When Anthropic announced Claude Mythos Preview on April 7 and restricted it from public release, the cybersecurity press did what the cybersecurity press does: it treated the moment as a five-alarm fire. The headlines wrote themselves—an AI model that found thousands of zero-day vulnerabilities across every major operating system and web browser in a matter of weeks, including a 27-year-old bug in OpenBSD that had survived decades of human security review. Anthropic formed Project Glasswing, a coalition of 12 launch partners including Microsoft, Google, Apple, AWS, CrowdStrike, and Palo Alto Networks, backed by $100 million in usage credits and $4 million in direct donations to open-source security organizations, all aimed at patching critical infrastructure before models with similar capabilities proliferate.

The alarm is understandable. But for organizations trying to figure out what this means for their actual risk posture and their actual budgets, the alarm is also incomplete. Here’s how we are thinking about it.

The capability is real, but the exclusivity is overstated

Mythos is not a marketing exercise. In pre-release testing, the model autonomously identified and exploited a 17-year-old remote code execution vulnerability in FreeBSD (now triaged as CVE-2026-4747) that grants an unauthenticated attacker full control of a machine running NFS. It chained multiple vulnerabilities in the Linux kernel to escalate from ordinary user access to complete system control. It found a 16-year-old bug in FFmpeg—software used by countless applications to encode and decode video—in a line of code that automated testing tools had hit five million times without catching the problem. Anthropic’s own red team reports an 83% success rate at generating working exploits on the first attempt.

Those results are real. But the more important finding, and the one that got less coverage, came from independent researchers. AISLE, a security platform that has been running its own AI-assisted vulnerability discovery since mid-2025, took the specific vulnerabilities Anthropic showcased, isolated the relevant code, and fed it to small, cheap, open-weights models. Eight out of eight models detected the flagship FreeBSD exploit, including one with just 3.6 billion parameters costing $0.11 per million tokens. A 5.1-billion-parameter open model recovered the core chain of the 27-year-old OpenBSD bug. Security researcher Bruce Schneier put it plainly: the capability is real, but finding a vulnerability is easier than exploiting it, and that distinction currently favors defenders.

The caveat matters. AISLE pointed small models at isolated code snippets where the vulnerability was already known to exist. Mythos scanned entire codebases autonomously. The gap between “find the bug when you know where to look” and “find the bug buried in millions of lines of code” remains meaningful. But the directional signal is clear: AI-assisted vulnerability discovery is not a gated capability limited to one lab’s most expensive model. It is a capability class that is spreading across the ecosystem, and it will continue to spread.

What this changes about the threat window

For most of the history of enterprise security, the window between a vulnerability being discovered and being reliably weaponized was measured in weeks or months. That window was structurally important—it was the time defenders had to patch, contain, and respond. AI is compressing it. Not uniformly, and not as dramatically as some coverage has suggested, but directionally and measurably. According to the 2025 Verizon DBIR, only 54% of edge device vulnerabilities were fully remediated within the year, with a median of 32 days to patch — while the median time from disclosure to mass exploitation for those same devices was zero days. If exploit development compresses from weeks to hours, and patch cycles stay where they are, the math gets uncomfortable fast.

The near-term implication is a surge in known vulnerabilities. Project Glasswing partners are already scanning critical codebases with Mythos. Anthropic reported that Mozilla received 22 Firefox vulnerability reports in two weeks, 14 of which were classified as high severity. As those findings flow through coordinated disclosure, every organization running the affected software will have new critical findings to triage. Vulnerability backlogs that are already unmanageable will grow, and the organizations that cannot prioritize effectively will fall further behind.

But here is the structural dynamic that deserves equal attention: every patched vulnerability is permanently removed from the attack surface. Defenders get compound returns on remediation in a way attackers do not. The long-run economics likely favor defense. We are in a transition period—where the installed base of legacy, under-maintained systems cannot be remediated overnight—and that transition window is the precise risk that needs to be quantified and managed.

Why the floor matters more than the ceiling

The coverage of Mythos has focused on what sophisticated attackers could do with this class of capability. That is the ceiling. It is worth understanding, but it is not where most organizations will feel the impact first.

The floor—the basic failure modes that have always driven the majority of losses—has not changed. In our portfolio, phishing-driven losses surged to 50% of incurred losses in 2025, up from 21% the prior year, with an average severity exceeding $1.6 million per claim. Social engineering drove 88% of material losses in the first half of 2025. AI raises the ceiling on what sophisticated attackers can do. It does not change what most organizations still fail to address at the floor: unpatched systems, weak credential management, and insufficient employee awareness.

AI-enhanced social engineering, layered on top of those same basic failure modes, is the most significant near-term risk for the majority of organizations—not autonomous AI systems breaching enterprise networks through novel zero-days. Research from the Harvard Kennedy School found that AI-generated phishing campaigns achieve a 54% success rate, compared to 12% for traditional phishing. That 4.5x effectiveness multiplier helps explain why phishing losses surged even as organizations continued investing in awareness training.

This is not a reason to ignore what Mythos represents. It is a reason to sequence your response correctly. If your organization has not addressed phishing-resistant authentication, tested backup recovery, and closed the credential management gaps that drive the majority of real-world losses, chasing the AI vulnerability discovery problem is building the second floor before the foundation is set.

What this means for how you manage risk

The acceleration of the threat environment makes approximation more costly. When the window between discovery and weaponization is compressing, the gap between what an organization thinks its exposure is and what it actually is has direct financial consequences. Three things follow.

Patch cycles need to compress. If your vulnerability management cadence was designed for a world where exploit development took weeks, it needs to be re-evaluated for a world where it takes hours. That means tighter prioritization, more automation in triage, and a clear process for which findings get immediate attention versus which go into the queue. Not every vulnerability is equally exploitable or equally consequential—but the cost of getting that prioritization wrong just went up.

Containment architecture earns its keep. Network segmentation, least-privilege access, and zero trust principles have always been sound practice. In a world where exploit chains can be constructed autonomously, these controls limit the blast radius when prevention fails—and prevention will sometimes fail. The organizations in our portfolio with strong segmentation and access controls consistently experience lower loss severity when incidents do occur.

Quantification becomes non-optional. The organizations that will navigate this period well are those that can translate exposure into financial terms fast enough to act. That means understanding not just how often an attack might be attempted, but what the precise financial bill looks like if it succeeds—broken down by legal and forensic response, system restoration, business interruption, regulatory penalties, and litigation exposure. When threat velocity increases, the cost of imprecise risk estimates increases with it.

The transition window

Mythos did not create the vulnerability problem. It made the scale of it visible in a way that is harder to ignore. The software that runs banking systems, stores medical records, links logistics networks, and keeps power grids functioning has always contained bugs. Some of them are serious security flaws that, if discovered, could let an attacker take over a system. What has changed is the speed and cost at which those flaws can be found.

Anthropic’s own assessment is worth taking at face value on one point: they do not plan to make Mythos generally available, but their stated goal is to enable safe deployment of Mythos-class models at scale. Other labs are building comparable capabilities. Gartner analysts estimate that other frontier models will reach similar performance within three to six months. The window in which this capability is restricted to a handful of vetted partners is measured in months, not years.

For security and risk leaders, the question is whether your organization’s controls, processes, and coverage are calibrated for that timeline. The controls that matter most are the ones that have always mattered—MFA, segmentation, tested incident response plans, backup integrity—but the tolerance for leaving them partially implemented just narrowed. The organizations that come through this transition period in the strongest position will be the ones that treated the basics as urgent before they had to.