Cybersecurity 101: Uncomfortable Truths About Agentic AI Security

Previously, we outlined what Anthropic’s new Mythos AI model was, and why it was making such a splash in the cybersecurity world. Today, we’ll dive deeper into Agentic AI and cybersecurity, how things are being changed, and what that means to businesses and organizations.  

Mythos isn’t the risk - it’s the early signal

The biggest question we got after the previous article was “But, is this under control?” Unfortunately, the answer is currently “No.” That’s not to say that we’re approaching some kind of AI doomsday yet, just that the situation exposed by Mythos is not contained, but also not really telling us anything new.  The issues raised by Mythos have been problematic for a generation of technology use in business, and it would be much more accurate to say that Agentic AI is making those issues much more visible, much faster, and with (in some cases) much more accuracy. 

A quick refresher from the previous article about what we know Mythos can do:

• It identifies new vulnerabilities in Operating Systems, software, and hardware platforms

• It can create exploits (the ability to attack using a vulnerability) very quickly

• Given the right prompts (commands), it can autonomously use those exploits to perform attacks against systems and applications using the discovered vulnerabilities 

• It does all of this in minutes, as opposed to the hours, days, or weeks that human threat researchers and threat actors would take to accomplish the same tasks.  

While news like this should, and is beginning to, reset expectations; in fact the issues that Mythos presents us with are not new, and the narrative misses key points that definitely need to be explored.  These points are not limited only to Mythos (or any other specific AI) but rather have been faced by the cybersecurity world for decades.  The speed and volume of new findings presented by Agentic AI means that we should finally address the issues, however, so let’s again dive deeper.

The “Controlled Access” assumption around Mythos is already cracking

Anthropic presented a specific picture of Mythos in their press releases and stakeholder interviews. Access to the model was strictly limited to those invited to participate in Project Glasswing. Guardrails would be built around Mythos before it was made available to the general public, and the current model - Opus - would remain in production until those guardrails could be built. Mythos allows Project Glasswing participants to use the model to identify and patch their products to get ahead of threat activity. 

The reality is a bit different from this picture, however.  Reports have surfaced from Bloomberg and other sources that unauthorized access to Mythos has already occurred. While the persons interviewed by Bloomberg noted that they did not use Mythos for any threat activity, the potential that others who did have malicious intent also got access is something that cannot be overlooked. 

Mythos is a highly-advanced AI model, but it isn’t the only highly-advanced AI model that exists in the world. Other vendors (such as OpenAI, xAI, the organization behind DeepSeek, etc.) and individuals are creating models that can rival or even surpass Mythos.  These other vendors and creators may or may not impose the same restrictions that Anthropic placed around Mythos, and there’s always the possibility of unauthorized access to those models even if they do create restrictions and safeguards.  

In short, even if Mythos is the first model to be able to discover vulnerabilities and create exploits at this scale and with this speed, it won’t be the last - and eventually people will have access one way or another. After all, The 64th Rule of the Internet clearly states that “It has been cracked and pirated. You can find anything if you look long enough.”

This is highlighting the ongoing changes to how many threats emerge, and how quickly

Historically, vulnerability discovery could take weeks or even months. Creation of an exploit to attack using that vulnerability would take additional weeks or months. Weaponization and use of that exploit was difficult to time - sometimes it was only minutes, other times never - but organizations knew they had at least two weeks to get things patched and/or mitigated. 

That timeline has steadily changed, with some radical changes happening in more recent times. Today, a vulnerability can be discovered and an exploit created in days. Threat actors then begin using those exploits immediately through automated attacks across the Internet.  It’s even not unheard of for an attack to be recognized before the vulnerability it uses has even been disclosed to the public yet. The issue isn’t acceleration - which has been happening for quite some time already - but rather that attackers are now beginning to move faster than defenders.  We don’t have two weeks to address a vulnerability in a business-critical system; we have days at best. 

Cybersecurity as a whole has traditionally relied on a fragile agreement: Researchers report a vulnerability to the vendor in question responsibly. Vendors patch the issue quickly, before threat actors have time to develop exploits and attacks. This resulted in defenders having a head start in correcting for vulnerabilities prior to attacks using those vulnerabilities beginning.  Primarily, this was because humans controlled the discovery and disclosure processes. As threat actors began to leverage AI to accelerate their ability to find vulnerabilities and create exploits (which is indeed already happening), this changed dramatically.  

When threat actors gain access to Mythos-quality models, they will gain the ability to identify vulnerabilities and create exploits much faster, further eroding the time before attacks occur.  There will be no “patch windows,” grace periods, or other time lags, in fact the vendors may only find out about a vulnerability after a threat actor is already using it in attacks.  This does happen today, but it is fairly rare. In a Mythos-enabled future it will become the norm. 

The hard truth: We’re already behind

Even before the advent of commonly-available AI (much less Mythos), patch cycles were slow. Asset inventories were incomplete or didn’t exist at all. Vulnerability backlogs sprawled to unmanageable levels. Prioritization of what to address and why was lax or non-existent.  Study after study found that organizations struggled to patch even highly critical vulnerabilities within the expected timeframe set forth in Service Level Agreements or similar internal documentation. 

With known exploitable vulnerabilities existing in organizations for weeks, months, or even years; we have been carrying significant risk in our businesses and organizations for quite some time now.  The advent of AI that can allow threat actors to discover new vulnerabilities and the exploits needed to attack with them has simply shortened the deadlines to patch that are already being missed by the vast majority of organizations.  We weren’t keeping up yesterday, and there’s no version of today (with or without AI augmentation) that makes the existing process suddenly work effectively for defending the business. 

Patch management can’t stay human driven

AI is driving threat activity at machine speed, AI must be leveraged to drive remediation and mitigation activity at the same pace.  Organizations must leverage the same types of tools that the threat actors use in order to deal with the problems that the threat actors have presented to the world, at the same speed, with the same efficacy. 

This means that the business world will need to start using AI to:

• Identify vulnerabilities in Operating Systems, applications, and hardware

• Validate exploitability in real-time, not as a static process 

• Prioritize based on business and technical risk (including exposure risk) - not relying on CVSS scores alone

• Deploy patches or enable compensating controls automatically

These four areas have long been the responsibility of humans alone; and while still requiring human oversight, they need to become much more automated and augmented operations. The alternative is organizations operating at human speed to protect themselves, while threat actors operate at machine speed to attack. 

So is there any hope at all?

Surprisingly, yes. There is a path forward for organizations of any size who are willing to undertake a mindset shift.  This won’t be simply creating incremental improvement, or better dashboards, or more alerts/reports.  We’ve been doing that for decades, with diminishing returns every year.  If organizations do undertake the necessary major shift in how we think about identifying and addressing vulnerabilities, however, defensive operations can keep pace. 

Most notably, the shift entails embracing a few key ideas and implementing new strategies: 

• You can’t patch everything in time. Instead of attempting to patch everything before it can be attacked: Reduce attack surfaces proactively, remove unnecessary exposure, and harden systems as much as possible before vulnerabilities are discovered.

• Detection and response must become AI augmented. Leverage the same type of behavioral detection we’ve implemented in anti-malware for other areas of cybersecurity defense - networking, identity, email, etc. Correlate information across different environments (user, IoT, OT, DMZ, etc.) in real-time. Automate containment whenever possible. Automate corrective actions where AI defines high-confidence issue detection.

• Compensating controls become primary controls. Compensating Controls for each vulnerability should be part of any vendor's release methodology.  Increase the use of network segmentation/micro-segmentation to block lateral movement, combined with port level blocking. Enforce strong identity controls to reduce the chance of identity misuse. Restrict privileges to only those needed for the user’s (or system’s) functional needs.  

A wake-up call, not a crisis

You may notice that many of the components of this mental shift are not breaking new ground in cybersecurity as a whole, but are rather about extending the theories of operation to encompass the areas of the organization that haven’t traditionally used them. We restrict Administrative access tightly, but don’t do the same for user access (especially when user roles change). AI behavioral analysis is already the standard in endpoint defense, but is not used widely in network and identity defense. We do segment networks between major functions (IT vs. OT), but not between areas of user operations. Extending what we’re doing to encompass more areas of infrastructure and operations, and applying more automation, are key to dealing with the rapidly evolving situation that Mythos brought to the forefront. 

Mythos exposed issues with the fundamental approach most organizations take to dealing with vulnerabilities - but the issues have been there for a very long time.  Leveraging techniques, technologies, and automation are how we effectively modernize vulnerability management. This has been a long time in coming, but as a cybersecurity community it’s becoming apparent that correcting these issues is something that needs to be addressed now. 

In summary: Continuing to do what we already do, and even undergoing gradual improvement are not going to solve the problem.  Organizations really need to undertake a massive shift in how cybersecurity as a whole - and especially vulnerability management - happen, or end up on the receiving end of huge numbers of critical vulnerabilities left unaddressed.

About the Author:

Michael DeNapoli is a seasoned Senior Solutions Architect with more than 25 years of experience in cybersecurity, solution architecture, and enterprise systems design. Throughout his career, he has led technical strategy, security architecture, and advanced solution development for organizations ranging from emerging security vendors to global enterprises. Michael’s expertise spans cybersecurity operations, cloud architecture, technical sales leadership, security posture management, and identity protection, with a proven track record of guiding clients through complex technology challenges. Today, he brings his deep industry knowledge to Pondurance as a Senior Solutions Architect, helping organizations strengthen their security foundations with clarity and confidence.