When Treasury Secretary Scott Bessent and Fed Chair Jerome Powell sit down with the CEOs of America’s largest banks to discuss systemic risk, it is rarely because of a software announcement. Project Glasswing changed that. Anthropic’s Claude Mythos Preview, a reasoning-first AI model that the company has deliberately chosen not to release due to the potential dangers it could cause, has autonomously discovered thousands of high-severity zero-day vulnerabilities across every major operating system and browser. The threat is considered so significant that only a small inner circle of vetted technology partners, including Apple, Amazon, and Microsoft, has been granted early access to begin patching.

The rest of the industry is on its own. And the clock is running.

As if the vulnerability landscape were not alarming enough, Anthropic is simultaneously engaged in a legal dispute over a Pentagon supply-chain risk designation tied to restrictions on government use of its AI models. This fight underscores how deeply AI has become entangled with national security infrastructure. For security leaders at organizations outside that inner circle, the implications are clear: you are not getting advance notice, and you cannot wait for someone else to define the response.

Why Mythos Is Different: Reasoning at Machine Speed

Every few years, a new class of threat tool forces the security industry to recalibrate. What’s noticeable is not just their sophistication, but it’s how they collapse traditional timelines and undermine long-standing security models.

Mythos is not simply a faster scanner. It represents a reasoning-first leap; an AI that does not just find vulnerabilities but chains them, prioritizes them for impact, and begins mapping lateral movement paths, all faster than any human red team can respond.

Gartner captured the inflection point precisely in its initial assessment: “The window between vulnerability discovery and active exploitation continues to collapse.” That sentence used to describe a weeks-long gap. In a Mythos-class environment, it describes minutes, and in some cases, the first exploit attempts beginning before defenders can even operationalize awareness. One vulnerability Mythos surfaced had been hiding in OpenBSD for nearly three decades. Another gave an unauthenticated attacker root on any exposed FreeBSD host. Mozilla has already patched 271 Firefox vulnerabilities that Mythos identified. And by Anthropic’s own account, 99 percent of what Mythos has found remains unpatched in the wild.

The compounding risk is what keeps security leaders up at night. And it should be keeping the entire tech industry up at night, too. Attackers with access to Mythos-class discovery tools — or even some similar derivative — can reverse-engineer a public patch within days, weaponize it, and begin exploitation before a typical enterprise has pushed the update to a meaningful portion of its estate. Your patch cycle was not designed for this.

Spotting Unauthorized AI Agents Before They Become Entry Points

One of the most unsettling disclosures around the Mythos rollout was the report that unauthorized users had briefly accessed the model through a third-party vendor environment. That detail matters beyond the alarming headline. It illustrates the risk that most organizations are not yet monitoring for: autonomous AI agents operating inside (or adjacent to) your infrastructure without explicit authorization.

The traditional perimeter model assumed that threats came from outside and that insiders were largely known quantities. AI agents violate both assumptions. They can be introduced through vendor integration, a compromised developer environment, or a misconfigured API connection. Once inside, they operate at a speed and scale that standard monitoring thresholds were never calibrated to detect.

Organizations need to begin auditing their environments for non-human identity exposure with the same rigor they apply to privileged human accounts. Service accounts are the fastest path in for an autonomous agent. A model probing for access will prioritize standing privileges, process memory, and token stores — exactly the kinds of assets that accumulate quietly in enterprise environments and rarely get reviewed. If you cannot answer the question of what a given service account does and whether it should still exist, you have a gap that Mythos-class models will find before your team does.

Immediate Steps to Strengthen Infrastructure Before These Models Go Wide

The identity layer is where Mythos-class attacks will ultimately land, and with good reason. The identity layer has become the primary attack surface regardless if it’s a human, non-human or agentic AI identity. Recent incident data shows that the majority of modern attacks bypass malicious binaries entirely, instead abusing trusted identity paths, misconfigurations, and standing privileges. Human users, service accounts, and increasingly autonomous AI agents all operate within the same identity fabric.

In this environment, identity is not simply “where attacks end.” It is where they start, propagate, and monetize. Whether the initial foothold comes from a misused API token, a compromised non-human account, or a cloud control-plane abstraction, the objective remains the same: Active Directory, Entra ID, domain controllers, and privileged access paths.

For organizations outside the Glasswing inner circle, here are five areas to focus on immediately.

1. Shift from quarterly audits to continuous identity posture assessment. Quarterly reviews give attackers a 90-day window. Known misconfigurations like stale group policy objects, over-privileged service accounts, and risky conditional access gaps, become high-confidence exploit paths. Continuous monitoring at the identity control plane must run at the same cadence as endpoint vulnerability scanning.
2. Inventory and retire your identity debt. Every environment carries legacy infrastructure that was never cleaned up: unsupported domain controllers, forgotten forest trusts, dormant privileged accounts, and hybrid sync configurations left over from old migrations. That debt will be fuel for AI-accelerated exploitation. Treat identity end-of-life with the same discipline you apply to device retirement. If it cannot be patched, it needs to be retired on a defined timeline.
3. Move privileged authentication to phishing-resistant methods now. If Mythos-class tools make exploit generation cheap, the remaining control that holds is authentication that cannot be relayed, phished, or replayed. Hardware-backed MFA and passkeys for privileged accounts are not a future roadmap item. They are the control that separates a contained incident from a domain-level compromise.
4. Design identity security across the full lifecycle, not just detection and response. Early ITDR initiatives focused heavily on alerting and investigation, which assumed a human-paced attacker. Mythos-class threats compress timelines to the point where detection alone is insufficient. Recognizing this, Gartner recently realigned ITDR to map across all six functions of the NIST Cybersecurity Framework 2.0: Identify, Protect, Detect, Respond, Recover, and Govern. Effective identity defense now requires the ability to freeze unauthorized changes to Tier 0 objects, block privilege escalation in flight, and disrupt lateral movement before it reaches a domain controller. When exploitation unfolds in minutes, every phase of that lifecycle matters.
5. Test identity recovery before you need it. The default failure mode in a serious breach is an identity outage — Active Directory, Entra ID, or both. Restoring from backup is not recovery if the backup reintroduces the malicious changes that caused the incident. Organizations need tested object-level restore capability, malware-free forest rebuild procedures, and recovery time objectives that have been validated under pressure, not assumed. Yet most organizations are unprepared. According to the Quest Software State of ITDR 2026, more than 75 percent of organizations do not regularly test their identity recovery plans, leaving a critical blind spot that only surfaces during an active incident. With directory downtime estimated to cost hundreds of thousands of dollars per hour, discovering recovery gaps during a live attack is not an option.

The Modernization Trap

There is one more complication worth naming directly. The Mythos threat is arriving at exactly the wrong moment for most enterprises, which are in the middle of hybrid Active Directory-to-Entra ID migrations, zero trust rollouts, and cloud modernization sprints. Each of these initiatives creates precisely the conditions that AI-driven attackers will exploit: change windows that relax controls, temporary admin rights that linger, service accounts that spawn faster than they can be governed.

The answer is not to pause modernization. It is to apply the same identity security controls during change events that you use in steady state. Security posture cannot be suspended during migrations and re-enabled afterward. Controls must travel with the workload.

The Glasswing announcement is not a distant warning. For organizations outside the inner circle, the floodgates will open when these capabilities proliferate… and trust me, they will proliferate. The enterprises that survive the coming wave of AI-discovered zero-day exploitation will not be the ones with the fastest patch cycles. They will be the ones whose identity security infrastructure was already built to prevent, contain, and recover at machine speed. That window is narrowing. The time to build it is now.