{"id":8373,"date":"2026-06-04T07:00:00","date_gmt":"2026-06-04T07:00:00","guid":{"rendered":"https:\/\/cybersecurityinfocus.com\/?p=8373"},"modified":"2026-06-04T07:00:00","modified_gmt":"2026-06-04T07:00:00","slug":"beware-the-son-of-mythos-security-experts-warn","status":"publish","type":"post","link":"https:\/\/cybersecurityinfocus.com\/?p=8373","title":{"rendered":"Beware the \u2018son of Mythos,\u2019 security experts warn"},"content":{"rendered":"<div>\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<div class=\"container\"><\/div>\n<p>LONDON \u2014 Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to their frontier AI models for vulnerability discovery.<\/p>\n<p>Anthropic, in particular, is significantly expanding <a href=\"https:\/\/www.csoonline.com\/article\/4155342\/what-anthropic-glasswing-reveals-about-the-future-of-vulnerability-discovery.html\">Project Glasswing<\/a>, its scheme to provide select organizations with access to Claude\u00a0Mythos, an AI-powered vulnerability discovery tool that many industry observers and practitioners believe <a href=\"https:\/\/www.csoonline.com\/article\/4158117\/anthropics-mythos-signals-a-structural-cybersecurity-shift.html\">signals a structural shift for cybersecurity<\/a>.<\/p>\n<p>After initially granting access to around 50 organizations in April, <a href=\"https:\/\/www.csoonline.com\/article\/4180265\/anthropic-grants-project-glasswing-access-to-150-more-companies-with-a-focus-on-critical-infrastructure.html\">Anthropic is now adding roughly 150 more vetted partners<\/a> to its program.<\/p>\n<p>In a parallel development, OpenAI reportedly has offered nine major UK banks access to its cybersecurity AI tool, GPT-5.5 Cyber.<\/p>\n<h2 class=\"wp-block-heading\">Prepare for the son of Mythos<\/h2>\n<p>Speaking at Infosecurity Europe, <a href=\"https:\/\/www.infosecurityeurope.com\/en-gb\/conference-programme\/speakers\/speaker-details.4886.159602.gunter-ollmann.html\">Gunter Ollmann<\/a>, CTO at penetration testing and security services firm Cobalt, said frontier AI models from Google and <a href=\"https:\/\/www.csoonline.com\/article\/4170818\/what-happens-when-chinas-ai-catches-up-to-mythos.html\">two from China are not far behind<\/a> in their capabilities.<\/p>\n<p>\u201cSecurity teams should prepare for the son of Mythos,\u201d said Ollmann. \u201cThese frontier AI tools are still restricted in their access, but they are only going to get cheaper as we go along.\u201d<\/p>\n<p><a href=\"https:\/\/www.ncsc.gov.uk\/person\/paul-chichester\">Paul Chichester<\/a>, director of operations at the UK\u2019s National Cyber Security Centre (NCSC), backed up this assessment by citing estimates that China was eight months behind. Misuse of frontier AI models represents a threat while also offering defenders the opportunity to push additional costs onto adversaries, Chichester told Infosec Europe delegates.<\/p>\n<p>\u201cOrganisations can use AI to write better code and look for vulnerabilities,\u201d said Chichester, who added that frontier AI tools have the potential to democratise security assessments and penetration testing.<\/p>\n<p>Organisations should improve cybersecurity by hardening access controls and running <a href=\"https:\/\/www.csoonline.com\/article\/518982\/tabletop-exercise-scenarios.html\">incident response exercises<\/a>, Chichester advised.<\/p>\n<p>Daniel Wilcock, threat intelligence analyst at managed security services firm Talion, warned that organisations that fail to explore advanced AI risk falling behind those that are using the technology to accelerate vulnerability discovery and security operations.<\/p>\n<p>\u201cAdvanced AI platforms are already being used by malicious threat actors, and all organisations must be prepared for this,\u201d Wilcock warned.<\/p>\n<h2 class=\"wp-block-heading\">Exploit chains<\/h2>\n<p>Ollmann told CSO that AI is far from replacing security experts such as penetration testers.<\/p>\n<p>\u201cThe combination of AI-driven analysis and human expertise is proving far more effective than either operating alone,\u201d Ollmann said. \u201cThe organizations that benefit most from these advances will be the ones that can rapidly validate, prioritize, and remediate the issues being discovered before attackers find them first.\u201d<\/p>\n<p>Ollmann added: \u201cMythos\u00a0appears to be operating with a level of software access and analysis flexibility that most commercial security researchers and testing platforms don\u2019t typically have, including the ability to examine code and behaviours that may otherwise be restricted by licensing or terms of service. That creates a unique opportunity to identify classes of vulnerabilities that conventional testing approaches often miss.\u201d<\/p>\n<p>For example, Mythos makes it easier to chain together several medium severity vulnerabilities to create a high impact risk.<\/p>\n<p>The topic of AI flaw-chaining was also central to a panel on Mythos at the recent <a href=\"https:\/\/event.foundryco.com\/cso-conference-awards\/\">CSO Cybersecurity Awards and Conference<\/a> in the US.<\/p>\n<p>\u201cWhen we\u2019re doing threat modeling, we have some sense that these are the known vulnerabilities that we are modeling against and here\u2019s where we think we are weak, and that kind of goes away with chaining multiple vulnerabilities,\u201d <a href=\"https:\/\/event.foundryco.com\/speaker\/jim-reavis\/\">Jim Reavis<\/a>, CEO and co-founder of Cloud Security Alliance (CSA) told attendees. \u201cCVSS scoring, it seems like that\u2019s not super relevant anymore.\u201d<\/p>\n<p>Jon Yeoh, chief scientific officer at CSA, agreed, touching on the \u201cson of Mythos\u201d threat as well.<\/p>\n<p>\u201cIt\u2019s not just about Anthropic. It\u2019s about what these next-generation AI will be doing,\u201d he said. \u201cThis is a major step change in what AI can do.\u201d<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>LONDON \u2014 Enterprise security teams were urged by security experts at Infosecurity Europe to brace for impact as both Anthrophic and OpenAI expand access to their frontier AI models for vulnerability discovery. Anthropic, in particular, is significantly expanding Project Glasswing, its scheme to provide select organizations with access to Claude\u00a0Mythos, an AI-powered vulnerability discovery tool [&hellip;]<\/p>\n","protected":false},"author":0,"featured_media":8374,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[],"class_list":["post-8373","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-education"],"_links":{"self":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8373"}],"collection":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=8373"}],"version-history":[{"count":0,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/posts\/8373\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=\/wp\/v2\/media\/8374"}],"wp:attachment":[{"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=8373"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=8373"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecurityinfocus.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=8373"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}