The Mythos Brief: Vulnerability Discovery Just Went Exponential

If you saw the Mythos headlines over the weekend and filed them under “another AI safety story,” close that tab. That’s not what this is.

Mythos is not what you think it is.

Mythos isn’t a story about AI misbehaving or going rogue. It’s a story about how fast vulnerabilities in real software can now be discovered. Anthropic’s Mythos demonstrated zero-day discovery at previously impossible scale. Project Glasswing took that capability and gave fifty critical-infrastructure companies a head start on patching what they were about to be attacked through.

Thousands of novel zero-days, surfaced in weeks, against codebases that had been professionally audited. That’s the actual headline.

This is a race between defense and attack, not a safety story.

The asymmetry just flipped the wrong way.

Before. A skilled human attacker needs weeks, sometimes months, to find a usable zero-day in a serious codebase. Dependency trees get audited once a year, if that; pen tests are quarterly, scoped, and tell the team what was broken the day the pentester ran. SAST catches the obvious stuff, misses the rest, and nobody triages the backlog.

After. A model can discover a zero-day in minutes. The fifty Project Glasswing companies got a courtesy window. Everyone else is now on the public clock — because the same capability, or a close-enough fork of it, is going to end up in the hands of people who aren’t sending disclosure emails first.

Be honest about where this lands hardest: it lands on companies that ship fast, have a real code surface, and don’t have a dedicated security team. That’s most of the AI-native SaaS market right now, and it’s almost certainly you.

What “defense at attacker speed” actually looks like.

Three shifts. None of them are optional anymore. All of them are tractable.

Vulnerability discovery has to run every time a PR lands, not every time an auditor shows up. The interval between “bug introduced” and “bug found” has to be measured in minutes.

Remediation has to ship as a PR with a passing test, on a branch you can review and merge. Not a Jira ticket. Not a quarterly roll-up. A diff.

What you fixed and when has to be signed and portable. Your customer, auditor, or regulator is going to ask. A screenshot of your dashboard is not an answer.

If your current stack doesn’t do all three, that’s the gap. Mythos changed the attacker clock; your runtime assurance program has to compress too.

What GLACIS does.

In plain English: GLACIS is an autonomous AI defender that covers the two places you actually get hit — your code and your models. Two surfaces. One evidence layer.

GitHub App + control plane

• • Scans code, dependencies, IaC, cloud, secrets, containers, APIs
• • Opens a PR on a dedicated branch with a passing test
• • You review, you merge, done
• • Runs on every PR, not every quarter

In-environment watcher

• • Inspects every model call inside your environment
• • Stops unsafe prompts, outputs, and tool calls before they land
• • <8ms overhead. Zero sensitive-data egress — nothing leaves the environment
• • Only a tamper-proof fingerprint exits

Both surfaces write signed OVERT 1.0 receipts. Same open standard. Same verifier. The receipt chain is the evidence. The moat, the thing that compounds, is that every receipt makes the next one more valuable — to you, to your customer, to the auditor you’re going to face.

The first assessment is free. It is an outside-in review of the AI-facing stack: exposed workflows, reachable attack paths, control gaps, and evidence gaps. We do not need access to model weights or private model internals, and we open the first fix as a PR. Findings and fixes are free; you pay — later, if at all — for the receipt chain.

Why the receipts matter more than the scan.

Here’s the part most vendors skip because it’s inconvenient to their pricing model: scans go stale. The report you got last month doesn’t prove anything about your system this week. The dashboard screenshot proves even less.

Receipts don’t go stale. Every time GLACIS fixes something, or stops something, it writes a cryptographically signed receipt. The receipts are chained — tampering is detectable. They’re externally verifiable — any third party can check a receipt without us in the loop. And they’re exportable — your SOC 2 and ISO 42001 evidence trail builds itself while you work.

This is why the real product is attestation, not scanning. Scanning is the ticket in. The receipt chain is what you’re actually going to need when a customer asks, an auditor arrives, or a regulator subpoenas the question: what was running, on what day, under what policy?

What to do on Monday.

One clear action, and it’s free. Start an assurance assessment. We’ll review your AI-facing stack, identify externally reachable exposure and control gaps, and open the first fix as a PR on a branch you own. Thirty minutes of your time.

Start the runtime security assessment

Outside-in assessment of your code, dependencies, IaC, cloud, and AI workflow boundaries. First fix opened as a PR. No model access required.

The Mythos headlines will keep coming. Your weekend shouldn’t.

Further reading

• Anthropic’s Project Glasswing announcement — the fifty-company disclosure window and the Mythos capability behind it.
• Bruce Schneier’s commentary — on what happens when offensive research becomes commoditised.
• OVERT 1.0 — the receipt standard used on both GLACIS surfaces. Open, verifiable, no lock-in.

Defense, at attacker speed.

Free assurance assessment of your AI-facing stack. First fix opened as a PR on a branch you own. Thirty minutes, signed receipts included.