When Anthropic unveiled Mythos Preview, every security team on the planet sat up straight. A frontier AI model that can find zero-day vulnerabilities on its own, including a 27-year-old bug in OpenBSD's TCP SACK implementation and a 16-year-old flaw in FFmpeg's H.264 decoder? That's genuinely impressive.
But watch the reaction. Almost every hot take, every LinkedIn thought leader post, every vendor webinar lands on the same thing: perimeter security. Faster exploit development. Shorter patch windows. The "zero-day clock" compressing to less than one day.
I think that conversation is wrong. Or at least, dangerously incomplete. If you're building your security strategy around AI-discovered zero-days as the primary threat, you're reinforcing a wall that attackers are already bypassing.
The numbers tell a different story
Here’s a fact: zero-days aren't how most organizations actually get compromised.
Two-thirds of all attacks leverage known threats, not zero-days (Rubrik Zero Labs, 2026). That means patches exist to prevent an incursion, but nobody applied the fix. Meanwhile, 82% of detections are malware-free (CrowdStrike 2026 Global Threat Report). No custom exploits are used, just stolen credentials, legitimate remote access, and attackers living off the land.
And what's the number two initial infection vector according to Mandiant's M-Trends 2026 report? Voice phishing. Not a sophisticated exploit chain, but someone phoning your help desk and asking nicely for a password reset.
The real concern isn't what Mythos can find in source code. It's what happens when AI supercharges the attack vectors that already work.
Identity is the front door
Scattered Spider didn't need a zero-day; they called help desks, impersonated employees, and social-engineered their way into some of the largest organizations on the planet. UNC3944's vishing campaigns have been devastating and they're still operating with human-speed constraints. Think about those same playbooks, executed by an AI that can run thousands of parallel conversations, adapt in real time, and never get tired or nervous on the phone.
Initial access is already a commodity: the Initial Access Broker ecosystem buys and sells compromised identities at scale. AI doesn't need to discover a new way in, it just needs to make the existing supply chain faster and cheaper.
AI-enabled adversary attacks are up 89% year over year (CrowdStrike 2026). That growth isn't coming from zero-day discovery. It's from identity attacks— phishing, credential stuffing, social engineering and the like.
While the industry debates what Mythos could do, threat actors are already integrating AI into identity-focused attack chains.
This isn't theoretical
The evidence of the AI-identity nexus is sitting in the threat reports on every CISO's desk.
Mandiant's M-Trends 2026 report documents PROMPTFLUX and PROMPTSTEAL, malware families that actively query large language models as part of their operation. Not proof-of-concept research—deployed malware, using AI to process stolen data and craft contextual phishing lures that adapt to each target environment. They optimize for credential harvesting and identity exploitation, not zero-days.
North Korea's FAMOUS CHOLLIMA operation has operatives using fabricated identities to get hired as IT workers at Western companies. They pass interviews, clear background checks, collect paychecks, all while operating as insider threats with valid corporate credentials. That's a nation-state running an identity fabrication program at scale. Now think about what happens when AI-generated deepfakes and synthetic voice capabilities make that playbook available to everyone else.
Scattered Spider (also tracked as BLOCKADE SPIDER and UNC3944) doesn't stay in one lane. They compromise an identity through social engineering, then pivot across endpoint, cloud, and SaaS simultaneously. One compromised identity becomes a pivot point across your entire stack. AI makes that kind of multi-domain traversal easy to parallelize.
And then there's the wake-up call nobody seemed to hear. The CISA Cyber Safety Review Board investigated the Microsoft Exchange Online intrusion in summer 2023. A threat actor compromised Microsoft's identity infrastructure, not through a zero-day in Exchange, but through identity-based access. The findings documented what happens when identity is your single point of failure at cloud scale. The industry nodded, published some blog posts, and went right back to talking about zero-days.
Once they're inside, it cascades
Once an identity is compromised, AI doesn't just help attackers get in. It helps them stay and move faster.
Even without AI, the speed is already bad. CHATTY SPIDER went from initial access to full exfiltration in 4 minutes. Meanwhile, median dwell time is still 14 days (M-Trends 2026). Attackers break out in minutes. Defenders don't find them for two weeks.
That gap is where the damage happens—and AI is about to blow it wide open.
An AI-augmented attacker with a compromised identity can infiltrate the environment in seconds, mapping every system and lateral path available. The Entra ID n0Auth lateral movement flaw and Global Admin Compromise via Actor Tokens (CVE-2025-55241) show how a single identity cascades to full tenant takeover. Attackers can maintain persistence by quietly compromising Non-Human Identities—the service accounts, API keys, and OAuth tokens—that nobody monitors with the same rigor as human accounts.
Researchers call this pattern a "cascading identity security collapse." It's documented from real incidents—and AI makes it faster.
The needle in the haystack problem
Wendi Whitmore, Palo Alto Networks' Chief Security Intelligence Officer, put it bluntly: "Most organizations aren't failing at cybersecurity. They're failing at recovery."
After investigating thousands of incidents across her career, her observation is that most organizations today can detect attacks, but they can't operate through them. Data backs her up: 86% of cases Unit 42 investigates involve attackers intentionally disrupting operations. This isn't about data theft anymore, it's about whether your business can function at all.
That framing matters for the identity conversation, because even after you detect a compromise, figuring out what the attacker actually did with that identity is a forensic nightmare. What accounts did they move to? What new credentials did they create? What OAuth grants did they establish? What service principals did they modify?
In most environments, answering those questions takes weeks of log correlation across identity providers, cloud consoles, SaaS apps, and endpoint telemetry. That assumes the logs exist at all.
This is already a hard problem. AI makes it worse in both directions. An AI-augmented attacker can create more persistence vectors, across more systems, faster than any human analyst can trace them. The haystack gets bigger while the needles multiply.
As a result, we're seeing the leading incident response firms arrive at a conclusion that should alarm everyone: the most reliable way to recover from an identity compromise is to rebuild the identity provider from a pre-compromise state.
Stryker's recent breach is a textbook example. A Palo Alto Networks Unit 42 engagement letter from March 2026 describes a security compromise that impacted Stryker's Entra ID environment, servers, and workstations. Unit 42's forensic analysis spanned endpoint images, network logs, and identity infrastructure including Entra ID and Active Directory. The remediation? Stryker engaged Microsoft to recover the identity infrastructure itself and is rebuilding impacted systems or restoring from backups that predate the known window of compromise. Systems that haven't been rebuilt yet are isolated from the network entirely.
A Fortune 500 medical device company had to rebuild their identity infrastructure from scratch because they couldn't confidently determine what the attacker touched. That's an identity persistence problem, not a patching problem.
The State of Nevada's 2025 cyber incident tells the same story. An attacker lived inside the state's environment for 102 days, compromising privileged accounts and stealing credentials from 26 accounts before deploying ransomware that took down 60+ state agencies. The recovery took 28 days, $1.3 million in external costs, and required both Mandiant and Microsoft DART to come in and do a full rebuild of Active Directory from scratch. They didn't try to surgically clean the existing identity infrastructure. They rebuilt it.
That's the pattern. Stryker rebuilding Entra ID from pre-compromise backups. Nevada rebuilding Active Directory from scratch. In both cases, the organizations concluded that they couldn't confidently ascertain what data and systems the attacker touched. So the safe path forward was to start clean.
Mandiant and Unit 42 are both increasingly recommending this approach. If you can't prove with certainty which identities are clean, a safe option is to go back to a point in time when you know they were. That's the identity equivalent of "nuke it from orbit."
Now add AI to this equation. Nevada's attacker needed 102 days of manual work to compromise 26 accounts and move through the environment. An AI-augmented attacker could do the same thing in hours, touching hundreds of accounts, creating persistence mechanisms across every identity system in the environment, and adapting in real time when defenders start to respond. The forensic haystack doesn't just get bigger. It becomes unsearchable.
The asymmetry nobody wants to talk about
A recent readiness report written for CISOs preparing for AI-accelerated offense describes a concept called "structural asymmetry," the observation that AI lowers the cost of attack faster than it improves the cost of defense. CrowdStrike's data supports this: zero-day exploitation is up 42% year over year and the time-to-exploit for new vulnerabilities is compressing to under a day. This usually gets discussed around vulnerability exploitation, but I think it applies even more to identity attacks.
Patching a zero-day requires vendor coordination, testing, deployment windows, change management. Revoking a compromised identity should take seconds. In practice, most organizations can't answer basic questions. What sessions does this identity have active right now? What service accounts or API keys were created during the compromise window? What OAuth consent grants were established? Is this identity federated across other tenants?
The zero-day clock everyone is worried about? Identity compromise doesn't have one. There's no CVE to track, no patch to deploy, no vendor to wait on. The attacker is using your own infrastructure against you with legitimate credentials. Your firewalls see nothing. Your EDR sees nothing. Your SIEM sees a normal user doing normal things.
Where we go from here
Anthropic's own research acknowledges a "transitional period risk" before defenders and attackers reach some kind of equilibrium with AI. I'd argue identity is where that transition gets won or lost.
But we shouldn’t become preoccupied with patching faster than Mythos can find bugs. Rather, in this new world, we need to lean into technologies and policies that allow us to quickly remove identity persistence after a compromise.
If Stryker, Nevada, and every other identity-driven incident tell us anything, it's that surgical cleanup doesn't work. You can't chase down every compromised account, every poisoned token, every modified service principal. Mandiant and Unit 42 are both arriving at the same conclusion: you need to tear down the identity provider and rebuild from a known-good state. That means the real metric isn't time-to-revoke. It's time-to-rebuild.
But here's the problem nobody is talking about yet: rolling back your AD or Entra ID to a pre-compromise snapshot sounds clean in theory. But in practice, it creates a second crisis.
Your snapshots may be weeks or months old. In a complete rebuild, every legitimate identity change that happened since your last snapshot—every employee onboarded, every account offboarded, every group membership update, every app registration—will be erased.
Your identity provider is now clean but completely out of sync with Entra, Okta, and every downstream application that depends on it. Access breaks. You've traded attacker persistence for an identity gap that takes months of manual reconciliation to close, all while introducing its own regulatory and uptime risk.
This is the identity recovery paradox and it's the reason so many organizations either delay clean recovery or quietly accept the risk of lingering attacker backdoors.
Current approaches force a choice between being clean but broken or functional but still compromised. Neither is acceptable and it's a problem the industry hasn't seriously grappled with yet. The organizations that figure out how to rebuild their identity infrastructure and roll forward the legitimate changes that happened since the last clean state, without reintroducing attacker persistence, will be the ones that can actually recover at the speed this threat demands.
None of this is meant to downplay Mythos
Let’s be clear: nothing in this post should be read as dismissing what Mythos can do. This model autonomously discovered a 27-year-old vulnerability in OpenBSD, a 17-year-old remote code execution flaw in FreeBSD's NFS implementation, and a 16-year-old bug in FFmpeg. It didn't just find them, it developed working exploits, including Linux kernel privilege escalation through vulnerability chaining, browser JIT heap spray exploit chains, and a technique to turn a single-bit memory write into full root access. These are capabilities that would make elite human vulnerability researchers pause.
And Mythos isn't alone. XBOW, another autonomous vulnerability research system, is pushing similar boundaries. OpenAI's upcoming Spud model, described internally as their "smartest model yet" with significantly stronger reasoning capabilities, is another step toward a world where multiple frontier models can chain complex, multi-step tasks autonomously. Whether or not Spud is aimed at security research specifically, the reasoning capability it represents is exactly what turns a general-purpose model into an offensive tool.
The research community is already talking about an "AI vulnerability storm," a period where AI-driven discovery outpaces the industry's ability to patch. The structural asymmetry is real: AI lowers the cost of finding and exploiting vulnerabilities faster than it improves our ability to fix them.
So yes, the zero-day conversation matters. I'm not arguing otherwise.
But here's what I can't shake. Nevada's attacker didn't need any of that. They used a spoofed website, a hidden backdoor, and stolen credentials to bring down 60 state agencies. Stryker's attacker compromised Entra ID. The CISA-investigated MEO intrusion went through identity infrastructure. Scattered Spider uses phone calls. None of these needed a zero-day. None of them needed Mythos.
When Mythos, Spud, and their successors are widely available, threat actors won't choose between these capabilities. They'll use them all. The attacker who gets in through a phished credential can use AI to discover a local privilege escalation bug on the fly, chain it with a lateral movement technique, and establish persistence across your entire identity fabric before your SOC finishes triaging the initial alert.
That convergence is the actual threat. The zero-day gets you through the wall. The identity compromise lets you own everything behind it. AI makes both faster than human defenders can respond.
We're not ready for that. And we won't be until the conversation shifts from "How do we find and patch faster" to "How do we detect and evict a compromised identity before the damage is done." When models like Mythos and Spud are unleashed at scale, the organizations that survive won't be the ones with the best patch management.
They'll be the ones who can answer a simple question in real time: who is in my environment right now and should they be there?
Remember that we’re in an era of machine-speed threats. You can’t win if you’re sitting by the sidelines. If you’re ready to jump into the action and fortify your defenses where it matters most, join us at Forward! At this event, you’ll learn how to fuse data, identity, AI, and more into a cohesive agentic cyber resilience strategy. Grab your ticket to this can’t-miss event.
Sources: CrowdStrike 2026 Global Threat Report, Mandiant M-Trends 2026, Rubrik Zero Labs, Anthropic Mythos Preview, "The Identity Crisis," "Your Entra ID Tenant is Your Problem," "Preparing Your Security Program for AI-Accelerated Offense," Palo Alto Networks Unit 42 Stryker Engagement Letter (March 2026), State of Nevada Governor's Technology Office After Action Report (October 2025)