Claude Mythos changes the game for vulnerability discovery — but the defenders who matter most are locked out. Here's what that means, and what you should do about it.
The security industry just got a wake-up call it can't snooze.
Anthropic's Claude Mythos — the model the company itself admits represents a "step change" in cybersecurity capabilities — has surfaced thousands of previously unknown, high-severity vulnerabilities across every major operating system and web browser. One of them had been hiding in OpenBSD for 27 years. Anthropic researcher Nicolas Carlini said he found more bugs in a few weeks with Mythos than in the rest of his career combined. Google DeepMind's John Flynn gave it a name: the vulnpocalypse. And based on what we've seen, it has already started. This isn't incremental progress. This is a phase transition.
Here's the part of the Mythos story that should keep every security leader awake at night: Anthropic has decided — rightly — that the model is too dangerous for general release. Instead, it launched Project Glasswing, a controlled consortium giving exclusive access to AWS, Apple, Google, Microsoft, and a handful of other giants.
That means the most powerful defensive capability in history is available to roughly 50 organizations. Everyone else — the banks, mid-market SaaS companies, countless startups, healthcare companies and the government agencies running legacy stacks — gets to read the blog post and hope for the best.
The attackers, meanwhile, are not waiting for an invitation. Vulnerability research may be the single most natural application of LLM capabilities. Pattern-matching bug classes, constraint-solving for reachability, reasoning through exploit chains — these are precisely the problems AI is built to dominate. And unlike Project Glasswing, the offensive side of this equation has no access controls.
Every month that passes, smaller and more accessible models inherit a growing share of these capabilities. The asymmetry is real, and it's widening.
The Mythos conversation also exposed something the industry has been slow to confront: the agentic software factory is arriving whether your security posture is ready for it or not.
Agentic AI systems — the ones building your code, managing your deployments, and taking actions on your behalf — carry exactly the kind of persistent, privileged access that attackers dream of. The human-in-the-loop is not functioning as a meaningful safety control. It's a checkbox that people click through to keep their workflow moving. If your security model depends on a human reviewing every agent action, you don't have a security model. You have a hope.
Here's where this conversation gets personal for us at Scantist.
The traditional AppSec playbook — run a SAST scan, pipe results into Jira, wait for a developer to look at it sometime in the next quarter — was already struggling before Mythos. In a world where AI can discover and chain exploits faster than any human team can triage findings, that playbook is obsolete.
Signature-based detection will fail against AI-generated attack paths. Static analysis cannot model the multi-step, business-logic-aware exploits that advanced models now produce. And manual penetration testing, while still valuable, operates on timelines measured in weeks when threats now move in minutes.
Charles Huang, COO of Scantist captured this precisely: organizations cannot rely entirely on preventative scanning for AI agents. The inputs and outputs are natural language and highly dynamic. The old categories simply don't map to the new threat surface.
The right response to autonomous offensive capability isn't better dashboards or more scan rules. It's autonomous defensive capability — systems that think like attackers because they literally operate as attackers, within controlled, governed boundaries.
This is why we built PAIStrike as an autonomous pentesting system, not a scanner with an AI label on it. PAIStrike coordinates multi-agent attack simulations across reconnaissance, exploitation, and validation — the full offensive loop. It handles authenticated workflows, maintains state across complex attack chains, and produces validated, reproducible evidence that engineering teams can act on immediately.
The distinction matters. A powerful model in a sandbox can find a bug. An operational system can scope an engagement, reason through gray-box access paths, execute multi-step exploitation, verify that findings are real, and hand you a report your CISO can take to the board. Enterprises don't buy impressive demos. They buy outcomes.
There's a reason for optimism in all of this, but it's conditional. As Marcus Hutchins of Expel pointed out, defenders are the ones with the resources. They're building the models, they control the infrastructure, and they're the ones who can apply AI systematically to their own codebase.
Phil Venables, formerly Google's CISO and now at Ballistic Ventures, put it in a framework we agree with: short-term pessimistic, wildly long-term optimistic. The tools for automated vulnerability remediation are coming fast. Google's Code Mender and systems like it will help close the gap.
But the long-term optimism only materializes if organizations act now. The window between "AI can find the bugs" and "AI can also fix the bugs at scale" is exactly where the danger lives. In that window, the advantage goes to whoever moves first.
First, audit your agent surface. If you have AI agents operating in your environment — building code, managing infrastructure, interacting with APIs — you need to know what access they have, what actions they can take, and what controls exist if they're compromised. Treat agent permissions as an infrastructure problem, not a user behavior problem.
Second, stop treating pentesting as an annual event. The threat cadence has shifted from quarterly to continuous. If your last penetration test was more than 30 days ago, you're operating on stale assumptions. Autonomous pentesting isn't a luxury anymore. It's baseline hygiene.
Third, validate, don't just scan. There is a critical difference between "we found a potential vulnerability" and "we confirmed this vulnerability is exploitable in your environment." AI-augmented attackers won't stop at detection — they'll chain, exploit, and move laterally. Your defensive tooling needs to match that level of rigor.
The vulnpocalypse isn't a prediction. It's a description of the present. The question for every security team is whether you're going to wait for permission from a consortium you're not part of, or start building autonomous defenses with tools that are available to you today.
We know which side of that bet we're on.
Ready to see what autonomous AI pentesting looks like in practice? Try PAIStrike