AI security frontier: what it means for your organisation

Equal Experts is advising customers to urgently assess their ability to respond to software vulnerabilities and automated cyber attacks, following recent advances in frontier AI models like Anthropic’s Mythos Preview model.

These models are significantly reducing the cost and effort required to find vulnerabilities and carry out cyber attacks.

AI models can now:

• Identify vulnerabilities in code quickly and at scale
• Execute complex attack chains automatically, without deep expertise
• Launch attacks at very low cost

This shifts the balance between attack and defence and will severely test existing security controls.  Attacks that used to be difficult and expensive are now becoming fast, cheap, and repeatable.

What you should do now:

Anthropic’s Project Glasswing introduces an immediate and concrete risk.  It is likely to trigger a surge of high-severity vulnerabilities across widely used software.

• $100M of Mythos model credits are being invested to identify vulnerabilities in foundational software (e.g. Linux and other widely used components)
• Vulnerabilities will be publicly disclosed before 7th July 2026
• A large volume of high and critical issues is expected across software used by most organisations.

To respond effectively and without massive disruption, three capabilities are critical:

• Software bill of materials (SBOM) – to quickly identify vulnerable components
• Rapid Patch and release capability – to rapidly mobilise teams, fix, and deploy changes to production
• AI-assisted security analysis – use LLMs to identify vulnerabilities in your own systems before attackers do

If you don’t currently have confidence in these capabilities then prioritise this now.

What to prepare for next

As these AI models become more widely available, you should expect more frequent and sophisticated attacks.  Once an attacker gains an entry point, movement through systems will be significantly faster than today.

The attack techniques themselves haven’t changed, but the speed and scale have. Any weakness in your controls will be far more likely to be exploited.

Focus on assessing and strengthening these fundamental controls:

• Access controls – eliminate excessive permissions
• Vulnerability Management – reduce time to remediate
• Hardening & Attack Surface Reduction – limit exposure and attack paths
• Logging and detection – handle higher volume and pace of attacks
• Incident response – respond quickly, automatically and at scale
• Defensive use of AI – AI-assisted security assessments, incident detection and response.

Organisations with strong fundamentals will remain resilient. Those without will struggle to keep up and expose themselves to a higher risk of successful attack and business disruption.

Get in touch

If you’d like help understanding your exposure or strengthening your controls, we can connect you with an Equal Experts security specialist working with clients to solve these challenges today.

For a no-obligation conversation, speak to your Equal Experts contact or email hello@equalexperts.com.