Cybersecurity

How Advanced AI models like Mythos will reshape cyber risk

A person checking a  server
  • Insight
  • 5 minute read
  • July 13, 2026

Advanced AI models like Mythos are accelerating the identification, scaling, and exploitation of cyber vulnerabilities

 

For leaders in Ireland, maintaining cyber resilience requires enhanced visibility, faster detection and response capabilities, and robust governance.

Pat Moran

Pat Moran

Partner, PwC Ireland (Republic of)

Leonard McAuliffe

Leonard McAuliffe

Partner, PwC Ireland (Republic of)

Shomo  Das

Shomo Das

Director, PwC Ireland (Republic of)

Mythos will transform the pace and scale of cyber risk. Models like Mythos empower defenders to identify vulnerabilities swiftly, yet they also herald a future where attackers can act with greater speed and less effort. For Irish organisations, the focus is clear: enhance visibility, fortify controls, and develop the capacity to respond before minor exposures escalate into significant incidents.

How Mythos will reshape cyber risk

Below are six trends illustrating how the emergence of advanced AI models like Mythos is reshaping the threat landscape. Together, they depict an environment where vulnerabilities are discovered and weaponised at unprecedented speed; social engineering becomes indistinguishable from genuine human interaction; and attackers gain an innovation edge over defenders. These trends highlight why advanced AI models like Claude Mythos Preview are crucial, and why the window for defensive action is narrowing.

1. The industrialisation of vulnerability discovery

Mythos will make vulnerability discovery faster and cheaper, shifting the primary constraint from human expertise to unrestricted access to LLMs and tokens. A surge of vulnerabilities is imminent.

2. The automation of highly persuasive social engineering

Advanced AI will enable more convincing and scalable social engineering. Hyper-realistic, personalised targeting across voice, video, and text that mimics genuine human interaction.

3. The acceleration of the attack lifecycle

Mythos will speed up and automate attack execution, reducing the time between entry and impact. This shifts threats from “human-speed” to “machine-speed” attacks, where manual human-led responses are too slow.

4. The democratisation of attacker sophistication

Advanced AI will lower entry barriers, equipping low-skill attackers with high-end capabilities, and expanding the pool of attackers. It will flatten the tiered threat landscape.

5. The rise of defender fatigue

This will result in a shift from episodic incidents to continuous, persistent pressure. Traditional security operations centre (SOC) models can’t endure. Defender capacity and cognitive fatigue will become primary risks and vulnerabilities.

6. The attackers AI innovation advantage

Attackers will rapidly experiment with and leverage Mythos faster than defenders, widening the gap between attackers’ “fail-fast” innovation and defenders’ “high-assurance” requirements.

How Advanced AI models are lowering the barrier to entry

Advanced offensive AI models have drastically lowered the entry barrier for threat actors. Low-skilled adversaries can now launch campaigns at a scale and sophistication once exclusive to nation states. The result is a dramatic reduction in the window between vulnerability identification and exploitation. In 2018, the average time between disclosure and active exploitation was about two years. Today, this window has shrunk to less than 24 hours, leaving defenders with minimal time to patch, test, and deploy mitigations.

In this context, Anthropic’s release of Claude Mythos Preview represents what advanced AI models can do.  Mythos can identify vulnerabilities, misconfigurations, and chain multiple weaknesses to execute cyberattacks. Tasks that previously required skilled cyber professionals with specialist tools can now be automated and expedited using Mythos, accelerating the compression in attacker timelines described above.

Recognising the dual-use potential of these capabilities, Anthropic has restricted access to the model and launched Project Glasswing, a cross-industry initiative that enables trusted partners to fortify critical software while broader release is delayed until defences mature.

The impact of Mythos and other advanced AI models

Even if Mythos remains restricted for now, it should be seen as a precursor of what’s to come. Other actors will pursue similar capabilities, and misuse of mainstream models like ChatGPT and Gemini already enables practical exploitation of known vulnerabilities today. Most enterprise exposures are not zero-days; they are often known vulnerabilities compounded by misconfigurations and identity weaknesses that agentic AI can now exploit at scale. For instance, AI-enabled phishing campaigns exploit common identity weaknesses and misconfigurations like token theft and weak authentication setups, rather than relying on zero-day vulnerabilities.

  • Existing weaknesses become more exposed: Mythos capabilities will identify and exploit inconsistent hygiene, stale credentials, fragmented telemetry, and slow change processes faster than defenders can address them.
  • Shrinking response windows: Mythos will accelerate both vulnerability discovery and exploitation. Patch cycles measured in weeks are no longer viable against threats that move in hours.
  • Lowering people and technology barriers: Anthropic reports that engineers without formal security training generated working exploits overnight using Mythos, indicating a significant reduction in the skill threshold. Simultaneously, the tooling barrier is collapsing. Capabilities that once required expensive commercial offensive security platforms are now accessible through general-purpose AI models.

"Models like Mythos will speed up how quickly organisations need to spot, fix, and react to issues. As advanced AI capabilities become more accessible, staying resilient will hinge on being able to see clearly, act swiftly, and address issues before they escalate into significant problems."

Pat Moran, Partner

Eight actions organisations should take

Advanced AI models are compressing cyber timelines and increasing pressure on traditional defence models. Exploited high- and critical-severity vulnerabilities more than doubled from 71 in 2024 to 146 in 2025, while the median time from vulnerability publication to inclusion in the CISA Known Exploited Vulnerabilities catalogue fell from 8.5 days to 5.0 days.

In this environment, organisations can’t wait for the next incident to test their resilience. Defending in the age of Advanced AI requires a proactive, layered approach across people, processes, and technology. The priorities below outline practical actions leadership teams can take to enhance visibility, reduce exposure, and respond with greater speed and confidence.

1. Establish full visibility and prioritise what matters most

Maintain an up-to-date view of critical systems, data, identities, and third-party dependencies. Connect technical assets to the business services they support, so leaders can see where disruption would matter most. Prioritise remediation on the assets and exposures that could create the greatest operational, financial, regulatory, or reputational impact.

2. Focus on the fundamentals

Strengthen the controls that limit preventable compromise. Accelerate risk-based patching, enforce multi-factor authentication, reduce unnecessary external exposure, and review privileged access. Segmentation, Zero Trust principles, and egress filtering can help limit the blast radius when an attacker gains access. These basics become more important as Advanced AI increases the speed and scale of threat activity.

3. Be ready to respond at machine speed

Review whether vulnerability management and incident response processes can keep pace with faster-moving threats. Automate where it improves speed and consistency, including containment, identity control changes, alert enrichment, and escalation. The goal is not to remove human judgement, but to ensure teams can act quickly when exposure becomes active.

4. Leverage Advanced AI for defence

Use Advanced AI to strengthen cyber operations, not only to monitor emerging threats. Advanced AI models can support vulnerability discovery, code review, alert triage, threat intelligence analysis, and incident summarisation. Anthropic’s Project Glasswing shows how advanced models like Claude Mythos Preview are already being used by selected partners for defensive security work, including finding and fixing vulnerabilities in critical software.

5. Prepare for containment, not just prevention

Assume some vulnerabilities won’t be patched before attackers test them. Build response plans that focus on detection, isolation, and recovery as well as prevention. This includes rehearsed playbooks, clear decision rights, tested backup and recovery processes, and the ability to isolate affected systems quickly without causing unnecessary disruption to the wider business.

6. Manage third-party supplier risk

Assess whether critical suppliers, particularly SaaS and technology providers, can manage vulnerabilities at the pace now required. Review contractual obligations, incident notification processes, evidence of patching discipline, and dependency on subcontractors. Supplier resilience should be treated as part of the organisation’s own cyber resilience, not as a separate procurement exercise.

7. Engage the board

Reframe board-level cyber conversations around exposure, speed, and resilience. The core questions should be: What are our most material cyber exposures? How quickly can we respond if they become active? How resilient are our critical services in an advanced AI model-driven threat environment? This moves the discussion from technical reporting to business readiness.

8. Address the human layer

Refresh cyber awareness for an environment shaped by  phishing, deepfakes, and more convincing social engineering content generated by advanced AI models. Traditional training should be reinforced with practical verification behaviours, clearer escalation routes, and targeted education for high-risk roles. People should also be equipped to use advanced AI-driven security tools responsibly, with appropriate judgement, governance, and oversight.

We’re here to help

We can help organisations respond to advanced AI-driven cyber risk by turning exposure into practical action. We support AI-accelerated assessments to identify exploitable vulnerabilities, unpatched systems, and areas of heightened zero-day risk.

We help close priority gaps through modern vulnerability operations, agent-enabled security workflows, automated containment, and tested response plans. We also strengthen the fundamentals that limit cyber impact, including Zero Trust, segmentation, and identity and access management.

As expectations evolve, we help leadership teams design governance frameworks that meet regulatory, board, and auditor requirements while enabling responsible, advanced AI-powered cyber defence. To learn more about your cybersecurity challenges and opportunities, contact us today.

Cybersecurity and Privacy

Strengthen resilience and accelerate response in a fast-changing world.

New world, new rules

How Irish firms are adapting to new cybersecurity threats.

Contact us

Pat Moran

Pat Moran

Partner, PwC Ireland (Republic of)

Leonard McAuliffe

Leonard McAuliffe

Partner, PwC Ireland (Republic of)

Shomo  Das

Shomo Das

Director, PwC Ireland (Republic of)

Follow PwC Ireland