Myth or Mythos? The illusion of advantage in the AI cybersecurity race

Anthropic Mythos platform has sparked a new round of debate over a classic cybersecurity question – except at an entirely new level: What will happen as the systems used to discover and exploit vulnerabilities gain the ability to do so at the speed of machines? In conjunction with projects such as Project Glasswing, the idea is straightforward: create an advantage for the defenders against AI-enabled threats. But just how durable is that advantage? 

To explore what Mythos means for the future of cybersecurity, we asked a panel of industry experts to weigh in. Their responses are not surface-level optimism or scepticism; rather, they unpack the structural realities shaping this shift, from the eternal asymmetry between offence and defence to the operational impact of AI systems that can chain vulnerabilities into full compromise in a flash. 

The debate also brings up another issue. Although AI can significantly enhance vulnerability identification, it is limited by visibility, governance, and the capability of organisations to take action. Inaccurate asset inventories, bureaucratic decision-making procedures, and limited funding cycles may all reduce the benefits of superior technology. Moreover, issues such as false positives and alert fatigue create a dilemma about whether increased information leads to greater security or more noise. 

Together, these expert views paint a more complex picture of AI in cybersecurity, one where technological progress cannot be denied, but whether or not it will be to our advantage remains to be seen. 

A durable advantage, or a head start? 

Rik Ferguson, Vice President of Security Intelligence at Forescout, says: “Anthropic’s ‘durable advantage’ framing doesn’t survive contact with their own timeline. They said, “frontier AI capabilities will advance substantially over the next few months”. Not years, months. You don’t claim a durable advantage in the same breath as a months-long runway. What Glasswing creates is a head start. That’s worth having, but it’s a different thing entirely.” 

Asymmetry doesn’t disappear, it scales  

The structural question of whether offence will always outpace defence in an AI-augmented landscape is more interesting than a simple yes or no, he adds. “Offence benefits from asymmetry by design. An attacker needs to find one way in. A defender needs to cover everything. AI amplifies that asymmetry because it scales discovery faster than any organisation can scale remediation. What Glasswing does is attack the discovery gap on the defensive side, which is real and worth doing. What it doesn’t touch is the remediation gap, which is where defenders have consistently been losing.” 

Faster discovery, slower decisions 

The pace of offensive capability development makes that gap harder to close, not easier, Ferguson continues. “Forescout’s Vedere Labs research shows that a year ago, 55% of AI models failed basic vulnerability research tasks, and 93% failed exploit development entirely. Today, all tested models complete vulnerability research, half generate working exploits autonomously, and the most capable can chain vulnerabilities into multi-stage compromises without complex prompting. That progression took twelve months.” 

He says the same capability currently gated behind Glasswing’s partner programme will be broadly accessible on a similar timeline, to researchers and attackers alike. “The durable advantage framing requires defenders to absorb and act on what AI finds faster than attackers can weaponise the same capability. There is no strong evidence they can.” 

You can’t patch what you can’t see 

According to him, the question defenders in OT, IoT, and clinical environments have always faced isn’t whether a vulnerability can be found. It’s whether the asset register even acknowledges the device exists. “You can’t patch what you can’t see. You can’t segment what you haven’t inventoried. You can’t respond to a compromise in an asset that isn’t visible.” 

Glasswing found a 27-year-old vulnerability in OpenBSD, which is genuinely impressive, Ferguson adds. “But OpenBSD is known, documented, and well-understood. The harder problem is the PLC installed in 2004, never updated, never inventoried, currently talking to a SCADA system on a flat network because nobody in the organisation knows it’s there. AI won’t find the vulnerability in that device through code analysis. It will find it the same way attackers do, by getting on the network. Everything else depends on solving that first.” 

The real bottleneck isn’t technical 

But even where visibility exists, Ferguson says the governance machinery is where organisations are actually losing. “Consider the forever-days problem. EternalBlue. Log4Shell. Scores of Citrix and Ivanti CVEs sitting in the CISA Known Exploited Vulnerabilities catalogue for years. Known vulnerabilities. Available patches. Still running in production because the organisational processes required to act (prioritisation, testing, change management, risk acceptance) operate too slowly for the threat landscape.” 

He says AI will now produce more vulnerability data, faster. “That makes the existing backlog problem worse before it makes it better. The constraint was never finding the issue. It was having enough context to make a confident decision and enough organisational alignment to act. The liability question makes this harder still.” 

Liability forces the human back in 

When an AI-driven remediation action goes wrong in a clinical network or a production OT environment, who is liable? Courts have consistently refused to treat AI as a legal person capable of bearing responsibility, which means it falls on the deployer. Boards and legal teams understand liability in ways may not fully grasp CVE scores. That’s actually a useful forcing function, pushing human oversight into the decision chain not because it’s philosophically correct, but because the alternative is legally untenable. 

The answer isn’t more oversight, Ferguson says. “It’s better-designed decision points. Fewer of them, but with higher confidence in the context that supports each one. The organisations that will actually benefit from what AI can now do in vulnerability research are the ones that already know what they’re running, already have the governance processes to act on what they find, and already understand where humans add something that automation cannot: context, accountability, and the authority to make a call when the stakes are real.” 

For everyone else, more vulnerability data arriving faster is not an advantage. It’s an escalating liability they are not yet equipped to absorb. 

Rewriting the Mythos 

Anastasios Arampatzis, Account Manager at Bora, says: “The name is not accidental. In Greek, mythos means narrative, the story a culture tells itself about how the world works. Anthropic’s choice of name may be more revealing than intended, because what the Mythos model is really doing is rewriting the foundational narrative of cybersecurity. The story we told ourselves (that defenders, given time and resources, could maintain a workable equilibrium with attackers) is being revised at machine speed.” 

He says the framing of a “durable advantage” for defenders is aspirational, and aspirations matter in security culture. “But the structural reality is more sobering. A joint briefing by CSA and SANS captures it precisely: AI lowers the cost and skill floor for discovering and exploiting vulnerabilities faster than organisations can patch them. Offence benefits asymmetrically, not because defenders are incompetent, but because breaking is inherently faster than fixing. Project Glasswing is a meaningful coordination effort, but its coverage is bounded by definition.” 

What Mythos-class automation changes most fundamentally for SOCs is the assumption that incidents are human-paced, Arampatzis explains. “When AI can chain multiple vulnerabilities into a full system compromise in minutes, playbooks built around sequential, human-reviewed escalation become liabilities. Pre-authorised containment logic and machine-speed detection are no longer optional architecture decisions.” 

Visibility without control is illusion 

AI-driven vulnerability discovery against an incomplete asset inventory is sophisticated reconnaissance without a map, he says. “You cannot patch, segment, or defend what you do not know exists. The proliferation of coding agents to non-developer staff is actively fragmenting central IT visibility further. 

On governance: this is now arguably the primary limiting factor. The technical tools exist or are rapidly maturing. What slows organisations is approval friction, outdated risk models, and metrics built on pre-AI assumptions that can actively mislead board-level decisions.” 

The old mythos of cybersecurity is over. The question is, who writes the next one? 

Constraint-free attackers, constrained defenders 

Ross Moore, an Information Security Researcher, comments: “Anthropic’s stated goal with Project Glasswing is to give defenders a “durable advantage” in the AI-driven era of cybersecurity. Do you believe that framing is realistic, or will offence always structurally outpace defence in an AI-augmented threat landscape?” 

Attackers operate without constraints, Moore adds.  

“They don’t follow SLAs, acceptable use policies, or governance frameworks—they’re incentivised purely to break and steal (many attackers have their own criminal business operations to manage, and their incentives follow their criminal enterprise policies, which aren’t the same as legal businesses). In the meantime, defenders often only get to react to exploited weaknesses rather than prevent them outright.” 

AI can help narrow the gap  

AI doesn’t eliminate this asymmetric activity, but it can help narrow the gap by accelerating how quickly defenders fix and harden systems, he says. “The real opportunity is in fundamentals: reduce the attack surface, increase attacker cost with layered defences, shrink dwell time.” 

Internal testing is necessary. Tools that map attack paths, like BloodHound-style analysis, help teams identify how low-level access could escalate into full compromise. While it’s often said attackers only need to be right once, layered defences challenge that reality, Moore says. “An attacker may gain initial access, but if they’re contained and prevented from moving further, the attack fails at that point.” 

As an example of an attack approach, Moore says current industry research has demonstrated the possibility that attackers will use their AI tools to use up the tokens in a defender’s initial AI defences, creating the need for scalable AI token use in defence. 

He says disciplined teams using AI can close the gaps. 

From alerts to attack graphs 

Firstly, recent demonstrations show AI systems autonomously chaining multiple vulnerabilities to achieve full system compromise. How does this kind of multi-step automation change the way incident response teams and SOCs need to operate? 

“AI-driven chaining of vulnerabilities fundamentally changes how attacks unfold. What once required time and expertise can now happen rapidly and autonomously, compressing reconnaissance, exploitation, and lateral movement into a much shorter window. Defenders can no longer treat incidents as isolated events—they need to think in terms of attack graphs in motion. This requires faster response to vulnerabilities and identification of how ‘low’ findings can be chained into critical risk.” 

Moore adds that legacy systems are more dangerous now because they provide predictable footholds that AI-driven attackers can quickly exploit and chain together. SOCs and IR teams need to move from reactive alert handling to early disruption of attack paths, detecting and stopping progression before further or full compromise occurs. 

The visibility gap widens 

Secondly, AI can identify vulnerabilities, but if organisations lack visibility over their full asset inventory, how much does that really improve security? How can teams close the gap between AI-driven discovery and unknown or unmanaged environments? 

“AI can only secure what an organisation actually knows exists. If asset inventory is incomplete, AI-driven vulnerability discovery improves security only within a limited, and often misleading, scope. Shadow IT and AI, unmanaged systems, and unknown internet-facing services remain major attack surfaces.” 

He says teams need continuous, near real-time asset inventory (include your repos and other ancillary resources, not just the in-use or frequently used ones), clear visibility into internet-facing services (not just websites, but exposed ports and underlying infrastructure), and awareness of shadow AI and unsanctioned technology. 

Attackers have unprecedented ability to discover or infer an organisation’s environment. Defenders need to match that investigative mindset, being the first to find their own zombie exposures. Organisations that already maintain strong inventory, asset management, and risk governance are in a much better position. 

Governance debt becomes operational risk 

Also, Moore says long-term cyber defence requires sustained investment, yet many businesses still operate on short funding cycles. “Is the bigger risk now rooted in policy and governance rather than purely technical weaknesses?” 

Increasingly, he says risk is rooted in governance, not technology; the risk of inconsistent execution, weak identity controls, delayed patching, over-permissioned access, and lack of enforcement. AI accelerates the impact of these gaps by exposing governance weaknesses faster than organisations can respond to or correct them. 

Companies that operate on slow funding cycles and bureaucratic decision-making models can’t keep pace with modern threats. “Security (the mindset, not the department) relies on trust in people, processes, and technology to act decisively. If organisations can’t act quickly, the problem isn’t merely technical, but leadership and operational design.” 

AI is exposing governance debt faster than organisations can pay it down, he adds. “Limited transparency around metrics such as false positives and exploit success rates raises important questions. If high false positive rates persist, are we at risk of overwhelming defenders with noise rather than delivering meaningful advantage?” 

False positives degrade defensive effectiveness 

High false positive rates degrade defensive effectiveness. Security teams are often already overwhelmed. If AI adds volume without improving precision, it accelerates alert fatigue, slows response, and increases the likelihood that real threats get missed (this is actually already happening for many without AI; left unmanaged, it will prove disastrous).  

A deeper issue is the inability to act, Moore says. “If analysts are flooded with alerts, with no authority or processes to respond quickly, delays are compounded. By the time action is taken, more alerts have already emerged. Organisations may struggle with over-reliance on reactive workflows, delays in decision-making and authorisation, and lack of clear, actionable remediation paths. Defence can’t remain purely reactive. It needs a balance of foresight and action—anticipating risk, prioritising effectively, enabling quick movement. AI-driven systems need to focus on high-confidence, actionable findings, clear prioritisation tied to real risk, and integration with workflows that enable immediate response.” 

Embedding defence, not just accelerating it 

Dimitris Georgiou, CSO, Alphabit Cybersecurity SA, argues that Anthropic’s framing of a “durable advantage” for defenders is ultimately optimistic, but constrained by structural realities. Traditionally, offence needs only a single window of opportunity, whereas defence must succeed everywhere, every time. 

“Project Glasswing attempts to address this asymmetry by automating vulnerability discovery and patching at scale. However, the same advances are available to attackers, who can now automate reconnaissance and exploit generation just as rapidly. In that context, a durable advantage is only realistic if AI-driven defence is embedded directly into system architecture, making systems inherently harder to compromise, rather than functioning purely as a discovery and response layer.” 

He says this imbalance becomes more pronounced as AI systems begin chaining vulnerabilities autonomously. “What once unfolded over hours or days can now happen in minutes or even seconds, compressing the entire attack lifecycle. Traditional incident response models, which rely on manual validation at each stage of the kill chain, are therefore becoming increasingly obsolete. Security Operations Centres must shift toward automated containment and autonomous response playbooks, while human analysts move into oversight roles, managing higher-level logic and ensuring that automation does not introduce unintended disruption.” 

Closing the gap 

At the same time, Georgiou says the effectiveness of AI-driven security remains tightly bound to visibility. “Vulnerability management is only as strong as an organisation’s understanding of its environment. Where unmanaged assets exist, they will either be missed by defensive tools or discovered first by attackers. Closing this gap requires continuous, AI-driven asset inventory and attack surface management, with discovery and remediation operating as a unified loop so that newly identified or previously unknown assets are rapidly brought under control.” 

Even with strong technical capabilities, Georgiou emphasises that the deeper constraint is increasingly governance. Technical weaknesses are often symptoms of broader policy failures. Modern cyber defence requires a shift away from one-time capital expenditure towards sustained operational investment, yet many organisations continue to operate on short funding cycles. Without governance models that treat cyber resilience as a core business function, rather than a periodic IT expense, organisations will remain structurally behind the pace of AI-driven threats. 

“This challenge is compounded by the quality of AI outputs themselves. High false-positive rates materially reduce the effectiveness of AI in cybersecurity. When systems generate large volumes of low-confidence alerts, they contribute directly to alert fatigue, increasing the likelihood that genuine threats are missed. Transparency around performance metrics, including success rates and precision, becomes essential for building trust in AI-driven tools. Without strong filtering and noise-reduction capabilities, AI risks creating the very chaos it is intended to mitigate, potentially leaving defenders more exposed than they would be with simpler, deterministic systems.” 

A structural shift, not an incremental one 

Panagiotis Soulos, Information Security GRC Senior Manager, Steelmet for Viohalco companies, says: “The decision to withhold Anthropic’s Claude Mythos model from public release while deploying it through Project Glasswing is not an overreaction, it is a signal. We are approaching a point where AI-driven vulnerability discovery is no longer an incremental improvement but a structural shift in how cyber risk is created and exploited.” 

Attractive, but conditional framing 

Speaking of the “durable advantage” positioning for defenders in an AI-driven threat landscape, Soulos says while that framing is attractive, it’s conditional. “AI undoubtedly gives defenders unprecedented visibility into deep, long-standing weaknesses, sometimes flaws that have survived decades of human auditing. However, visibility alone does not equal advantage. In practice, the balance of power will hinge on whether organizations can convert discovery into remediation faster than adversaries can convert discovery into weaponization.” 

This, he says, is where the real tension lies. “AI has collapsed the time between identifying vulnerabilities and chaining them into full attack paths. We are no longer dealing with isolated exploits, but automated, multi-step compromise scenarios that unfold at machine speed. For SOCs and incident response teams, this changes the operating model entirely. The goal can no longer be perfect detection of individual alerts; it must be rapid understanding of attack paths, pre-authorised containment actions, and correlation across identity, endpoint, cloud, and supply chain telemetry. Otherwise, human response simply cannot keep pace.” 

The uncomfortable truth 

At the same time, Soulos says AI-driven discovery exposes an uncomfortable truth: many organisations still lack basic asset visibility. AI can identify vulnerabilities with extraordinary precision, but if teams do not know what they own, who is responsible for it, or whether it is even reachable, the result is not stronger security—it is more noise. Without strong asset inventories, ownership models, and exploitability validation, AI risks overwhelming defenders rather than empowering them. 

“This leads to a less discussed, but arguably more dangerous, risk: governance. Long-term cyber defence depends on sustained investment in patching capacity, automation, and upstream dependencies such as open source software. Yet most organisations still fund security in short cycles, optimised for compliance rather than resilience. In an AI-accelerated environment, this gap becomes a strategic vulnerability.” 

Mythos tells us that the future of cybersecurity is not about smarter attackers versus smarter defenders. It is about operational throughput. “The side that closes the loop (from discovery to fix to verification) the fastest will define the balance of power,” Soulos concludes.