Beyond patching: Building a Mythos-ready security program

When Anthropic revealed the existence of Mythos, the frontier AI model they deemed too dangerous for public release, the security community was alarmed. And it’s not hard to see why: Mythos is capable of detecting software vulnerabilities at a previously unimaginable scale, and autonomously crafting exploits to weaponize these flaws. According to Anthropic, Mythos created 181 exploits of Firefox in testing, ninety times more than the company’s previous model (Claude Opus 4.6). 

The security world is facing down the prospect that soon, hordes of agents will turn the systems they rely on into Swiss cheese. But while concern is an appropriate reaction to this coming storm of vulnerabilities, panic is not. Instead, security and business leaders need to treat the next few months (which are likely all we’ll get before a Mythos-level model is widely available) as a precious gift: time to batten the hatches and prepare not just for a temporary crisis, but a permanently altered paradigm.

If there’s a silver lining to this storm cloud, it’s that it’s bringing the security community together to build collective solutions. As part of that effort, I was proud to contribute to The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program, a paper developed by Gadi Evron and Rich Mogull at the Cloud Security Alliance (CSA), CISO community, [un]prompted, SANS, the OWASP Gen AI Security Project, and a broad coalition of industry leaders. 

This paper offers a roadmap for security leaders to make the most impactful changes at their organizations and work toward “Mythos-ready” resilience. Their recommendations combine AI-driven defensive capabilities, accelerated vulnerability operations, hardened core controls, updated risk models, and stronger cross-industry coordination to operate at machine speed and withstand continuous waves of AI-driven attacks. 

The paper takes a broad look at how security can prepare for this new era of patch management – from how to use LLMs for code scanning to how to deal with security team burnout – but this blog focuses on my key takeaways. They reflect a shift in how defense actually works now that vulnerability discovery happens faster than any team can respond. In this world, the practical question is what an attacker can reach after initial access, and how far that access can spread. 

In a Mythos environment, a flaw matters most when it leads to credentials, tokens, or keys that can be reused elsewhere. That is where incidents turn into breaches.

How to update patch management for AI-driven exploits

In the pre-AI world, vulnerability management was constantly compared to “whack-a-mole:” an unglamorous, tedious job that was never really finished. Now, the arrival of Mythos has made this old, piecemeal approach obsolete. As the paper says: “The window between discovery and weaponization has collapsed to hours. Attackers gain disproportionate benefit, and current patch cycles, response processes, and risk metrics were not built for this environment.”

The obvious implication of this shift is that organizations need to make serious investments in their discovery and remediation efforts, including employing LLMs to help identify and triage urgent needs. But, as the paper says, “we cannot outwork machine-speed threats.” 

Trying to respond to every vulnerability will likely prove impossible, which means the real focus needs to be on containing the blast radius of any breach. More precisely, the goal is to ensure that a single exploit cannot be used to move across systems. And that means focusing on controlling access.

In practice, an exploit is usually the entry point of a breach, not its end state. What determines impact is the set of credentials or tokens available from that position, and whether they can be reused to access other systems.

Access makes the difference between an “incident” and a “disaster.” Human and agentic hackers alike are looking for opportunities for lateral movement, so they can use a vulnerability exploit as a beachhead for a larger attack. 

Attackers are looking for:

• Exposed API keys

• SSH keys 

• Overpermissioned service accounts

• .env files

• Weak authentication methods (which runs the gamut from SMS codes to compromised passwords)

Bringing these secrets and credentials under control creates bottlenecks where defenders can contain breaches. Anthropic itself advises this approach: segmentation, strong authentication, and visibility over the entire attack surface. Their recommendations for preparing for a post-Mythos world include:

• Adopt a zero trust architecture

• Tie access to verified hardware rather than credentials

• Isolate services by identity

• Replace long-lived secrets with short-lived tokens

• Decommission unused systems, since they tend to be unpatched

If you’re wondering how to protect your systems from vulnerabilities discovered by Mythos, the answer is about credential management as much as patch management. By centralizing every credential, from the .env files developers use to the service accounts agents operate, you create a “kill switch” for lateral movement.

Secure AI agents and manage agentic identities

As The “AI Vulnerability Storm” makes clear, agentic AI will be an indispensable tool in the fight against breaches, and the paper emphasizes the importance of getting the entire security team comfortable with using agents as soon as possible. But it’s equally important to build strong guardrails for agents throughout your organization. Here’s the upside: designing for good agents protects you from bad agents.

Any effort to secure agentic access must begin with discovery, since employees using shadow AI represent a glaring vulnerability. Agents and AI-based tools are vulnerable to prompt injection, can incorporate sensitive information into their training data, or contribute code that hasn’t been properly vetted or tested. Without proper training and tooling, employees (both developers and non-technical “builders”) might give their AI tools the same level of access they have themselves, rather than a scoped, least-privilege subset. And each time an employee gives an agent a hardcoded SSH key instead of a short-lived token, they create a path that could be used by an adversarial agent in a vulnerability exploit attack.

The challenge with agents is that they do not behave like traditional identities. They do not require interactive login and often run continuously without clear session boundaries or direct human oversight.

Instead of trying to make agents fit within existing IAM systems that were designed for human access, security leaders need to treat them as an identity class of their own, with unique authentication and authorization needs. This requires a shift away from static credentials, human approval for agent access, and enforcing strong, context-aware authentication, particularly for systems and workflows accessed programmatically. This not only reduces the likelihood of a malicious agent intruding, it also helps security teams quickly separate anomalous behavior from the background hum of “agents being agents.” 

How security can adapt to the post-Mythos world

The idea of vulnerabilities going from “discovered” to “exploited” in hours is certainly worrisome, but the good news is that security practitioners are dealing with this problem as a united front; that’s what Anthropic’s Project Glasswing is all about. Preparing for this new reality will require a constellation of approaches, from how we test code to how we automate patches, and 1Password is ready to meet the moment by helping to secure access for humans and their agents. 

Security programs that rely primarily on patch speed will struggle in this environment. Teams that adapt will assume compromise and design security approaches so that a single vulnerability does not expose access that can be reused across environments.

And the best time to start adapting is now.

Is your security program Mythos-ready? Learn more about how 1Password® Unified Access can help secure agent access.