{{item.title}}
{{item.text}}
{{item.text}}
Mythos will transform the pace and scale of cyber risk. Models like Mythos empower defenders to identify vulnerabilities swiftly, yet they also herald a future where attackers can act with greater speed and less effort. For Irish organisations, the focus is clear: enhance visibility, fortify controls, and develop the capacity to respond before minor exposures escalate into significant incidents.
Below are six trends illustrating how the emergence of advanced AI models like Mythos is reshaping the threat landscape. Together, they depict an environment where vulnerabilities are discovered and weaponised at unprecedented speed; social engineering becomes indistinguishable from genuine human interaction; and attackers gain an innovation edge over defenders. These trends highlight why advanced AI models like Claude Mythos Preview are crucial, and why the window for defensive action is narrowing.
1. The industrialisation of vulnerability discovery
Mythos will make vulnerability discovery faster and cheaper, shifting the primary constraint from human expertise to unrestricted access to LLMs and tokens. A surge of vulnerabilities is imminent.
2. The automation of highly persuasive social engineering
Advanced AI will enable more convincing and scalable social engineering. Hyper-realistic, personalised targeting across voice, video, and text that mimics genuine human interaction.
3. The acceleration of the attack lifecycle
Mythos will speed up and automate attack execution, reducing the time between entry and impact. This shifts threats from “human-speed” to “machine-speed” attacks, where manual human-led responses are too slow.
4. The democratisation of attacker sophistication
Advanced AI will lower entry barriers, equipping low-skill attackers with high-end capabilities, and expanding the pool of attackers. It will flatten the tiered threat landscape.
5. The rise of defender fatigue
This will result in a shift from episodic incidents to continuous, persistent pressure. Traditional security operations centre (SOC) models can’t endure. Defender capacity and cognitive fatigue will become primary risks and vulnerabilities.
6. The attackers AI innovation advantage
Attackers will rapidly experiment with and leverage Mythos faster than defenders, widening the gap between attackers’ “fail-fast” innovation and defenders’ “high-assurance” requirements.
Advanced offensive AI models have drastically lowered the entry barrier for threat actors. Low-skilled adversaries can now launch campaigns at a scale and sophistication once exclusive to nation states. The result is a dramatic reduction in the window between vulnerability identification and exploitation. In 2018, the average time between disclosure and active exploitation was about two years. Today, this window has shrunk to less than 24 hours, leaving defenders with minimal time to patch, test, and deploy mitigations.
In this context, Anthropic’s release of Claude Mythos Preview represents what advanced AI models can do. Mythos can identify vulnerabilities, misconfigurations, and chain multiple weaknesses to execute cyberattacks. Tasks that previously required skilled cyber professionals with specialist tools can now be automated and expedited using Mythos, accelerating the compression in attacker timelines described above.
Recognising the dual-use potential of these capabilities, Anthropic has restricted access to the model and launched Project Glasswing, a cross-industry initiative that enables trusted partners to fortify critical software while broader release is delayed until defences mature.
Even if Mythos remains restricted for now, it should be seen as a precursor of what’s to come. Other actors will pursue similar capabilities, and misuse of mainstream models like ChatGPT and Gemini already enables practical exploitation of known vulnerabilities today. Most enterprise exposures are not zero-days; they are often known vulnerabilities compounded by misconfigurations and identity weaknesses that agentic AI can now exploit at scale. For instance, AI-enabled phishing campaigns exploit common identity weaknesses and misconfigurations like token theft and weak authentication setups, rather than relying on zero-day vulnerabilities.
"Models like Mythos will speed up how quickly organisations need to spot, fix, and react to issues. As advanced AI capabilities become more accessible, staying resilient will hinge on being able to see clearly, act swiftly, and address issues before they escalate into significant problems."
Pat Moran, PartnerAdvanced AI models are compressing cyber timelines and increasing pressure on traditional defence models. Exploited high- and critical-severity vulnerabilities more than doubled from 71 in 2024 to 146 in 2025, while the median time from vulnerability publication to inclusion in the CISA Known Exploited Vulnerabilities catalogue fell from 8.5 days to 5.0 days.
In this environment, organisations can’t wait for the next incident to test their resilience. Defending in the age of Advanced AI requires a proactive, layered approach across people, processes, and technology. The priorities below outline practical actions leadership teams can take to enhance visibility, reduce exposure, and respond with greater speed and confidence.
1. Establish full visibility and prioritise what matters most
Maintain an up-to-date view of critical systems, data, identities, and third-party dependencies. Connect technical assets to the business services they support, so leaders can see where disruption would matter most. Prioritise remediation on the assets and exposures that could create the greatest operational, financial, regulatory, or reputational impact.
2. Focus on the fundamentals
Strengthen the controls that limit preventable compromise. Accelerate risk-based patching, enforce multi-factor authentication, reduce unnecessary external exposure, and review privileged access. Segmentation, Zero Trust principles, and egress filtering can help limit the blast radius when an attacker gains access. These basics become more important as Advanced AI increases the speed and scale of threat activity.
3. Be ready to respond at machine speed
Review whether vulnerability management and incident response processes can keep pace with faster-moving threats. Automate where it improves speed and consistency, including containment, identity control changes, alert enrichment, and escalation. The goal is not to remove human judgement, but to ensure teams can act quickly when exposure becomes active.
4. Leverage Advanced AI for defence
Use Advanced AI to strengthen cyber operations, not only to monitor emerging threats. Advanced AI models can support vulnerability discovery, code review, alert triage, threat intelligence analysis, and incident summarisation. Anthropic’s Project Glasswing shows how advanced models like Claude Mythos Preview are already being used by selected partners for defensive security work, including finding and fixing vulnerabilities in critical software.
5. Prepare for containment, not just prevention
Assume some vulnerabilities won’t be patched before attackers test them. Build response plans that focus on detection, isolation, and recovery as well as prevention. This includes rehearsed playbooks, clear decision rights, tested backup and recovery processes, and the ability to isolate affected systems quickly without causing unnecessary disruption to the wider business.
6. Manage third-party supplier risk
Assess whether critical suppliers, particularly SaaS and technology providers, can manage vulnerabilities at the pace now required. Review contractual obligations, incident notification processes, evidence of patching discipline, and dependency on subcontractors. Supplier resilience should be treated as part of the organisation’s own cyber resilience, not as a separate procurement exercise.
7. Engage the board
Reframe board-level cyber conversations around exposure, speed, and resilience. The core questions should be: What are our most material cyber exposures? How quickly can we respond if they become active? How resilient are our critical services in an advanced AI model-driven threat environment? This moves the discussion from technical reporting to business readiness.
8. Address the human layer
Refresh cyber awareness for an environment shaped by phishing, deepfakes, and more convincing social engineering content generated by advanced AI models. Traditional training should be reinforced with practical verification behaviours, clearer escalation routes, and targeted education for high-risk roles. People should also be equipped to use advanced AI-driven security tools responsibly, with appropriate judgement, governance, and oversight.
We can help organisations respond to advanced AI-driven cyber risk by turning exposure into practical action. We support AI-accelerated assessments to identify exploitable vulnerabilities, unpatched systems, and areas of heightened zero-day risk.
We help close priority gaps through modern vulnerability operations, agent-enabled security workflows, automated containment, and tested response plans. We also strengthen the fundamentals that limit cyber impact, including Zero Trust, segmentation, and identity and access management.
As expectations evolve, we help leadership teams design governance frameworks that meet regulatory, board, and auditor requirements while enabling responsible, advanced AI-powered cyber defence. To learn more about your cybersecurity challenges and opportunities, contact us today.
Strengthen resilience and accelerate response in a fast-changing world.
How Irish firms are adapting to new cybersecurity threats.
{{item.text}}
{{item.text}}
Menu