Preparing for AI-Powered Adversaries

The Two Asymmetries

In April 2026, Anthropic disclosed an internal frontier model — Claude Mythos — that can autonomously discover and exploit software vulnerabilities at a level the company itself called "a severe risk to global digital infrastructure." In its first month, the model uncovered ten thousand high- and critical-severity vulnerabilities in open-source software, including a 27-year-old flaw in OpenBSD, a 16-year-old flaw in FFmpeg, and multiple Linux kernel issues that survived decades of human review.

The model is not publicly available. Anthropic restricted it and launched a defensive collaboration — Project Glasswing — with eleven of the world's largest technology and security firms, including Amazon Web Services, Apple, Cisco, CrowdStrike, Google, Microsoft, NVIDIA, and Palo Alto Networks. The goal is to fix as many vulnerabilities as possible before equivalent capabilities reach the open market.

But the open market is where most organizations live, and the technology will get there.

Asymmetry 1 — Attackers got faster. Mythos scored 83.1% on vulnerability-reproduction benchmarks, against 66.6% for the previous-generation model.

"The window between vulnerability discovery and exploitation has collapsed." — Elia Zaitsev, CrowdStrike

What once took an attacker weeks or months increasingly happens in minutes. Defenses built around a monthly patch cadence assume a window that no longer exists.

Asymmetry 2 — Defenders can get faster too. The same capability that makes Mythos dangerous makes it valuable on defense. Glasswing partners are using it to audit codebases at scales no human team could match.

"AI is accelerating the pace of innovation for both defenders and adversaries alike. The question is simply who gets ahead of it and how fast." — Anthony Grieco, Cisco

Eight Plays for the Next 90 Days

These eight actions are framed against the five operational functions of the NIST Cybersecurity Framework 2.0. They are not new ideas. What is new is the urgency, the order, and the reason.

1. Govern · Re-baseline your patch SLA against minutes, not months.

The Glasswing partners are no longer using "patch within thirty days" as their internal target. Update the standard your IT team is measured against — even if you cannot hit it tomorrow, naming the new target makes the gap visible.

Why now — The exploit window collapsed; your governance documents have to acknowledge the new pace before your auditors do.

2. Govern · Adopt an AI-use policy before your vendors write one for you.

Decide what your employees can paste into a chatbot. Decide what your SaaS vendors can do with your data inside their AI features.

Why now — Customer security questionnaires and cyber-insurance renewals are starting to ask. A six-month head start is worth more than a perfect policy.

3. Identify · Get a real SBOM for your top five business-critical applications.

A Software Bill of Materials lists every open-source library a piece of software depends on. Mythos found a 16-year-old vulnerability inside FFmpeg, a library buried in thousands of products.

Why now — SBOM was a nice-to-have; it just became operational.

4. Identify · Inventory your third-party SaaS exposure.

Your patch cadence is now governed by your SaaS vendors' patch cadence. List the top twenty applications you depend on.

Why now — Most organizations underestimate their SaaS footprint by half.

5. Protect · Phishing-resistant MFA on every administrative path. No exceptions.

SMS, push notifications, and TOTP codes are increasingly defeated by AI-augmented social engineering. Use hardware-backed authenticators — FIDO2 / WebAuthn passkeys, security keys, or platform passkeys.

Why now — AI lowered the floor on credential-theft tradecraft.

6. Protect · Pilot one AI-assisted defensive tool this quarter.

Choose one — code review, log triage, phishing analysis, or vulnerability scanning — and put it through a real ninety-day pilot with measurable outcomes.

Why now — The second asymmetry only matters if your team has built the muscle to use it.

7. Detect · Move past signature-based detection.

If your endpoint and network detection still relies primarily on known-bad signatures, plan a transition to behavioral and anomaly-based detection.

Why now — Mythos-class models can generate previously-unseen exploit chains. By definition, those have no signature.

8. Respond · Tabletop a "decades-old library bug, exploit in the wild" scenario.

Run a thirty-minute exercise with leadership: a critical vulnerability is disclosed at 8 AM with a working exploit already circulating. Who decides what?

Why now — The Apache Log4j event in 2021 was a preview. The Mythos generation will produce that event quarterly, with shorter notice.

What Winning Looks Like

Two pictures, twelve months from now:

Lose: The first organization treated this period as a wave to ride out. They kept their patch SLA. They kept their existing tooling. Their first AI-augmented incident caught them with a documented response plan written for an earlier era. The remediation worked, eventually. The cyber-insurance renewal did not.

Win: The second organization treated the next ninety days as a forcing function. They tightened identity controls. They tightened patching cadence. They piloted one defensive AI tool. They ran tabletops. When their first AI-augmented incident arrived, their response was was faster, and their stakeholders trusted that it would be.

The model called Mythos is not the last frontier model. It is the one we know about. The defensive posture that absorbs it well will be better positioned for what comes after it.

References

• Bleeping Computer — Anthropic's restricted Claude Mythos model may be coming to Claude Code (April 2026)
• Anthropic — Project Glasswing (April 2026)
• Cisco Security Blog — Rising to the Era of AI-Powered Cyber Defense (April 2026)