Claude Mythos Preview and other AI tools are reshaping cybersecurity risks and defenses. Key takeaways include the following:
CIOs see AI-driven threats, including tools such as Claude Mythos, as urgent rather than future risks.
Security teams are moving from periodic checks to constant monitoring and faster fixes.
Companies are using AI in coding, threat detection and incident response.
Security is shifting to automated systems that work continuously and respond quickly.
Fully automated security centers are still seen as overhyped for now because humans are still needed.
Companies are starting to manage shadow AI use because it can create new security risks.
IT leaders must be skeptical of AI vendor claims.
Technological breakthroughs are often double-edged swords. AI in security is no exception.
In April 2026, Anthropic announced Claude Mythos Preview, a general-purpose AI model the company said performed unusually well at identifying and exploiting software vulnerabilities. The company said it would not release the model but instead launch Project Glasswing -- an effort to study the model in real-world security settings and strengthen defensive readiness. The episode highlights a growing paradox in cybersecurity: the same advances that strengthen defenders can also accelerate the pace of exploitation.
CIOs and security leaders are responding to Mythos Preview and similar AI-driven threats by treating them as immediate risks rather than future concerns. They are replacing periodic scans and manual response processes with continuous monitoring, faster vulnerability remediation and greater visibility into how employees use AI tools. Together, these changes reflect a shift from periodic, human-driven security operations to automated systems that continuously detect and respond to threats faster than humans alone.
"We used to build walls, control those walls and respond to alerts. That's all changing. You can't build a wall high enough to prevent penetration. The new posture … needs to be continuous, adaptive and intelligence-driven," said Sean Safieh, CIO of global platforms and digital solutions at Sedgwick, a global claims management company.
How Mythos affects cybersecurity
AI has reshaped cybersecurity on both sides of the threat equation. It helps attackers find and exploit vulnerabilities while giving defenders new tools to detect and respond to threats.
How Mythos could help attackers
Since the advent of ChatGPT in late 2022, large language models (LLMs) and other AI systems have helped attackers craft phishing campaigns, generate deepfakes and find vulnerabilities in code. This shift has increased pressure on security teams, which now face faster-moving threats.
"We have seen [AI] make the barrier to entry for a threat actor much smaller. It can do simple things, like write really good emails, but also produce code that can launch a threat," said Matt Watkins, CIO of IMA Financial Group, an insurance brokerage firm.
As if the current landscape wasn't challenging enough, the newest breed of LLMs may be more effective at exploiting vulnerabilities than older ones. For example, Mythos Preview generated working exploits 181 times against Firefox JavaScript vulnerabilities, compared with just two for Anthropic's earlier model -- Opus 4.6 -- across several hundred attempts, according to Anthropic's internal testing. Additionally, in tests across about 7,000 open source code entry points, Mythos Preview fully compromised 10 patched systems -- something Opus 4.6 had not managed.
If Anthropic's results are accurate, this will greatly affect security teams. Attackers could turn newly discovered vulnerabilities into working exploits much faster, compressing the time defenders have to respond.
How Mythos could help defenders
Advanced AI models don't just help attackers, though. They can also help defenders detect vulnerabilities earlier in the development cycle and automate parts of incident response, such as identifying suspicious behavior, prioritizing alerts and isolating compromised accounts. This aligns with the intent behind Project Glasswing, which applies Mythos Preview in controlled environments to strengthen critical systems and improve defensive practices.
Defensively, [AI] is an opportunity for us to leverage, but attackers are using it and closing the gap.
Sean SafiehCIO, global platforms and digital solutions, Sedgwick
Still, attackers have an inherent advantage over defenders. They only need to find and exploit a single weakness, while defenders must identify and fix every weakness across a constantly expanding attack surface.
"Defensively, [AI] is an opportunity for us to leverage, but attackers are using it and closing the gap," Safieh said.
Hype vs. reality
Anthropic has received a lot of attention since announcing Claude Mythos Preview and Project Glasswing. This has led critics to question whether the framing around Mythos reflects a genuine security concern or is merely a fear-based marketing tactic Anthropic used to gain attention.
Although CIOs acknowledge there may be some hype here, the overall take is that it's better to be safe than sorry.
"I don't think it's a complete set of fearmongering. We all have to be aware of the potential possibilities of this doing what they say it can do," Safieh said.
However, CIOs and analysts widely view the idea of fully autonomous, agentic AI-powered security operations centers (SOCs) as overhyped. While organizations increasingly use AI to assist with threat detection, triage and response, these systems still struggle to reliably make the nuanced decisions human analysts make every day.
"These are very real things. What's overhyped is how easy they are," said Fred Chagnon, principal research director at Info-Tech Research Group.
Security teams still rely heavily on human judgment, especially when they deal with incomplete, noisy or ambiguous data. Before enterprises can fully automate SOC workflows, organizations must first codify the decision-making processes that experienced human analysts use instinctively, Chagnon said.
Cyberthreats throughout history
The cybersecurity threat landscape has never been static. Each major wave of technology adoption has reshaped how organizations think about exposure, perimeter control and risk management. On-premises infrastructure, mobile devices and cloud environments each forced security teams to rethink what it means to defend a system.
"When I moved to cloud, my systems were much more reachable. I had a greater attack surface there. Mobile shifted my perimeter, and things weren't protected in my big, giant firewall anymore, so I had to think about different exposures there," Chagnon said.
The vibe coding thing has taken off for us internally, so we're trying to figure out how to handle that.
Matt WatkinsCIO, IMA Financial Group
These shifts consistently expanded the attack surface and forced organizations to adapt their defensive models. Cloud introduced more distributed infrastructure and external dependencies, while mobile eliminated the concept of a fixed enterprise perimeter, pushing security toward identity, access control and endpoint-level protection.
AI, however, represents a different kind of shift. Rather than just creating a new category of exposure, it accelerates the discovery and exploitation of existing weaknesses across already connected and exposed systems, Chagnon said.
At the same time, CIOs are beginning to see AI change how employees interact with enterprise systems in ways that are harder to monitor and govern. AI tools let users create new applications, workflows and data flows outside traditional security boundaries. This broadens the scope of what organizations need to monitor in practice.
"I now have users going out and using AI, and I'm not always sure what information they're sharing. The vibe coding thing has taken off for us internally, so we're trying to figure out how to handle that. I have users standing up new applications and putting data in and doing who knows what with it," Watkins said.
AI as both risk and defense
AI sits on both sides of the cybersecurity equation. It can accelerate attackers' vulnerability discovery, but vendors and experts also position it as a way to defend against threats. Security leaders face the challenge of using AI to strengthen defenses while managing the technology's additional risks.
Security teams have historically been cautious about adopting new technologies quickly, and AI is no exception. Many security leaders approach it with more skepticism than other parts of the business, largely because their mandate is to reduce risk rather than experiment with it.
"Security leaders are probably the most distrustful of AI in the entire organization. These are very risk-averse people," Chagnon said.
However, those same leaders acknowledge that AI is already reshaping both offense and defense. While it introduces new challenges, it also offers capabilities that traditional security tooling has struggled to match, such as faster pattern detection across systems and more automated responses to emerging threats.
"AI is the greatest tool that we can use to defend ourselves," Chagnon said.
The tension between AI skepticism and necessity is shaping how organizations think about AI in security. It's not a replacement for existing practices but a capability that organizations must integrate into them.
Defense through development
Organizations are increasingly embedding AI directly into the software development lifecycle, building security into coding, testing and operational workflows rather than addressing it after deployment.
One of the clearest early use cases is vulnerability discovery in code. Security teams see AI systems as particularly effective at analyzing software at scale and surfacing weaknesses that human reviewers might miss.
"It's making it easier to find the vulnerabilities … That's essentially what the good part about Mythos and Project Glasswing is all about. It's about finding code and finding weaknesses," Chagnon said.
Beyond code analysis, organizations are using AI to detect unusual behavior patterns across systems and users. These models can correlate signals -- such as login behavior, access patterns and downloads -- that previously sat in separate tools, to surface activity that would otherwise be difficult to detect.
In some cases, AI systems take action rather than only surface alerts. For instance, they can isolate accounts, block activity or contain threats in real time, Watkins said. This reduces response times and helps security teams move faster than with manual workflows.
A growing area of experimentation is proactive scanning during major changes, such as acquisitions or system integrations. Instead of waiting for audits or incidents, AI tools can rapidly map risk exposure across infrastructure and highlight configuration gaps or missing controls.
"We're piloting a tool now that when we do a new acquisition, it can go in and do a full scan of the environment. It's almost like an automated penetration test of 'What do I need to worry about? Where is multifactor authentication not in place? Where do I have vulnerabilities?'" Watkins said.
6 cybersecurity tips for the AI era
Many CIOs are updating how they run security operations to keep up with AI-powered threats. They are shifting away from manual, reactive work and toward automated systems that detect, prioritize and respond in real time.
1. Shift security from human reaction to automated systems
AI is pushing CIOs to move away from security models that depend on manual alert reviews. Instead, they are beginning to treat security operations as engineered systems -- where automation handles first-pass detection and response, and humans focus on designing, tuning and improving those systems.
If we think about the future of threat detection, it's not humans looking at alerts and reacting to them.
Fred ChagnonPrincipal research director, Info-Tech Research Group
This shift reframes security teams less as operators in the loop and more as engineers building intelligent, self-adjusting workflows. The goal is not to remove humans, but to stop relying on them for real time decision-making that machines can handle faster.
"If we think about the future of threat detection, it's not humans looking at alerts and reacting to them. It's humans working on a system that looks at alerts and reacts to them," Chagnon said.
2. Move from periodic scans to continuous security monitoring
Security operations can no longer rely on periodic scans, scheduled audits or weekly reporting cycles. The speed at which vulnerabilities emerge -- and AI accelerates their discovery -- forces organizations into continuous monitoring and enforcement models.
CIOs are beginning to treat vulnerability management and compliance as always-on processes. Instead of producing reports that someone later acts on, systems must detect issues, evaluate them and trigger remediation workflows in real time.
"It can't be daily or weekly scans and then sending reports to somebody else to deal with it. It's got to be continuous," Chagnon said.
3. Close the gap between detection and remediation
Organizations have become good at identifying vulnerabilities, but much weaker at fixing them quickly. That gap is becoming more dangerous as the time between discovery and exploitation shrinks.
To close this gap, CIOs should treat remediation as part of the same operational pipeline as detection, Chagnon said. Instead of routing vulnerabilities into static queues or dashboards, they can push them into systems that prioritize, assign and resolve issues with the same urgency as active incidents.
"If I can find vulnerabilities and exposures, that's great. But how do I fix that? This is where a lot of organizations are still challenged," Chagnon said.
4. Design for resilience, not perimeter defense
Traditional security models assumed organizations could build strong perimeters to prevent most breaches. That assumption no longer holds, Safieh said. Modern environments are too distributed, and attack surfaces are too dynamic.
CIOs are shifting toward resilience-based models that assume breaches will happen and prioritize detection speed, containment and recovery. Threat intelligence is becoming a core operational function rather than something analysts review separately from security operations.
5. Govern AI use as part of the attack surface
AI is not only changing external threats; it is expanding the internal attack surface. Employees now build applications, process data and experiment with tools that often sit outside traditional governance frameworks.
CIOs are increasingly concerned about which AI tools employees use, what data flows into them and what systems employees build without central oversight, Watkins said. To manage this risk, IT leaders should create governance frameworks that monitor AI tools, data usage and employee-built applications across the enterprise.
6. Treat vendor claims with skepticism
As AI security tools proliferate, CIOs are becoming more cautious about vendor promises. The speed of innovation has outpaced many organizations' ability to validate claims, especially those related to autonomous security capabilities. IT leaders should tighten evaluation processes and test tools more rigorously to avoid deploying systems that fail under real conditions.
"I would caution everyone in the community to be skeptical about what vendors promise, and ensure a solution works and makes sense, versus trusting blindly," Safieh said.
Tim Murphy is a site editor and writer for the IT Strategy team at TechTarget.
