Automated Exploits vs. Intelligent Recovery: What Mythos Means for Your Resilience Strategy
If you follow cybersecurity news, you have probably seen the headlines about Claude Mythos. The coverage has been loud, and some of it has been alarming. This blog explains what is happening, why it matters, and why it may change less about your resiliency strategy than the headlines suggest.
In April, Anthropic introduced a new AI model called Claude Mythos Preview, which, it turned out, could autonomously find zero-day vulnerabilities and create exploits for them. In response, Anthropic made an unusual choice. The company stated that it had no plan to release Mythos to the public.
But that embargo shifted (somewhat) on June 9, when Anthropic released Claude Fable 5, a Mythos-class model that will be available to its enterprise customers and paid subscribers. The company said the broad release is possible because of new safeguards that block responses in high-risk areas, including cybersecurity and biology.
Regardless of when and in what capacity Mythos rolls out, the need for oversight is clear. Enter Project Glasswing, a coalition led by Anthropic and designed to secure critical software before attackers can use the model to target it. Anthropic gave partners like AWS, Apple, Cisco, CrowdStrike, Google, and Microsoft access to help them find and fix flaws first.
The program started small. It launched in April with around 50 organizations and has now grown to approximately 200 partners worldwide. The newer members include healthcare, energy, water, and telecommunications providers.
The early results are notable. Glasswing participants have used Mythos to identify more than 10,000 high- and critical-severity vulnerabilities across various codebases.
Anthropic expects that within 6 to 12 months, many other AI companies will have Mythos-class models, and some may release them without safeguards that prevent misuse. The math changes when that happens. Cyberattacks could occur more often, and in less predictable forms.
It is natural to want to respond to each new flaw with a new tool, and to each new headline with a new strategy. But that approach is hard to sustain. A security posture built on buying something new every time something goes wrong tends to stay one step behind.
The steadier path is preparation.
Gartner analyst Leigh McMullen framed it well. The contest between defenders and attackers is shifting from innovation to automation. Automation is a game defenders can win. Defenders know their own environment. They get access to better AI first, and they can build mitigations into their defenses before common exploits are weaponized against them.
A strong defense works in layers. Use AI to improve prevention. Use it to sharpen detection. And use it in your recovery, for the times an attack gets through.
Prevention and detection reduce how often you get hit. They do not ensure you never will. Intelligent recovery minimizes the severity of an attack when one lands. It can also discourage the next one. When attackers see that an organization recovers quickly and does not pay, that target becomes less appealing for a follow-on attempt. Once you accept that some attack will eventually get through, you can stop betting everything on prevention and build for recovery as well.
Major storage and infrastructure providers are strengthening their posture right now. Dell joined Project Glasswing and is using Mythos to find and fix vulnerabilities in its products. Dell’s view is that frontier AI has changed the cybersecurity equation, and that speed is now the decisive factor.
IBM and Hitachi have also joined the effort. Hitachi will use Mythos Preview to identify and remediate vulnerabilities in the software it builds for social infrastructure, including the energy domain. IBM has been hardening its own products and contributing fixes back to the open-source community.
The companies that build the infrastructure you run on are hardening it for an AI-driven threat landscape. That is real progress. It is also worth understanding where its limits are.
Even if every vendor patches every flaw Mythos finds, and even if your own security stack is fully current, some exposure remains. The reason is the network itself.
Modern operations run on a connected web of third-party vendors, managed service providers, contractors, and partners. Each connection is a trust relationship, and each trust relationship is a path. You built those paths on purpose, because the business depends on them.
Mythos does not need to break your security controls. It maps the paths you already have, far faster than a person could. It can identify which vendor, which appliance, or which remote access system is the weakest link. It can chain together small weaknesses that a human attacker might miss, and it can analyze a route that crosses several organizations to reach you.
This is not a new tactic. Attackers have pivoted through a smaller, softer supplier to reach a harder target for years. AI makes it more scalable, so an attacker can find the weakest link in your ecosystem faster than before.
The open network that runs your operations is also the surface these tools are built to study. Strong segmentation and tight third-party access make you harder to traverse, and they are worth the investment. They do not make the paths disappear, though. As long as the paths exist, a determined attacker may eventually find one.
This is why prevention has a ceiling. You can raise the cost of getting in. But you cannot bring it to zero.
When an attack does land, the first question is an essential one. Can you restore clean data and recover with confidence?
Many recovery tools cannot answer that directly. They restore data and then work to determine whether it is clean, often over several cycles. That slows recovery, raises costs, and tests customer confidence. And if the data is already corrupted, the restore brings the problem back, and the attack can begin again.
CyberSense validates data integrity across both production storage and backup data, using over 200 content-based analytics to detect signs of corruption. That detection runs at 99.99% accuracy, validated by ESG. Its detection engine is trained on real ransomware behavior, studied and refined by the CyberSense Research Lab. As attacks evolve, the model evolves with them.
CyberSense also provides forensics and points to a clean recovery point. Recovery teams restore clean data, then return to operations. That sequence keeps MTTR low and helps prevent a second attack from riding in on a bad restore.
The threat landscape is shifting, and AI is accelerating attacks. Defense and recovery are getting smarter too. Resilience comes from a plan that assumes breach and is built to recover when one occurs.
Now more than ever, an attack is a matter of when, not if. That is the reason to build intelligent recovery into your resiliency plan now. You cannot stop every attack. You can make sure you recover clean, fast, and with confidence.
