.png)
Anthropic's Mythos announcement, and its companion Project Glasswing, have made security teams stop scrolling. Mythos is Anthropic's AI system designed to autonomously discover, reason about, and chain together vulnerabilities at a scale and speed no human red team can match. Glasswing extends that capability toward automated exploit generation and attack path simulation across complex environments. Together, they represent a genuine inflection point: not just better security tooling, but a fundamental shift in who/what is doing the offensive work.
We agree this conversation needs to be had. But most takes are looking at individual trees. This is about the forest.
The uncomfortable truth: the industry spent years debating whether to give AI systems agency. Mythos is a reminder that the question has quietly shifted to how much–and the governance frameworks that should have preceded that shift are still being written.
Autonomous AI agents that can discover and reason about vulnerabilities. Systems that move from research to exploitation faster than any human red team. It's impressive–and it signals something important that deserves a clearer-eyed look than the hype typically allows.
The real story isn't about whether AI will eliminate vulnerabilities. It won't. Every major platform shift – cloud, mobile, SaaS – didn't shrink the attack surface; it transformed it. Mythos and Glasswing won't eliminate the adversary. They'll force them to change tactics.
Our focus and attention actually needs to be on what happens when both offense and defense start operating at machine speed–and what that demands from the organizations caught in the middle.
The Gap That's Disappearing
There has always been a grace period between when a vulnerability is discovered and when it's widely exploited (dwell time). That window–measured in days, sometimes weeks–is where defenders live. It's when patches get applied, mitigations get deployed, and teams scramble to get ahead of a threat before it becomes a breach.
AI is collapsing that window.
Not because AI is writing perfect code (it isn't), but because it dramatically accelerates the pace at which both vulnerabilities are found and weaponized. What used to require a skilled researcher spending days reverse-engineering a system can increasingly be delegated to an agent running in parallel across thousands of targets. Systems like Mythos don't just find vulnerabilities–they reason about how to chain them into viable attack paths, compressing what was once a multi-day research process into something that operates at machine speed.
The math changes entirely. And security programs built around the assumption of that grace period are now operating on borrowed time.
The Seductive (and Dangerous) Narrative
There's a growing story in the industry that goes something like this: if AI can generate better code, and better code has fewer bugs, then AI will eventually write us out of the vulnerability problem altogether.
It's a compelling idea. It's also dangerously incomplete.
Security has never been purely a code quality problem. It is, fundamentally, a systems problem. Even in a world where every line of code generated is technically sound, risk persists in the spaces between:
- Misconfigurations: Cloud environments, IAM policies, and network segmentation that no static analyzer fully understands
- Dependencies: Third-party libraries, open source components, APIs that sit outside the control of any single development team
- Business logic: Logic that is correct syntactically but exploitable contextually, because it reflects a misunderstanding of how real users (and attackers) behave
- Complex system interactions: The emergent behaviors that arise when individually well-built components talk to each other in ways nobody fully anticipated
AI can reduce the density of certain vulnerability classes. It cannot reason away the complexity of interconnected systems operating in the real world. The attack surface doesn't shrink just because the code quality improves. In many cases, as software systems grow faster and more capable, the attack surface expands.
What Actually Changes
So if AI doesn't solve security, what does it change?
Speed and scale–fundamentally. But scaling defenders and simply being faster is only part of the strategy.
Software is being written, deployed, and modified faster than ever. AI accelerates that cycle. At the same time, the tooling available to attackers–automated reconnaissance, vulnerability chaining, exploit generation–is evolving at the same pace. The two curves are rising together. And it amplifies the existing problem security teams already face: prioritization. Knowing what to fix, in what order, because it's actually reachable by an attacker.
This creates a new imperative: security validation and security assurance have to become continuous.
Periodic penetration tests were designed for a world where the attack surface was relatively stable and changes were measured in quarters. That world no longer exists. When a new feature ships every day, when infrastructure is provisioned and deprovisioned dynamically, when AI-assisted attackers can probe for new exposures almost in real time–a pentest from three months ago is archaeology, not intelligence.
What matters now is knowing what is actually exploitable in your environment, today. Not what a scanner flagged as potentially vulnerable. Not what a static analysis tool identified in a code review. What an attacker could actually reach, actually chain together, and actually use to cause damage.
That's a different question, and it requires a different approach.
The Autonomy Question Nobody Is Asking Carefully Enough
Autonomous offensive security agents are genuinely exciting. They're also genuinely risky in ways the conversation tends to gloss over.
Deploying fully autonomous agents against production environments introduces a category of risk that isn't just technical–it's operational and organizational. An agent probing live systems can trigger incident responses, disrupt services, corrupt state, or cause unintended cascading failures. Unlike a controlled test, those consequences don't stay in the lab.
There's also an accountability problem. When an autonomous system causes harm–even unintentionally–the chain of responsibility is murky in ways that matter legally, operationally, and ethically. "The agent decided to" is not an acceptable answer when something goes wrong in a production environment. This is the governance gap that projects like Mythos and Glasswing are forcing into the open–and the industry doesn't have clean answers yet on scope controls, liability, or auditability for autonomous offensive agents operating outside sandboxed environments.
Offensive security has always required something that pure automation struggles to replicate: context and judgment. Knowing when to push and when to stop. Understanding the business consequence of a particular action. Recognizing when an unexpected finding changes the nature of the engagement entirely. These aren't soft skills–they're the core of what makes security testing useful rather than destructive.
The goal shouldn't be to remove humans from the loop. It should be to dramatically amplify what humans can do while keeping them meaningfully in control of decisions that carry real consequences.
The Harness Is the Security Control
There's a question worth sitting with before getting to what good looks like: if you build an AI system and surround it with the right business context, policy constraints, and live environmental data, can that architecture keep pace as models grow more capable?
It's the right question, and the answer is uncomfortable.
The stronger the model, the higher the stakes of getting the surrounding architecture wrong. In security, that surrounding architecture is called the harness – the system of prompts, tool definitions, retrieval pipelines, and escalation logic that encodes organizational intent into how the model behaves. It's where blast-radius awareness gets defined. Where human judgment gets operationalized. Where the line between "investigate this" and "act on this" gets drawn.
A model capable of connecting distant dots across a complex attack surface is precisely the system where a weak harness becomes the critical vulnerability. Under-specified tool boundaries, poorly scoped memory, vague escalation logic – these aren't configuration details. In a sufficiently capable system, they're exploitable failure modes.
The harness isn't a fallback for when model weights aren't enough. It's where organizational intent lives. Capability without harness discipline isn't a security tool. It's a risk you've decided to run.
The Model That Actually Works
The implication of all of this isn't that security becomes fully autonomous. It's that security has to become:
Context-driven: Informed by a deep understanding of the environment, the business, and the adversary. Knowing which assets are crown jewels, which exposures sit on a path an attacker would actually take, and which findings carry real business consequences versus theoretical risk. Without context, speed and scale just produce more noise.
Continuous: Not a point-in-time exercise but an ongoing process that moves at the pace of the environment it's protecting.
Execution-driven: Grounded in what is actually reachable and exploitable, not just what is theoretically possible or statistically likely.
Human-anchored: With automation handling the scale and speed problem, and humans providing the judgment, context, and accountability that machines can't.
This is a fundamentally different operating model than most security programs are built around today. It requires rethinking not just tooling but processes, team structures, and how security findings are connected to remediation workflows.
Who Adapts and Who Gets Left Behind
The organizations that navigate this shift successfully won't be the ones with the most sophisticated AI. They'll be the ones that can close the loop fastest–from identifying real exposure, to validating that it's exploitable, to remediating it before it becomes a breach.
That requires continuously testing against the actual attack surface. It requires treating security findings as operational data, not audit artifacts. And it requires the discipline to distinguish between what is genuinely reachable and what is merely a long list of theoretical possibilities–the kind of volume that autonomous scanning tools, including systems in the Glasswing category, are fully capable of generating at scale.
More findings is not better security. Validated, reachable, prioritized findings are.
If you're a security leader trying to figure out where to start, the question isn't which AI tool to buy. It's whether your program can answer, on any given day: what could an attacker actually exploit right now? If that question takes weeks to answer, the operating model needs to change before the tooling does.
The gap between discovery and exploitation is shrinking. The organizations that survive this era won't be the ones hoping that better code or more powerful scanning solves the problem. They'll be the ones that have built programs capable of continuously validating real exposure–and closing the loop before someone else does.
The acceleration is real. But matching the pace of attackers isn't a strategy. Knowing your real exposure, continuously, is.
