After Mythos: what defenders actually need.

The day the asymmetry got named

On April 7, 2026, Anthropic announced Claude Mythos Preview. The model — held back from public release — had been used internally to find thousands of zero-day vulnerabilities across every major operating system and every major web browser. Mozilla's CTO called it "a world-class, elite security engineer." Anthropic formed Project Glasswing, a coalition with AWS, Apple, Microsoft, Google, CrowdStrike, Palo Alto Networks and roughly 40 other organizations, and committed $100M in usage credits.

A month later Dario Amodei used the words I keep coming back to: "moment of danger." He estimated a 6-to-12-month window before similar capabilities proliferate to other labs, and warned that the defenders' side of the asymmetry — patching, hardening, monitoring — was being compressed.

I want to write down what I think this actually means for those of us building defensive tools. Not the press-release version. The operational version.

The asymmetry, stated precisely

Offensive capability scales with model intelligence. A better model finds more vulnerabilities per hour of compute. Defensive capability scales with deployment and integration. A better model in your security team's hands does nothing until it's wired into a workflow that produces remediation.

This is the structural problem. The offense side gets a one-shot capability boost. The defense side needs every customer to install, configure, integrate, and trust a new tool — a process that historically takes 18 months for a F500 deployment and 6 months for a startup.

Dario's 6-12 month window is brutal precisely because it doesn't match defensive deployment cadence.

What the AISI evaluation actually said

The UK AI Safety Institute published its evaluation of Mythos Preview's cyber capabilities. The framing they used — "jagged frontier" — is the framing I think defenders should adopt internally. The model is not uniformly superhuman. It's superhuman in some cyber tasks (vulnerability discovery in well-tested codebases like browsers), close-to-human in others (chained exploit development), still mediocre in some (social-engineering-paired attacks).

The jagged frontier means defensive resource allocation has to be jagged too. We can't apply equal effort everywhere. The vulnerabilities Mythos finds in Firefox are largely patchable; Mozilla had a 300-finding triage queue at the time of Anthropic's disclosure and they are working it. The vulnerabilities Mythos finds in your custom internal apps written in 2019 by a team that's since left — those are not getting triaged at the same speed.

This is where BleedWatch lives. Not in the front line of zero-day patching for upstream browsers — Mozilla, Microsoft, Google have that. We live in the gap between the disclosure event and the propagated patch, scanning customer external surfaces continuously for whether the patch has actually landed, whether the artifact has been rebuilt, whether the registry tag has been refreshed.

What we shipped in response to Mythos

I'll be honest: the platform's response was less dramatic than the announcement deserved. We didn't ship a new module. We accelerated three things that were already on the roadmap.

Artifact-rebuild correlation. When a CVE is disclosed that affects a base image (ubuntu:22.04 patches a libcurl issue, etc.), we cross-reference every customer's published artifact against the disclosure timestamp. If a customer's image was built before the patch and they haven't republished, the finding promotes to high. This was a 60-day item on the roadmap; we moved it to two weeks.

MCP gateway audit log retention extended. SaintScan's audit table already retained execution evidence indefinitely. We added an explicit operational commitment: 7-year retention for any audit row tagged as part of a Mythos-window investigation. Procurement-grade evidence chain.

Detection-pattern responsiveness. Mythos found patterns we hadn't been watching for — specifically, certain classes of memory-safety mistakes that translate to network-observable behaviors at runtime. We added eleven new regex patterns to the scanner in the two weeks after the announcement, and adjusted the entropy thresholds on three existing patterns based on the public Mythos disclosure samples.

None of these are heroic. They're what you do when the threat surface changes and you happen to operate a detection product. The point is speed of response. A team of 50 would have shipped slower. That's the operating leverage we've talked about elsewhere.

What I think defenders should be doing

If you're reading this as a CISO or a security engineer, I want to give you four concrete actions worth this week, not next quarter.

1. Audit your patch-propagation pipeline. Mozilla shipped Firefox patches within days of Mythos disclosure. Did your team's Firefox-shipping artifact (a container, a packaged app, anything) rebuild within that window? Probably not. The gap between "upstream is patched" and "our artifact is patched" is where the real risk lives.

2. Inventory your AI-adjacent surface. CLAUDE.md, AGENTS.md, .cursorrules, MCP server configs — these files contain operational instructions that an adversary with model capability can read and adversarially exploit. If you haven't audited them in 30 days, you're behind.

3. Subscribe to advisories you actually need. Project Glasswing partner organizations are publishing on their own cadence. Microsoft's MSRC, CrowdStrike's CTI, AWS Security Bulletins. The signal-to-noise is mixed. Pick three. Read them weekly.

4. Pressure-test your remediation cadence. If a P0 vulnerability lands tomorrow, what's the time from disclosure to patched-in-prod? Measure it. The number will surprise you. The reason it'll surprise you is the same reason Dario is worried.

What we're betting on

The Mythos moment is the inflection point where AI-assisted offense becomes a category. The defensive response will take a generation of new tooling to catch up. BleedWatch is one of those tools. There will be others. Some of them will be better than ours at things we're bad at. That's how categories work.

The bet I'm making is that defenders need correlated, artifact-aware, AI-aware coverage that the incumbents weren't built to provide. The Mythos announcement validated the timing of that bet more clearly than anything I could have written into a pitch deck.

If you're working on the defensive side of this and want to compare notes, [email protected] reads carefully.