In early April, Anthropic announced that an unreleased new model, called Mythos, identified thousands of high-impact security vulnerabilities across the business world, including in every major browser and operating system. 

Here’s the part no one talks about: Mythos is already outdated. The world now travels at AI speed, when something from a month ago is just the latest history. It’s nearly certain that somewhere, someone is working on something even stronger than Mythos. Someone else is building the next frontier model. 

Let’s hope they’re friendly. But let’s prepare for a world where they’re not.

The lesson in Mythos is that AI has moved security’s cheese. Frontier models allow bad actors to find and exploit software weaknesses at machine speed - much faster than the pace of traditional cyber practices. 

• Prevention is not enough. AI will find ways, particularly as AI-written software explodes and creates new vulnerabilities despite the best intentions.

• Reaction is not enough. Companies used to have 60 days between a breach and damage. Before Mythos, that was down to 27 seconds. Post-Mythos, it’s basically zero. It’s not possible for humans to respond at this speed. Reaction must be at machine speed, and in place ahead of time.

• Red-teaming is not enough. Companies used to count on red-teaming and white hat hacking to find problems, but AI discovers weaknesses that humans may never discover. 

• System analysis is not enough. There are vulnerabilities in software interactions, and AI is building more software, with more agents and interactions, every minute.

• Better training is not enough. Deepfakes make it easy to fool humans, and software agents can be compromised, resulting in massive insider attacks of a whole new sort.

   

Mythos is a wake-up call for something that’s been true for a while now: every company needs preemptive cybersecurity. And every company needs to address the security question of our time: How fast can you take care of your crisis and resume business? 

Preemption is the New Game

In fact, in a recent report, Gartner® said “Cyber resiliency is no longer optional, and preemptive cybersecurity capabilities such as predictive threat intelligence, automated moving target defense (AMTD), and advanced cyber deception are needed to defend against AI-driven threats.”¹

Preemptive risk assessment and system remediation are the foundation of cyber resiliency. 

It starts with asking the questions that matter most for your business: What could I lose? What is the sensitivity of my data, and where is it? Who are my users, and where are they? If I’m taken out, how do I restart my services - especially those that are most critical - as fast as possible?

Peacetime Preparations for Machine-speed Cyber Recovery

Machine-speed cyberattacks require machine-speed Cyber Recovery. How you evaluate your needs will depend on your organization, though resiliency will require preemptive preparations that cover the minimum set of services. Are you doing all the work needed in peacetime for machine-speed recovery? These include the essentials such as identifying clean recovery-ready data during normal backup windows in order to get customers up and running immediately after cyber breaches, whether in a business, a school, a hospital, or a government office. 

We have led in cyber resilience for years, defeating countless ransomware attacks for thousands of businesses around the world. That work helped us build for AI and be fully aware that technology leaps like Mythos were on their way. 

And for the world of AI agents, we’ve built agent clouds that are designed to monitor AI agents in real time, making sure they’re only doing what’s allowed, and cutting them off when they cross policy guardrails. We work with AI to handle the scope and scale of whatever comes after Mythos.

Maybe you won’t be hacked. Hope was not a strategy before AI though, and it certainly isn’t one now. Nor is thinking that you can stop risk with prevention alone. You have to assume the breach, and now assume that your agents will overreach. 

We live in a world where Mythos is already history—and something else is already coming. You need to think about both the risk of cyber attacks and how to be resilient to keep things up and running when faced with an attack. 

Gartner Citations and Disclaimers:

1. Gartner, First Take: Claude Mythos and Project Glasswing Will Push Security Providers to Adopt Autonomous Cyber Immune Systems, Mark Wah, et al., 14 April 2026.

Gartner® is a trademark of Gartner, Inc. and/or its affiliates.

Gartner does not endorse any company, vendor, product or service depicted in its publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner publications consist of the opinions of Gartner’s business and technology insights organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this publication, including any warranties of merchantability or fitness for a particular purpose.