Experts questioned by SC Media about the industry’s response to Claude Mythos — an unreleased AI model that can discover critical software vulnerabilities — said they were glad to see such a strong effort, but shared concerns that many of the 11 recommendations were standard security hygiene.In response to concerns over what could happen if Claude Mythos gets into the wrong hands, which led to a closed-door meeting last week between Treasury Secretary Scott Besent and Fed Chairman Jay Powell with top bankers, the Cloud Security Alliance (CSA) convened a star-studded panel of security experts to develop a strategy for teams to revamp their security programs.While the authors were Gadi Evron, chief executive officer at Knostic; Robert T. Lee, chief of research at the SANS Institute; and Rich Mogull, chief analyst at the CSA; the team's contributing authors included the likes of former CISA director Jen Easterly and Bruce Schneier, a lecturer at Harvard’s Kennedy School of Government. The paper also included input from 60 other contributors and more than 250 CISOs.
“The real gap the CSA briefing doesn't fully address is behavioral observability of AI systems themselves,” said Rahimov. “We should not just focus on defending against Mythos, but understand governing how AI tools inside your own organizational infrastructure behave under pressure or under attack. Glasswing buys time. It does not buy forever.”BeyondTrust’s Smith offers these four practical steps teams can take today to get started with a response:
Well-intentioned checklist?
Some security experts said laudable though the CSA effort was, the result was a watered down list of familiar security best practices."The CSA briefing is well-intentioned and the risk register is thorough, but the action items read like a security program checklist that predates Mythos: segment your network, do asset inventory, adopt AI agents, and establish a VulnOps function,” said Aaron Beardslee, manager of threat research at Securonix. “Most mature security teams already know they should do those things. What the brief does not do is address the specific, uncomfortable reality of the gap: defenders are being asked to adopt autonomous tooling faster than they can secure it, against an adversary who has no such constraint.”Beardslee said the concrete starting point he sees versus the 11 priority actions include the following: know the company’s critical assets and their primary dependencies in detail; instrument egress filtering because it remains one of the few controls that stops lateral movement regardless of how the initial access happened; and push for, or require LLM-assisted security review on any code before it ships.It's important to note that to date, a hacker group has not breached either Anthropic or the 40 organizations that are part of Project Glasswing, a cybersecurity initiative to use Claude Mythos to discover and fix vulnerabilties. In published reports, critics have charged that the AI industry just wants to move the market or have the 40 Project Glasswing companies fix their bugs for them. There have also been concerns about the Project Glasswing companies getting hacked.Jacob Krell, senior director, secure AI solutions and cybersecurity at Suzu Labs, said it’s good that the industry has finally woken up to what AI means for offensive cybersecurity, but we shouldn’t treat any of this as new just because Claude Mythos just made it impossible to ignore.“The capability [around AI] has been here for a while,” said Krell. “What Mythos appears to have done is make it easier, faster, and more accessible, which is exactly why this is not routine. I do not think this is hype. If anything, it’s the broader market catching up late. The CSA guidance is useful, but the reason it can sound routine is because the defensive categories are familiar: hardening, segmentation, patching, automation, and tabletop exercises. What’s not routine is the speed and scale problem. When offensive capability accelerates this hard, familiar defensive advice stops being enough unless teams execute it much faster and with a lot more technical depth.”Bradley Smith, senior vice president and Deputy CISO at BeyondTrust, added that the CSA briefing represents the most serious coordinated response to Glasswing published so far. The problem is not what the CSA recommends, said Smith, it’s that every one of its priority actions requires executive sponsorship to execute at the timelines the authors recommend: it tells CISOs what their programs need to become, but it cannot answer whether their CEO, board and investors will fund the disruption to existing plans that’s required to get there.“The people calling this hype are making the same bet they always make: that the breach will happen to someone else first,” said Smith. “When pointing an AI agent at a codebase and saying ‘find me zero- days’ produces results, targets that were never worth the effort for elite attackers such as mid-market companies, regional health systems, critical infrastructure supply chains, become viable for commodity ransomware operators overnight. That’s a structural shift in who gets targeted, and leaders who dismiss it are choosing short-term comfort over the security of every organization that depends on them.”Matan Shavit, general manager, North America at Hadrian, said the buzz around Mythos isn't just hype, it heralds a shift in the threat model. Comparing it to Y2K makes sense in terms of industry coordination, said Shavit, but the important difference is that this isn't a fixed problem with a deadline; it's something evolving in real time.“If some of the guidance feels too familiar, that could be a problem because Mythos is not a routine security challenge,” said Shavit. “Claude Mythos and models like it — and there will be others — introduce scale, autonomy, and adaptability that traditional controls weren't designed for. Most organizations aren't prepared for a threat surface that learns and changes as it operates. That changes the game, and traditional controls alone won't cut it.”Yagub Rahimov, chief executive officer at Polygraf AI, said while many of the 11 recommendations are necessary, they are insufficient in the age of AI because we’re no longer talking about a routine vulnerability cycle.“What changed is the economics of offense — the person in North Korea [can potentially have] the same weapon as our best cyber defense expert now,” said Rahimov. “Mythos compresses the entire kill chain including discovery, exploitation, chaining into hours, without any team requirements, it is autonomous.”Rahimov said traditional controls the cyber world has become used to assume human-speed adversaries and known attack patterns. That assumption has been shattered — we need to change our approach and perception.“The real gap the CSA briefing doesn't fully address is behavioral observability of AI systems themselves,” said Rahimov. “We should not just focus on defending against Mythos, but understand governing how AI tools inside your own organizational infrastructure behave under pressure or under attack. Glasswing buys time. It does not buy forever.”BeyondTrust’s Smith offers these four practical steps teams can take today to get started with a response:
- Stop funding programs built for the wrong threat: Audit every active security investment against one question: knowing what AI has done to the offense, would we fund this from scratch today? Redirecting those resources does not require new budget. It requires executive authority to pull money from programs that feel safe because they are familiar.
- Know the company’s actual attack surface: Many organizations cannot answer which assets are internet-exposed right now, at what patch level, and who owns each one. Periodic assessments are outdated before they are complete when exploitation runs in minutes. Align response cadence to the exploitation timeline. It the organization's patching cycle runs in weeks and the threat operates in hours, the model is broken. Fixing that requires executive sponsorship, because it touches every team that depends on production stability.
- Enforce the controls already on the roadmap: Phish-proof MFA across every identity. Default-deny on every external perimeter point. Elimination of standing privileged access. These are known, available, and proven. They are not in place because they were sequenced into a future phase of a plan the threat has already outrun.
- Understand what’s different in the AI world: Y2K worked because it had a hard deadline no one could negotiate with. The AI vulnerability storm does not come with a date on the calendar. It comes with a probability curve that steepens every month. This is not a gate that we pass and everything goes back to how they were, it’s the new baseline, and it only accelerates from here.




