Share

• twitter
• facebook
• linkedin
• reddit

Anthropic’s announcement of Claude
Mythos Preview may end up being remembered as the moment the cybersecurity
industry had to stop talking about agentic AI as a future concept and start
treating it as a present security variable.

The reported results are serious.
Anthropic says Mythos Preview identified and exploited zero-day vulnerabilities across major operating systems and browsers during
testing. Its technical write-up reported 181 working Firefox exploits in one
benchmark, plus 10 full control-flow hijacks on fully patched OSS-Fuzz targets.

The U.K. AI Security Institute reached a similar conclusion in its independent
evaluation, calling Mythos “a step up over prior frontier models” and reporting
a 73% success rate on expert-level capture-the-flag tasks, along with three
full completions out of 10 runs in a 32-step end-to-end attack simulation.

Only weeks after the Mythos announcement, an anonymous group of Discord users claimed it obtained unauthorized access to Mythos by guessing its location. Anthropic is currently investigating this claim. Although, we should take all of this seriously, we
should also be careful not to confuse a meaningful capability shift with an
instant collapse of defensive reality.

This does not mean AI has suddenly
become an autonomous super-hacker that will immediately defeat every mature
enterprise. The better way to understand what is happening is the one the U.K.
National Cyber Security Centre has already outlined: AI is accelerating and
enhancing existing attacker tradecraft. It is improving reconnaissance,
vulnerability research, exploit development, social engineering, malware
generation and data processing. In other words, it is making offensive
operations faster, denser and more scalable. That is a major shift, but it is
not magic.

That distinction matters, because much
of the Mythos conversation has already split into two extremes that are equally
unhelpful. One side treats it as proof that offensive AI will make conventional
cyber defense obsolete. The other dismisses it as little more than
frontier-model marketing theater. I think both reactions miss the point.

The real change is not that AI suddenly
replaces attackers or defenders. The real change is that agentic systems
compress time. They shorten the interval between finding weakness and
exploiting weakness. They help attackers adapt attack paths more quickly to the
software mix, patch level, privilege structure and operational habits of a
target environment. They increase the odds that pressure lands exactly where
most organizations are still fragile: the delayed patch, the unmanaged
endpoint, the exposed identity, the misconfigured cloud workload and the
recovery workflow nobody has tested in months.

Virtual event

The pivotal point of IT: Building services for the AI-first era

That is why this matters far beyond
large banks or critical infrastructure. The same dynamic applies to health care,
manufacturing, logistics, SaaS, retail, education and managed service providers
(MSPs). Any organization that depends on uptime, trustworthy data and
software-mediated operations now must assume that the attacker’s learning loop
is getting faster.

We are also seeing the problem expand
beyond model capability itself. The broader AI toolchain is becoming part of
the attack surface. Recent reporting around the Vercel breach, tied to a compromised third-party AI
tool and a Google Workspace OAuth path, is a reminder that the risk is no
longer confined to code and infrastructure in the traditional sense.
Organizations now must think about agents, connectors, AI services, permissions
and data flows that sit between humans and production systems.

That is why, in my view, the right
response is not “more AI” in the abstract. The right response is disciplined
cyber resilience.

If agentic systems compress the offense
cycle, defenders need to compress the control cycle. That starts with exposure
reduction: continuous inventory, faster patching, tighter hardening, less
software drift, fewer unmanaged systems, stronger identity boundaries and
better-tested recovery paths. It continues with detection and response, because
the SOC itself is becoming more agentic. That can be a real advantage, but only
if it is grounded in operational discipline and human oversight.

At Acronis, this is exactly how we
think about the problem. We do not see the answer as a single AI feature or a
claim about autonomous defense. We see the answer as an integrated cyber
resilience model that helps organizations reduce exposure, detect faster,
respond with more context and recover when prevention fails.

That is also why Acronis GenAI Protection matters. One of the biggest shifts in this new environment
is that AI is not just something attackers use. It is also something employees
use every day, often before governance and policy have fully caught up. That
creates a different class of risk: prompt-driven data leakage, unsanctioned use
of AI tools and the quiet movement of sensitive or regulated information into
external services. We believe organizations need visibility and control here —
not just policy documents. They need to know which AI applications are being
used, where the risk is real and how to enforce guardrails without slowing the
business to a halt.

The same principle applies further down
the stack. If attacks are going to move faster across endpoints, identities,
collaboration systems, email, and cloud environments, then isolated visibility
is no longer enough. This is why EDR and XDR matter more in an agentic era — not less. Security teams need the ability to
see attacks in context, connect signals across environments, prioritize the
incidents that matter, and respond before a fast-moving intrusion becomes a
business disruption.

For many organizations, especially MSPs
and SMBs, that is easier said than done. They may understand the threat
perfectly well and still lack the staff, time or operational maturity to run a
24/7 security program internally. That is where MDR becomes critical. The gap between the speed of modern attacks and the capacity
of lean teams is only getting wider. Security outcomes increasingly depend not on
whether organizations can buy another tool, but whether they can extend their
operational reach.

This is also why I believe resilience must
be broader than cybersecurity in the narrow sense. In an AI-driven threat
environment, prevention, detection, response, data protection, posture
management, email security and recovery all belong in the same strategic
conversation. AI-assisted attacks do not respect category boundaries. The
initial compromise may start in email. The escalation may depend on identity
misuse or configuration drift. The lateral movement may happen through
collaboration tools or cloud apps. The real business impact may depend on
whether recovery works when everything else has already gone wrong.

At the same time, defenders should
resist the temptation to assume agentic AI will solve its own problems. Large
language models remain probabilistic systems. They are powerful accelerators
for search, synthesis, coding and planning, but they are not inherently
reliable judges of truth. Hallucinations, inconsistency and brittle reasoning
under uncertainty are not side issues. They are structural realities that must
be designed around. That does not make agentic AI less useful. It makes
verification, guardrails, testing and human accountability nonnegotiable.

My view is simple. Mythos matters, but
not because it proves machines have already won the cyber race. It matters
because it removes any remaining excuse to treat AI as a side topic in
security. Agentic AI is now part of the operating environment. It will
strengthen both offense and defense. It will create real productivity gains and
real operational risk. And it will reward the organizations that are
disciplined enough to do two things at once: move faster and verify more.

At Acronis, we believe that is the real
challenge of this moment. Not whether AI changes cybersecurity. It already has.
The real question is whether organizations will respond with hype or with
resilience.

 

Virtual event

The pivotal point of IT: Building services for the AI-first era

Anthropic’s announcement of Claude
Mythos Preview may end up being remembered as the moment the cybersecurity
industry had to stop talking about agentic AI as a future concept and start
treating it as a present security variable.

The reported results are serious.
Anthropic says Mythos Preview identified and exploited zero-day vulnerabilities across major operating systems and browsers during
testing. Its technical write-up reported 181 working Firefox exploits in one
benchmark, plus 10 full control-flow hijacks on fully patched OSS-Fuzz targets.

The U.K. AI Security Institute reached a similar conclusion in its independent
evaluation, calling Mythos “a step up over prior frontier models” and reporting
a 73% success rate on expert-level capture-the-flag tasks, along with three
full completions out of 10 runs in a 32-step end-to-end attack simulation.

Only weeks after the Mythos announcement, an anonymous group of Discord users claimed it obtained unauthorized access to Mythos by guessing its location. Anthropic is currently investigating this claim. Although, we should take all of this seriously, we
should also be careful not to confuse a meaningful capability shift with an
instant collapse of defensive reality.

This does not mean AI has suddenly
become an autonomous super-hacker that will immediately defeat every mature
enterprise. The better way to understand what is happening is the one the U.K.
National Cyber Security Centre has already outlined: AI is accelerating and
enhancing existing attacker tradecraft. It is improving reconnaissance,
vulnerability research, exploit development, social engineering, malware
generation and data processing. In other words, it is making offensive
operations faster, denser and more scalable. That is a major shift, but it is
not magic.

That distinction matters, because much
of the Mythos conversation has already split into two extremes that are equally
unhelpful. One side treats it as proof that offensive AI will make conventional
cyber defense obsolete. The other dismisses it as little more than
frontier-model marketing theater. I think both reactions miss the point.

The real change is not that AI suddenly
replaces attackers or defenders. The real change is that agentic systems
compress time. They shorten the interval between finding weakness and
exploiting weakness. They help attackers adapt attack paths more quickly to the
software mix, patch level, privilege structure and operational habits of a
target environment. They increase the odds that pressure lands exactly where
most organizations are still fragile: the delayed patch, the unmanaged
endpoint, the exposed identity, the misconfigured cloud workload and the
recovery workflow nobody has tested in months.

That is why this matters far beyond
large banks or critical infrastructure. The same dynamic applies to health care,
manufacturing, logistics, SaaS, retail, education and managed service providers
(MSPs). Any organization that depends on uptime, trustworthy data and
software-mediated operations now must assume that the attacker’s learning loop
is getting faster.

We are also seeing the problem expand
beyond model capability itself. The broader AI toolchain is becoming part of
the attack surface. Recent reporting around the Vercel breach, tied to a compromised third-party AI
tool and a Google Workspace OAuth path, is a reminder that the risk is no
longer confined to code and infrastructure in the traditional sense.
Organizations now must think about agents, connectors, AI services, permissions
and data flows that sit between humans and production systems.

That is why, in my view, the right
response is not “more AI” in the abstract. The right response is disciplined
cyber resilience.

If agentic systems compress the offense
cycle, defenders need to compress the control cycle. That starts with exposure
reduction: continuous inventory, faster patching, tighter hardening, less
software drift, fewer unmanaged systems, stronger identity boundaries and
better-tested recovery paths. It continues with detection and response, because
the SOC itself is becoming more agentic. That can be a real advantage, but only
if it is grounded in operational discipline and human oversight.

At Acronis, this is exactly how we
think about the problem. We do not see the answer as a single AI feature or a
claim about autonomous defense. We see the answer as an integrated cyber
resilience model that helps organizations reduce exposure, detect faster,
respond with more context and recover when prevention fails.

That is also why Acronis GenAI Protection matters. One of the biggest shifts in this new environment
is that AI is not just something attackers use. It is also something employees
use every day, often before governance and policy have fully caught up. That
creates a different class of risk: prompt-driven data leakage, unsanctioned use
of AI tools and the quiet movement of sensitive or regulated information into
external services. We believe organizations need visibility and control here —
not just policy documents. They need to know which AI applications are being
used, where the risk is real and how to enforce guardrails without slowing the
business to a halt.

The same principle applies further down
the stack. If attacks are going to move faster across endpoints, identities,
collaboration systems, email, and cloud environments, then isolated visibility
is no longer enough. This is why EDR and XDR matter more in an agentic era — not less. Security teams need the ability to
see attacks in context, connect signals across environments, prioritize the
incidents that matter, and respond before a fast-moving intrusion becomes a
business disruption.

For many organizations, especially MSPs
and SMBs, that is easier said than done. They may understand the threat
perfectly well and still lack the staff, time or operational maturity to run a
24/7 security program internally. That is where MDR becomes critical. The gap between the speed of modern attacks and the capacity
of lean teams is only getting wider. Security outcomes increasingly depend not on
whether organizations can buy another tool, but whether they can extend their
operational reach.

This is also why I believe resilience must
be broader than cybersecurity in the narrow sense. In an AI-driven threat
environment, prevention, detection, response, data protection, posture
management, email security and recovery all belong in the same strategic
conversation. AI-assisted attacks do not respect category boundaries. The
initial compromise may start in email. The escalation may depend on identity
misuse or configuration drift. The lateral movement may happen through
collaboration tools or cloud apps. The real business impact may depend on
whether recovery works when everything else has already gone wrong.

At the same time, defenders should
resist the temptation to assume agentic AI will solve its own problems. Large
language models remain probabilistic systems. They are powerful accelerators
for search, synthesis, coding and planning, but they are not inherently
reliable judges of truth. Hallucinations, inconsistency and brittle reasoning
under uncertainty are not side issues. They are structural realities that must
be designed around. That does not make agentic AI less useful. It makes
verification, guardrails, testing and human accountability nonnegotiable.

My view is simple. Mythos matters, but
not because it proves machines have already won the cyber race. It matters
because it removes any remaining excuse to treat AI as a side topic in
security. Agentic AI is now part of the operating environment. It will
strengthen both offense and defense. It will create real productivity gains and
real operational risk. And it will reward the organizations that are
disciplined enough to do two things at once: move faster and verify more.

At Acronis, we believe that is the real
challenge of this moment. Not whether AI changes cybersecurity. It already has.
The real question is whether organizations will respond with hype or with
resilience.