{"id":8281,"date":"2026-05-27T09:00:00","date_gmt":"2026-05-27T09:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8281"},"modified":"2026-05-27T09:00:00","modified_gmt":"2026-05-27T09:00:00","slug":"the-nsa-mythos-and-the-quiet-emergence-of-ai-cyber-doctrine","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8281","title":{"rendered":"The NSA, \u2018Mythos\u2019 and the quiet emergence of AI cyber doctrine"},"content":{"rendered":"
\n
\n
\n
\n
<\/div>\n

For most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at identifying a vulnerability, faster at patching, faster at detecting, faster at responding. The last few months have made me reevaluate that framing. Speed still matters. It just no longer carries the picture on its own. Scale and autonomy have moved alongside it, and the relative emphasis I place on the three is something I expect to keep adjusting. When I read recent coverage of the US government\u2019s deepening use of advanced AI for cyber operations, Anthropic\u2019s Claude Mythos Preview disclosure<\/a> and the wave of defensive AI being built in response, I recognized the pattern. It fits the pattern of doctrine forming.<\/p>\n

Doctrine rarely arrives through formal announcements in this field. It emerges through repeated behavior, through choices made under operational pressure, through what capable actors do when no one is telling them to stop. That is where I believe we are now.<\/p>\n

From tools to operational capability<\/h2>\n

I remember when cyber operations lived inside scripts. They moved into frameworks, then into automated pipelines, then into what we somewhat optimistically called orchestration. Each step compressed time and lowered required expertise. Frontier AI is starting to look to me less like the next step in that sequence and more like a different thing.<\/p>\n

What seems to separate frontier AI from the automation we have lived with, in what I have seen so far, is less about efficiency and more about independence. A model that can conduct reconnaissance across an unbounded attack surface, identify vulnerabilities without predefined signatures, assist in exploit chaining and adapt based on feedback feels less like enhancing an analyst\u2019s workflow and more like operating with reduced human constraint. That shifts the economics of offense in ways that break assumptions most security programs still quietly rely on.<\/p>\n

The Mythos Preview disclosure made the shift concrete. The model reportedly surfaced thousands of high-severity vulnerabilities, including findings in every major operating system and web browser, and chained multiple vulnerabilities into novel attacks with limited human direction. A specific example that landed for many readers was a 17-year-old remote code execution flaw in the FreeBSD NFS server (CVE-2026-4747), which Mythos identified and exploited autonomously after a single prompt. The defensive coalition Anthropic assembled under Project Glasswing<\/a> includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, with extended access reaching more than forty additional organizations responsible for critical software infrastructure, backed by roughly $100M in usage credits and $4M in donations to open-source security work. That is not a marketing exercise. It is a coordinated reaction to a threat model that has already moved. The fact that the coalition is now drawing antitrust scrutiny is itself a signal: This is no longer experimental.<\/p>\n

The line that stayed with me from Anthropic\u2019s own writeup was that the model could execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously, completing in hours what would take human professionals days. Pair that with multiple frontier models from OpenAI now operating at the \u201cHigh\u201d cybersecurity threshold under its Preparedness Framework, including a defender-permissive variant (5.4-Cyber) built specifically for verified security teams, and with the disclosed incident of GTG-1002<\/a>, the Chinese state-sponsored actor Anthropic publicly attributed in November 2025, jailbreaking Claude Code (by fragmenting tasks and posing as a defensive testing employee at a legitimate cybersecurity firm) to automate 80 to 90 percent of an operation that touched roughly 30 global targets and successfully breached four, and the trajectory stops being speculative. It is observable. The November 2025 GTG-1002 disclosure already touched regulated sectors, including financial institutions and chemical manufacturing, and AI-assisted pre-positioning against critical infrastructure is now documented in nation-state activity reports. The named, attributed, high-impact incident that will make this concrete to a board has not yet occurred publicly. The pattern is no longer hypothetical.<\/p>\n

The doctrine forming in plain sight<\/h2>\n

Policy frameworks are still catching up. Reporting from Defense One<\/a> over the past weeks makes clear that the US government is actively procuring AI-enabled vulnerability scanning, exploit development, threat data analysis and covert cyber infrastructure. The signal has now moved from procurement to codified policy: The FY 2026 NDAA directs the Department of Defense to develop an AI cybersecurity framework and incorporate it into DFARS and the CMMC program. Former senior NSA voices are discussing openly how AI reshapes offensive operations. The White House cyber posture has shifted toward more explicit offense, and that posture is being matched by capability. The experimental phase is over. We are in the operational one.<\/p>\n

When a state-level actor integrates a new class of capability into live operations, doctrine follows. It does not get announced. It gets revealed through what targets are hit, how fast, at what scale, with what level of human oversight. The early outlines of AI cyber doctrine are already visible if you read the signals together.<\/p>\n

Speed over stealth is the first. In an environment where exploit windows compress from weeks to hours, operating faster than a defender can respond is often more valuable than remaining undetected. That reverses the stealth-first operational model that shaped two decades of advanced persistent threat thinking.<\/p>\n

Adaptive systems over static controls is the second. Playbooks that assume attacker behavior will repeat are already brittle. Phishing becomes dynamic. Malware morphs faster than signatures. Attack chains execute inside the time required to schedule an incident bridge. Defense either learns and adjusts, or it absorbs.<\/p>\n

Probabilistic defense is the third. Zero-loss security was always a marketing ideal rather than an operational target, but the mismatch is now acute. The realistic objective is bounded loss: Assume continuous low-level compromise attempts are occurring, and optimize for detection, containment and minimized blast radius. I have had that conversation with peers more times in the last quarter than in the previous three years combined.<\/p>\n

These are not constructs I am importing from a policy paper. They are the operational principles I see other security leaders quietly adopting because the environment does not offer another option.<\/p>\n

Underneath those principles sits an economic shift I keep coming back to. Historically, attackers were constrained by three things: time, cost and expertise. AI compresses all three simultaneously. The NCSC\u2019s most recent analysis frames the shift in concrete terms: In early 2026, the best frontier model completed nearly six times more attack steps on a realistic simulated enterprise attack than the best model eighteen months earlier, and a full attempt now costs around \u00a365. Reconnaissance is continuous rather than episodic. Vulnerability discovery scales beyond any human team. Attack generation is iterative and cheap. Defense, meanwhile, is still indexed to human speed and decision-making. Offense is operating at machine speed and scale, while defense is still paging analysts during incidents. That is the imbalance. What I\u2019m seeing reads less like a tooling gap and more like a model mismatch.<\/p>\n

The UK National Cyber Security Centre\u2019s recent analysis<\/a> of defensive advantage against frontier AI captured something I have struggled to articulate to my own executive stakeholders: defensive advantage is not a static condition. It has to be actively retained against a capability frontier that is moving faster than most governance structures can accommodate. Organizations that treat AI as an enhancement layer will be outpaced by organizations that treat it as a structural change to how security is designed.<\/p>\n

What I think leaders should actually do<\/h2>\n

Three things, and I do not consider any of them optional.<\/p>\n

1. Treat AI agents as security principals<\/h3>\n

Any autonomous or semi-autonomous AI system with access to sensitive systems, data or workflows needs the governance posture applied to privileged users. Identity, access control, behavior monitoring, audit. If an AI agent can act, it can cause harm, and it has to be governed accordingly. Calling it a tool absolves no one, and the scariest version of this problem is an internally sanctioned AI agent with broad access that nobody has scoped as a principal. This recommendation is no longer outside the consensus. NIST\u2019s Center for AI Standards and Innovation formally launched the AI Agent Standards Initiative<\/a> in February 2026, the NCCoE has issued a concept paper on software and AI agent identity and authorization, and identity vendors, including Okta, Microsoft and Google, have shipped first-class agent identity primitives. The line is drawn. The question is whether you cross it now or after an incident forces it.<\/p>\n

2. Invest in adaptive defense rather than incremental detection<\/h3>\n

Adding another static-signature layer to an environment where attackers iterate at machine speed is mostly theater at this point. The investment that produces compounding returns is in defenses that learn, including the capacity to run AI-driven detection and response inside the seams where human review cycles used to live. That requires hard choices about where to reduce analyst toil, where to accept probabilistic outputs and where human judgment is still the right bottleneck.<\/p>\n

3. Reframe the risk model<\/h3>\n

Build the program on the assumption that continuous low-level compromise attempts are the normal operating condition rather than the exception. The rare high-impact event framing is a residue of a threat environment we no longer live in. Budgets, metrics and executive conversations should reflect that shift. Board reporting built around annualized loss expectancy will not survive contact with an adversary operating on hour-long cycles.<\/p>\n

For years I told my teams that the advantage in cyber went to whoever had the better tools. I was wrong, or at least incomplete. The advantage now goes to whoever adapts faster. Governments are already integrating these capabilities into live operations. The doctrine is not coming. It is forming, quietly, operationally and in plain sight. The question is whether defenders will recognize it in time to shape their side of it.<\/p>\n

This article is published as part of the Foundry Expert Contributor Network.<\/strong>
Want to join?<\/a><\/strong><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"

For most of my career running security operations, the shape of cyber conflict has been defined by who could move faster than the other side. Faster at identifying a vulnerability, faster at patching, faster at detecting, faster at responding. The last few months have made me reevaluate that framing. Speed still matters. It just no […]<\/p>\n","protected":false},"author":0,"featured_media":8282,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8281","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8281"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8281"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8281\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8282"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8281"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8281"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8281"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}