This spring, Anthropic disclosed that its flagship model Mythos had read through the source of every major operating system and browser and returned thousands of previously unknown vulnerabilities. One had been sitting in OpenBSD for twenty-seven years. Another had survived in FFmpeg for sixteen years, discovered through roughly five million automated scanner passes. Where the previous generation of their model found two exploitable flaws in Firefox under controlled testing, Mythos produced a hundred and eighty-one.
Anthropic declined to release it, stating that a model capable of patching vulnerabilities at that speed is equally capable of exploiting them. The restraint buys time but it does not change the current trajectory. Comparable capability will reach other frontier models within months and open-weight models within a year. The security community has already named the condition: the Cloud Security Alliance, working with SANS and some two hundred and fifty CISOs, calls it the AI vulnerability storm, and a "Mythos-ready" program the minimum viable response to it.
The tax on offence just got repealed
Patching has always been an asymmetric contest. Exploiting one flaw on one exposed machine is faster than remediating it across a fleet of ten thousand. Defenders absorbed that asymmetry for one reason: the attacker's discovery cost stayed high. Finding a usable vulnerability took skilled people and patient time, and that scarcity operated as a tax on attackers. AI repeals that tax. When discovery becomes cheap, continuous, and automated, the margin that made manual remediation survivable quickly disappears.
The margin was already thin. Unpatched vulnerabilities remain the most common technical root cause of ransomware, and most organisations still measure their remediation in days rather than hours. Automox's 2026 State of Endpoint Management report found that only six per cent of organisations have fully automated their endpoint management. Jason Kikta, the company's CTO, states the consequence explicitly:
"94% of organisations have not fully automated their endpoint management tasks. When time-to-exploit was measured in weeks, that was a calculated risk. When it's measured in hours, it's an open door."
Old assumptions meet new arithmetic
Manual patching used to be a reasonable bet. When weeks passed between a vulnerability becoming public and an exploit becoming usable, manual patching was a sensible response. On Mandiant's independent measure, that interval fell from sixty-three days in 2018 to a negative number in 2024. The old bet doesn’t survive these figures. What used to be a managed risk is now an exposure that hasn’t been billed yet.
The instinct under a novel threat is to reach for a novel defence. The CSA briefing resists that instinct, and its central recommendation is the least unconventional on offer: inventory, consistent configuration, segmentation, phishing-resistant authentication, and disciplined patching, executed faster and more consistently than before. These controls raise the cost of exploitation regardless of whether a researcher or a model discovers the vulnerability. The organisations with disciplined endpoint management were harder targets before, and will remain so in the post-Mythos era.
What changes is that the fundamentals no longer scale through manual execution. The brief reframes vulnerability response as VulnOps: a permanent, staffed function rather than a sprint assembled whenever the next critical CVE emerges. A team tasked with managing a continuous stream of AI-discovered vulnerabilities cannot rely on scripts, spreadsheets, and the institutional memory of a single engineer who understands how the workflow fits together.
As Automox security manager Ryan Braunstein argues, manual work has become a new attack surface. The issue is less one of efficiency than of scale. A continuous stream of vulnerabilities demands systems capable of handling them, leaving little room for workflows that depend on manual coordination.
Errors at scale
The same report finds that concerns about autonomous operations centre on two risks: incorrect changes and loss of control. In response, practitioners place the highest value on safeguards such as automatic rollback and on-demand pause or override capabilities.
An error on one machine generates a ticket. But an error across an entire fleet is a different catastrophe altogether. The answer is not to avoid automation but to govern it. Policy-defined device states, rollback mechanisms, and audit logs make autonomous actions observable and accountable. At scale, trust depends less on preventing every mistake than on ensuring that mistakes can be detected, understood, and reversed.
Regulators have begun pricing the same risk. In June, CISA's Binding Operational Directive 26-04 set a three-day remediation deadline for the highest-risk vulnerabilities on federal systems, naming AI-accelerated exploitation as the primary driver. Federal directives tend to become commercial baselines by way of audits, insurance terms, and contract language. A three-day deadline is not a number any organisation meets by manually patching a fleet, making the directive an automation mandate wearing a compliance label.
The work in front of most organisations is not the purchase of an oversold AI defence system. It is the unglamorous automation of operations while the margin to do so still exists. Mythos alone did not create this exposure, but it ended the option of ignoring it.
Comments ( 0 )