The Anthropic Glasswing initiative brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks as launch partners. You can find a lot of posts and reactions on social media as it is definitely a big deal that Anthropic is keeping their Mythos Preview model out of general access. Ostensibly this is in order to provide major software and security companies first access to help work through thousands of discovered and verified vulnerabilities in web browsers, operating systems and similarly “wicked” problem spaces of risk. Whether you believe Anthropic has developed a major advance in model capabilities or that it was one brilliant marketing tactic, you simply cannot avoid the pressure to have something relevant and sensible to say on the topic.
For my part, I have the honor of having coined the term “Mythos-ready” when reviewing and contributing to the brief published by the CSA and friends (over 250 CISOs and authors, which in itself is an amazing collaboration effort and demonstration of community resilience) on April 12th. I wanted a term that was empowering yet, at the same time, able to clearly indicate that no organization is Mythos-ready at the moment. Not even Anthropic themselves.
This blog post, however, takes a different tack compared to the CSA brief and endeavors to outline the skeleton of a comprehensive security framework for organizations preparing for "Mythos," as we enter a new era of autonomous AI threats capable of discovering and exploiting vulnerabilities at machine speed.
The intent here in drafting and sharing a security framework mapping emphasizes shifting from simple prompt-based security to robust architectural controls, advocating for strict segmentation, least-privilege access, and isolated execution environments to limit the potential "blast radius" of an agentic breach. This is how we architect against autonomous threats.
To maintain a defender’s advantage, companies are encouraged to implement pre-release adversarial testing and "attack themselves first" through automated red-teaming pipelines. Anthropic’s own guidance on the impact to security teams highlights the importance of judgement and prioritization of vulnerabilities (EPSS v4.1), not just queuing them up for remediation. You don’t even need access to Mythos Preview to start doing this today. You can use any of your favorite frontier models and, truth be told, open weights free models too.
Ultimately, we want to surface the first draft of a maturity model and a practical checklist to ensure that internal systems are resilient against advanced AI models that can now chain multi-step attacks and find vulnerabilities in 20+ year old code as well as 20-minute old code.
Before dropping an overwhelming list of things that folks should be doing to get their organization ready for Mythos and Mythos-like scans and attacks, we should look to implement:
- Human-in-the-loop approvals for sensitive actions
- Maintaining high-fidelity logging of all autonomous tool interactions
- Blast-radius limits (least privilege, scoped tokens)
- Kill switches and anomaly detection
- Better segmentation between systems and data
- Input/output validation layers (agentic in particular)
- Separation between reasoning and execution environments
So if the collective wisdom is that we’ve moved on from the question “should we have agentic defense capabilities” to “how best to implement agentic defense capabilities,” there are some axiomatic principles and assumptions that should be called out.
In agentic systems, your attack surface = everything the agent can touch.
You are not Mythos-ready if any of these are true:
- Agents can access production with broad standing privileges.
- A single credential exposes multiple environments.
- Tool use is logged poorly or not at all.
- External posting or outbound network access is open by default.
- Security testing focuses on prompts instead of architecture and execution paths.
- Your incident plan assumes human-speed attackers only.
The Anthropic Mythos Preview System Card supports the premise that frontier agents can autonomously discover vulnerabilities, develop exploits, and occasionally take rare but high-impact reckless actions, which makes controls at the architecture-level extremely important.
Here’s a practical Security Architecture Checklist for the Age of Mythos. It is a first draft and will likely need to be revised based on feedback and further discussion, but it is focused on agentic attacks, higher breach frequency, and preserving the defender’s advantage that comes from knowing your own architecture, integrations, and release timing better than any attacker can. You can download it at the end of this blog.
"...we believe that powerful language models will
benefit defenders more than attackers, increasing
the overall security of the software ecosystem."
Project Glasswing isn’t just another chapter in the evolution of AI defense. It feels more like a jolt to a system that had quietly flatlined under the weight of complexity, noise, and reactive thinking. For years, application security has faltered in the quickening of speed and scale demanded by modern software development. What Glasswing represents is a shift from passive monitoring to active resuscitation: a cyber defibrillator that doesn’t just detect threats, but restores rhythm, clarity, and intent to how we defend software.
With some trepidation it can be safely assumed that on some not too distant Patch Tuesday, the results of pointing Mythos Preview at the Microsoft Windows code repositories will deliver us a new watermark in vulnerabilities. To my recollection, one of the worst so far was 400 vulnerabilities and 10 zero days. I’d wager we can bump that up to 4,000 vulnerabilities and 400 zero days given that Firefox included 271 vulnerabilities in release 150 on April 21st.
By injecting intelligence directly into the bloodstream of AppSec, AI stops being a bolt-on feature and becomes the pulse itself, continuous, adaptive, and responsive. It’s a reanimated discipline, one that can finally operate at the same velocity as the systems it protects. If the past decade of security was about surviving, this next era, sparked by efforts like Project Glasswing, is about coming back to life, stronger, sharper, and ready for what’s next.
If you want even more resources for preparing threats from agentic AI, Aikido has also published a Mythos-ready security checklist for CTOs. Check it out.
