By means of Sila Ozeren Hacioglu, Safety Analysis Engineer at Picus Safety.
In April 2026, Anthropic launched its latest frontier style, codename Mythos, to 12 companions below a gated preview. No longer basic availability; the corporate explicitly held it again because it was once (as it should be) deemed too bad for open free up.
In its first 14 days inside of that sandbox, it wrote 181 running Firefox exploits. The former cutting-edge style controlled two. Uh oh.
It surfaced 1000’s of zero-days throughout each and every primary OS and browser, together with a 27-year-old trojan horse in OpenBSD, an working machine whose whole recognition is constructed on no longer having insects like this.
Over 99% of what Mythos discovered remains to be unpatched in manufacturing lately.
That isn’t a forecast. That came about.
Now pair it with what is already within the wild.
Let’s again up somewhat. In February, AWS Danger Intelligence printed a postmortem on a FortiGate marketing campaign run via a unmarried operator. One individual, low talent, no palms on keyboard.
The AI did the paintings, and it hit 2,516 units throughout 106 international locations in parallel, taking simply mins in keeping with goal. 0 days were not required. Identified CVEs and misconfigurations had been sufficient; the AI merely operated quicker than any person may reply.
Two information issues, one message: offense now runs at mechanical device pace. And the query each and every defender must be asking is, no longer “are we compliant?” or “are we coated?” It’s extra granular, and extra urgent:
“What’s in truth getting thru my controls lately, and the way a ways?”
If the fair solution comes to a quarterly pentest document and a few dashboard screenshots, believe the remainder of this piece required studying.
How Rapid Can Attackers Exploit a Revealed CVE in 2026?
A decade in the past, the median time from a CVE’s e-newsletter to a running exploit showing within the wild was once measured in months, lengthy sufficient for an actual patch cycle. By means of 2024, that window had gotten smaller to about 56 days. By means of 2025, it was once all the way down to 23 days.
Contemporary CVE-to-exploit pairings from CISA KEV, VulnCheck KEV, and exploit databases now display an average delta of more or less 10 hours.
Reversing a broadcast repair right into a running exploit is not a expert craft; it is now a recommended.
Which means the comfy assumptions of vulnerability leadership, that CVSS ratings meaningfully prioritize, that “exploitability” is an invaluable clear out, that you’ve time between disclosure and weaponization, have all quietly damaged.
The more secure running assumption is now: each and every vulnerability has an exploit, or will, ahead of you end your subsequent change-management assembly.
Sadly, autoimmunity for cover does not exist but.
And blue facet AI with out validation is solely guesswork at mechanical device pace, and that is the reason an pricey stoop to deploy into manufacturing.
Over 99% of Mythos findings stay unpatched. The Glasswing public document lands in July.
This information from Picus Labs covers the 12 operational suggestions safety groups want to shut the distance between AI-speed offense and human-speed protection, together with 5 movements for week one.
Obtain Now
The Actual Bottleneck Is not Tooling — It is the Spaghetti Handoff
Let’s get started with the attacker first.
At 2nd 0, the AI script kicks off. By means of 2nd 5, a CVE is exploited. MFA bypassed via twenty. Internet shell delivered to thirty. Credentials dumped at forty-five. By means of 2nd seventy-three, the compromise is whole.
No human within the loop, no hesitation, no workforce conferences, no espresso breaks.
Now image the defender.
The SIEM alert fires at one minute, after the attacker is already finished. A Tier 1 analyst choices it up round minute 5. Anyone triggers a SOAR playbook, via hand, at minute fifteen. A Jira price ticket will get filed an hour in. 4 hours later, it lands within the IT ops’ queue.
The patch is going out tomorrow, twenty-four hours after the breach that took seventy-three seconds to finish.
Realize the place the time is going. It’s not inside of anyone software. The EDR is speedy. The SIEM is speedy. The vulnerability scanner is speedy. The time dies between the gear: the Slack messages, the copy-pasted hash, the PDF document emailed for overview, the price ticket looking forward to approval, the purple workforce script being rebuilt via hand for the blue workforce.
That is the spaghetti handoff, and it’s as messy because it sounds.
You’ll purchase a quicker scanner, plug in a better EDR, even bolt an LLM onto your SIEM, and none of them will markedly accelerate your reaction, for the reason that hole is not inside of any of your gear. It lives between groups and between programs. Accelerating one node in a graph does not boost up the graph.
It is a giant a part of why this dialog has moved out of the CISO’s place of work.
Six months in the past, AI-driven cyber chance was once a technical downside to delegate. As of late, forums are treating it as existential and governing it without delay. Budgets are unlocked, however no longer for ‘extra of the similar.’ They are investment credible, evidence-based plans.
What Are the 3 Pillars of Cyber Resilience within the Age of AI-Powered Assaults
The basics that made organizations resilient ahead of Mythos nonetheless observe. There are 3.:
Pillar 1: Establish. You’ll’t protect what you’ll be able to’t see. Even with complete publicity visibility throughout community, endpoint, cloud, and identification, and competitive assault floor leadership, the blind spots (orphaned far off get admission to, lacking segmentation, MFA gaps) are the place machine-speed attackers are living.
Pillar 2: Offer protection to. Efficient community and endpoint controls, correctly tuned. Adapted detection excited by credential get admission to, lateral motion and privilege escalation reasonably than generic dealer laws.
Pillar 3: Validate. That is the only maximum systems undervalue, and it is the one who in truth solutions the query we began with. Validation has two halves, and sure, you want each.
-
Defensive validation — Breach and Assault Simulation (BAS). Are my prevention and detection controls in truth catching what is hitting me presently? Which property do my controls fail to give protection to? What is the residual chance after my stack runs?
-
Offensive validation — Self sustaining Pentesting. Can an attacker in truth breach us? Which exposures chain in combination into an actual trail to our crown jewels? What is in reality exploitable in the environment, no longer simply theoretically inclined?
Run most effective BAS, and you can know your controls paintings in isolation however no longer whether or not an attacker can path round them. Run most effective self reliant pentesting, and you can to find assault paths however gained’t know which controls are silently failing at the property the pentest by no means touched. Run them as one steady loop, the place each and every informs the opposite, and also you’ll after all have a solution to “what will get thru, and the way a ways” that is grounded in proof reasonably than hypothetical opinion.
However proof is not sufficient by itself. When offense runs at mechanical device pace, the loop itself has to run at mechanical device pace.
How Picus Approaches Self sustaining Validation in a Put up-Mythos International
A continuing loop is the suitable solution. However “steady” nonetheless implies a human pacing it. In a post-Mythos international, the distance that issues is not between seeing and detecting; it is between detecting and proving, speedy sufficient that an AI-driven adversary does not to find out for you first.
That is the place validation is going from steady to self reliant: brokers studying the alert, scoping the take a look at, working the simulation, pushing the repair, and writing the document, whilst the SOC catches up on some much-needed sleep.
We will be unpacking precisely what that appears like (the structure, the agentic workflows, the operational fact of working it inside of an actual undertaking) on the Self sustaining Validation Summit on Might 12 & 14, hosted with Frost & Sullivan and that includes practitioners from Kraft Heinz and Glow Monetary Products and services, along PicusCTO, Volkan Erturk.
>> See it in motion on the summit.
Backed and written via Picus Safety.
