Falco Feeds extends the power of Falco by giving open source-focused companies access to expert-written rules that are continuously updated as new threats are discovered.
Five things CISOs should consider amid the rise of Anthropic Mythos, Project Glasswing, and the CSA's "AI Vulnerability Storm" briefing.
Attackers have officially crossed a Rubicon in cyber offense. While much is still unclear, new AI models have already significantly accelerated the pace at which threat actors can conduct operations and dramatically reduced the technical prowess necessary to upend the systems and software we all rely on.
Anthropic's Claude Mythos Preview, for instance, autonomously discovered and exploited zero-day vulnerabilities across every major operating system and every major web browser. It generated 181 working exploits from Firefox's JavaScript engine, where the previous frontier model produced two. It found a 27-year-old bug in OpenBSD and a 16-year-old flaw in FFmpeg that automated fuzzing tools had hit five million times without catching. An engineer with no formal security training asked the model to find remote code execution vulnerabilities overnight, and the next morning woke up to a complete, working exploit.
Before Roger Bannister broke the four-minute mile in 1954, nobody believed it was possible. Within two years, dozens of runners had done the same. The barrier was never physical. It was the belief that it couldn't be done. And just like 1954, what follows the leaps we’re seeing in AI technology won't be a single “runner.” It will be a field.
AI causes an exponential rate of change
Nicholas Carlini, a research scientist at Anthropic and a tenured, well-respected threat researcher, stated that Claude Opus 4.6 was already better at finding vulnerabilities than human security researchers, including himself. That was February, then Mythos launched in April. The trajectory is exponential, not linear. And these capabilities weren't explicitly trained, but emerged as a downstream consequence of general improvements in reasoning and code generation. Every frontier lab making their models smarter at coding is making them smarter at exploitation.
Current estimates from the security research community tracking the rate of improvement in both frontier and open-weight models put the timeline at 9 to 12 months before advanced cyber-reasoning capabilities become widely distributed.
Anthropic made the responsible call to restrict access to Mythos through Project Glasswing, but frontier capabilities proliferated.
Open-weight models are already demonstrating autonomous vulnerability research. The Zero Day Clock, built by Sergej Epp, CISO at Sysdig, shows time-to-exploitation collapsing to under a day in 2026. Integrate that with the collapsing cost of inference, and sophisticated threat actor capability becomes accessible to anyone with an API key and a weekend.
This is the new baseline.
How the security industry is responding
The Cloud Security Alliance, SANS, [un]prompted, and the OWASP Gen AI Security Project just released an expedited strategy briefing called "The AI Vulnerability Storm." It was authored and reviewed by over 250 CISOs and security leaders, including Jen Easterly, Bruce Schneier, Chris Inglis, Heather Adkins, Rob Joyce, and Phil Venables.
What struck me is the tone. This isn't a position paper, but an operational briefing built for the CISO who needs to walk into a room Monday morning with a plan. The risk register, the priority actions, the time horizons – it reads like incident response documentation.
The briefing names 13 risks across four categories, maps them to NIST CSF 2.0 and MITRE ATLAS, and prescribes 11 priority actions on aggressive timelines. Six are rated critical, with "start this week" deadlines.
The message from 250 of our peers is blunt: the threat model your security program was built on no longer reflects reality, and the time to act is now.
Lean into future-ready defense with AI
The same AI capabilities that make offense cheaper also open the opportunity for defenders to build something we haven't had before: the ability to find our own weaknesses at the same speed and scale as attackers. AI-driven vulnerability discovery on your own code. Continuous security review in your pipelines. Detection of novel threats that don't match any known signature. Response that executes at the speed these attacks will operate.
We have a window to build that cyber resilience before these capabilities are broadly weaponized. The CSA briefing frames this as becoming "Mythos-ready," and I think that's the right mental model. Not reacting to one announcement, but permanently closing the gap between how fast vulnerabilities surface and how fast your organization responds. That’s where defenders have the biggest opportunity to close the gap, and it’s where the industry is headed.
The teams that move now will have the muscle when it matters. The ones that wait will be building it under fire.
5 things security leaders can start today
1. Point security agents at your code and pipelines
Whatever AI security tooling you've already procured, start integrating it this week. Ask an agent to review your code. Build toward LLM-driven security review in your CI/CD pipeline. All code, whether human- or AI-generated, should pass automated security analysis before it is merged. The goal isn't perfection on day one, but to start surfacing where your risk concentrations are before someone else does it for you.
2. Stand up an innovation and acceleration governance team
Security, legal, and engineering must come together with a shared understanding of the executive team to take action. Every other defensive initiative on this list will hit approval friction without it. Current governance cycles were designed for a slower threat environment. That friction now has a direct cost in exposure.
3. Prepare for continuous patching
The CSA briefing rates continuous patching as critical with a "start this week" deadline, and I agree. Look honestly at your entire patching lifecycle – how components enter code, how code reaches production, how operating systems and libraries get updated.
At every point where a human is manually gating the process, ask yourself, “What guardrails would I need in place so that an autonomous system can begin driving?”
The volume of AI-discovered vulnerabilities coming through Glasswing and its successor programs will overwhelm any team operating at human speed.
4. Build automated response capabilities
The Sysdig 2026 Cloud-Native Security and Usage Report highlights this same need: the era of teams manually clicking through response playbooks does not scale. It has not scaled historically, and it does not work even today.
Every time a human makes a point-in-time decision to respond or not, that decision should be documented, trained, and fed back into a system to enable agents to drive and accelerate response actions. This includes agents in your deployment environment auditing your pipelines, understanding context, and executing responses at machine speed.
5. Establish measurement frameworks for your agents.
As you roll out AI-driven security capabilities, you need to know whether your resilience is actually improving. This means going beyond "does this work: yes or no," to scoring your agents on the quality of their decision-making, the data they're operating on, and whether their reasoning holds up under scrutiny.
Joshua Saxe's talk, “The Hard Part Isn't Building the Agent: Measuring Effectiveness,” is a good starting point here. Without that feedback loop, you're deploying automation without accountability, and you won't know whether you're more resilient or just more automated.
The security race is on to stay ahead of attackers
The security leaders who will thrive in the post-Mythos era share two traits:
- They're deeply connected in their CISO communities – the kind of peer networks where 250 people produce an operational briefing in days because the trust is already there.
- They're following world-class threat research teams closely enough to understand what the adversary actually looks like today, not five years ago.
We've crossed the four-minute mile, and the cybersecurity race is on.
Read the full CSA briefing, follow the Sysdig Threat Research Team for ongoing coverage of how these threats evolve in the wild, and start taking action today.