation bottleneck that Mythos has made permanent. Companies whose value is architectural, built on reducing attack surface and containing blast radius, operate on different assumptions. They assume breach. They limit damage. They work regardless of how the exploit was discovered. Having spent years building and evaluating security architectures, and advising on cyber risk strategies, I think these are the only two questions that still hold up in a post-Mythos environment
Does it reduce my Attack Surface?
Does it reduce the Blast Radius?
The AISI finding is the proof case. Mythos exploited poorly defended systems. Systems with segmentation, identity controls, and access governance were acknowledged as harder targets. Not because they had fewer bugs, but because their architecture limited what any single exploit could accomplish.
Think about a critical RCE on a server behind proper segmentation, with least-privilege identity controls, where sensitive data is encrypted and access-logged. Now compare that to the same vulnerability on a flat network with broad permissions and unclassified data everywhere. Same bug. Completely different risk. The controls that reduce attack surface and contain blast radius are not threatened by Mythos. They’re confirmed by it.
The Case for Durable and Resilient Architecture
Three layers of security architecture stay durable and create a resilient organization when vulnerability discovery and exploitation run at AI speed. All three work because they don’t depend on the code being clean.
Network – A perfect exploit still needs a lateral movement path. Corelight noted that with 99% of Mythos findings unpatched, organizations need segmentation and detection, not faster scanning. Zero Trust architectures assume the perimeter is already breached. After Mythos, that assumption is no longer an assumption. Vendors like Zscaler, Palo Alto Networks, Illumio, and Cisco should not have been lumped in with AppSec pure-plays during the sell-off. Their value grows as vulnerability volume increases, because exploitability drops inside a segmented environment.
Identity – Every post-exploitation action maps to an identity: privilege escalation, lateral movement, data access. RSA’s Mythos analysis made the point directly: least-privilege access and continuous visibility is the posture that Mythos-class threats demand. SecurityWeek noted that combining behavioral anomaly detection with identity controls and microsegmentation may tip the advantage back toward defenders. Okta, SailPoint, Savyint CyberArk, BeyondTrust: these companies become more relevant with every new exploit, because every exploit is constrained by whatever identity infrastructure sits behind the initial access point.
Data – Most attacks end at data: exfiltration, encryption, destruction. DSPM platforms that classify, control, and eliminate redundant data reduce blast radius before any threat arrives. The DSPM market is growing at 23-37% annually, reflecting a shift toward data-centric security. When you can’t guarantee the application layer, protecting the data itself is the irreducible minimum.
This Isn’t a Return to the Perimeter
There’s an obvious pushback to everything I’ve just said: if network controls, identity enforcement, and data-layer protection are what matter, am I just arguing for a return to the perimeter? Bring everything on-prem, shrink the footprint, rebuild the walls, run everything yourself?
No. And for the same reason find-and-fix is broken.
The old perimeter said “build walls to keep them out.” That’s the same logic as “patch before they exploit,” and it fails for the same reason. You cannot keep pace. A self-hosted perimeter requires the same patching, the same remediation pipeline that Mythos just proved can’t handle the volume. Except now you’re running it with fewer resources, less visibility, and no Glasswing coalition scanning your codebase. A mid-market enterprise running its own Exchange server doesn’t have a dedicated security team with frontier AI access. The major SaaS and cloud providers increasingly do. The argument is about how infrastructure is architected, not where it lives. Microsegmentation in AWS is still microsegmentation. Least-privilege identity in a SaaS-delivered IAM platform is still least-privilege. DSPM works across SaaS, IaaS, and on-prem.
What Mythos validates is assumed breach applied at every layer. Assume they’re in. Limit what they can do. Contain the blast radius. That works in a data center, a multi-cloud estate, or a SaaS-heavy stack. Organizations that respond to Mythos by retreating behind a self-managed wall will trade one unscalable problem for another: patching their own infrastructure, alone, at the same impossible speed.
The Glasswing Elephant in the Room
There’s tension in the Glasswing story that needs acknowledging. The Picus Security team pointed out that Glasswing launched alongside Anthropic hitting a revenue milestone, closing a compute deal with Broadcom, and reportedly considering an IPO. Glasswing is genuinely useful and very good marketing. The vulnerabilities in Mythos’s claimed achievements are now becoming visible. Anthropic claimed thousands of high-severity vulnerabilities. Independent analysts and VulnCheck researchers have traced the actual CVE count far lower. The figure may be around 40 confirmed cases, or possibly none at all depending on how you define ‘Mythos-discovered.’ The Firefox exploits Mythos claims to have found? 181 of them ran with the sandbox disabled. The FreeBSD vulnerability, presented as autonomous discovery, shows ‘substantial human guidance, not autonomy’ in the actual transcript. The Linux kernel bug came from Opus 4.6, Anthropic’s public model, not Mythos. What’s emerging is not a picture of an unstoppable vulnerability machine, but of a capable research tool that works well under human supervision and generates hype that exceeds its demonstrated impact.
Glasswing’s real value may be less about the vulnerabilities it finds and more about what its existence signals: the find-and-fix paradigm has exhausted itself at AI speed. Fewer than 1% of Mythos findings have been patched. Pouring AI-powered discovery into an already overwhelmed remediation pipeline doesn’t change the math The defenders who survive the Mythos era will be the ones who built environments where any individual vulnerability, patched or not, has a contained blast radius and a small attack surface.. Finding bugs will no longer be the hard part. Fixing them still will be.
What Happens Next
The window to the proliferation of these capabilities to adversaries is finite and shrinking every day. The Cloud Security Alliance is urging CISOs to prepare now. The industry can use that window to play faster whack-a-mole with an ever-growing vulnerability queue, or it can invest in the architectural controls that make individual vulnerabilities less consequential. From my time as a CISO: the organizations that weathered the worst incidents were never the ones that patched fastest. They were the ones whose architectures meant that when something got through, and something always got through, the blast radius was contained and the attack surface was small enough to defend.
Mythos doesn’t change that principle. It proves it.
The moles aren’t going to stop appearing. The question is whether you keep swinging the mallet, or redesign the garden so it doesn’t matter where they pop up.
