Illumio and Palo Alto Networks leaders on what Anthropic’s vulnerability-hunting model means for defenders – and the once-in-a-lifetime window they say is closing
In cyber-security, the breach almost always comes before the alert. This time, the alert came first.
On 7 April, Anthropic announced Claude Mythos Preview, a frontier AI model that can autonomously discover and chain zero-day vulnerabilities across major operating systems and web browsers. The company hasn’t released it to the public. So for a rare moment, defenders know roughly what’s coming without yet having to face it everywhere, every day.
Illumio Founder and CEO Andrew Rubin can’t get over how little his industry is doing with that head start. “It’s the biggest gift that we’ve ever been given,” he says, “And we’re literally just absolutely squandering it.”
Rubin has spent the past several weeks in front of CISOs all over the world, and his assessment is bleak. Picture 100 of them in a room, he says, from any industry, any geography, and ask what they’ve actually changed, day to day, since Mythos landed.
“I bet you 99 out of 100 would tell you nothing,” he says. “We’re squandering what is probably the once-in-a-lifetime opportunity that we’re going to get.”
Rubin had set the tone weeks earlier. On stage at the 2026 RSAC Conference, he’d called cyber-security fundamentally and systemically broken. Asked whether Mythos had changed that, he nods.
“It was an understatement,” he said. “Dramatically so.”
What Mythos actually did
Anthropic never set out to build a hacking tool. As the company tells it, the capability emerged from advanced coding and reasoning skills, not from deliberate security training. And once researchers saw what the model could do, they decided the public couldn’t have it.
The numbers explain the caution. In about seven weeks of testing, one model and one team found more than 2,000 previously unknown software vulnerabilities. That’s roughly a third of what the entire industry surfaced in any given year before AI-assisted vulnerability hunting.
Worse, more than 99 per cent of those flaws are not yet patched, most are not yet disclosed, and they do not exist in any CVE database.
Mythos is just the start
fter these revelations, Anthropic set up Project Glasswing, a joint initiative between the world’s major tech players tasked with weighing the implications and opportunities in what Mythos uncovered. Sherrod DeGrippo, who leads threat intelligence at Unit 42 Palo Alto Networks, frames the shift in a single word.
“AI means acceleration,” she says. “That’s what that A stands for.” Faster, bigger, more. In her opinion, the clock is running out.
“I have never felt this level of concern,” she adds.
DeGrippo also doesn’t think Mythos itself is the story. Publicly disclosed vulnerabilities have grown at double-digit rates for two years, including a 32 per cent jump in 2024 according to NIST, driven partly by AI even before Mythos. The autonomous tool XBOW topped a US bug-bounty leaderboard, the first time an automated pen tester had done so.
Independent testers have also found that small, cheap, open-weight models can recover much of the same analysis Anthropic showcased. As Rubin puts it: “If it isn’t Mythos, it’s GPT Cyber. If it’s not GPT Cyber, it’s DeepSeek.”
For DeGrippo, the more unsettling change is in who can pick these tools up. She borrows a term from the startup world. A unicorn is a company worth a billion dollars, and OpenAI’s Sam Altman has predicted the first one built by a single person. DeGrippo runs the same idea in reverse.
“Anything anybody says about startups, I immediately apply to threat actors,” she said.
That points to what she calls a unicorn threat actor: one person, no team, operating with the capability, persistence and sophistication of a nation-state. She thinks it’s not only possible but close.
Why the old playbook breaks
Rubin’s argument is that the tooling isn’t even the deepest problem. The operating model is. Take patching. “We’ve been terrible at it for 40 or 50 years because we decided to be terrible at it,” he says.
Patching well costs money, time and uptime, so most companies quietly accept the risk of skipping it. That bet held because catastrophic breaches stayed rare.
Mythos upends the odds. “The model is going to be able to break into everything,” Rubin says. A model that can do that will, in his words, “re-rate all of the risk in the world.”
Neither Rubin nor DeGrippo thinks defenders can simply out-AI the attackers. Attackers grab a capable model and try it the same afternoon. Enterprises spend nine months on a paper RFP and years on a rollout.
“We’re slow, and they’re fast,” Rubin says.
The new centre of gravity is containment and recovery
If more flaws lead to faster exploitation at machine speed, the numbers point to one way forward.
“Mathematically, it’s impossible not to assume you’re going to have more breaches,” Rubin says.
He wants to flip the CISO job description on its head. For years, the role was almost entirely about prevention, with a sliver of attention left for recovery.
He’d invert it. Spend most of your effort on resilience, recovery and the playbooks that keep a bad day from becoming a catastrophe.
That’s the same logic behind breach containment and microsegmentation, the approach Illumio has long argued for: assume the attacker gets in, then box the threat into one corner so a single compromised system never becomes a company-wide failure.
‘Worse before it gets worse’
DeGrippo doesn’t measure progress with a dashboard. Winning, she says, “looks like a CISO who is confident in their ability to respond” and can handle an incident “without breaking too much of a sweat.” Right now, she adds, far too many organisations have no response plan at all.
“I think it’s going to get worse before it gets worse,” she says.
The line is a conscious twist on the usual reassurance that things will get better. Her point is that no one can yet say if or when the curve bends back. DeGrippo still believes defenders can adapt, but only if they learn to trust good technology over old habits.
The AI apocalypse, for now, hasn’t come. But the alarm is sounding.
Whether it turns out to be the gift Rubin describes or a warning the industry sleeps through depends on what it does with the time it has left.
