MSSP leaders have played down the threat posed by Claude Mythos, with some saying the advent of cybersecurity-focused AI models like it could favour defenders as much as it does attackers.
Anthropic last week claimed its new Claude Mythos Preview model is “capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser”.
It claimed its “large increase in capabilities” led it to opt against making it public (instead it is using it as part of a defensive cybersecurity programme with a limited set of partners).
Even so, Palo Alto Networks immediately branded the development a “dangerous shift”, while Cisco said it “fundamentally changes the urgency required to protect critical infrastructure” (see here).
But what do the MSSP leaders tasked with protecting UK SMEs and enterprises day in day out make of the threat or opportunity posed by Mythos?
We caught up with the CEOs or CTOs of six MSSPs or MSPs in the shape of SEP2, Integrity360, Red Helix, Wanstor, Chorus andAcumen Cyber to find out.
Here’s what they said…
“Mythos presents a major opportunity for defenders and MSSPs”
Paul Starr, CEO, Sep2
Claude Mythos – Run for the hills!
We’ve seen this “world-ending” cycle before, with the release of every new model and it’s becoming a little tiresome. Whether it was the advent of automated exploit kits or the initial panic over ChatGPT’s ability to write malware, our industry has a tendency to lean into the “catastrophe of the week.”
Mythos represents a significant technical accelerator impacting both offensive and defensive cybersecurity practices.
For attackers, while it undoubtedly shrinks the exploit window, this is an acceleration of a long-established pattern. Dual-use tools, initially created with good intent, have always become integrated into both attackers’ and pentesters’ toolkits. Mythos simply marks the next evolutionary stage, allowing less-skilled actors to operate more effectively. It is not a fundamentally new threat, but rather a substantially more efficient one.
Crucially, Mythos presents a major opportunity for defenders and MSSPs. It can be integrated directly into the defensive security engine.
SEP2, for instance, is already leveraging these capabilities to automate the routine, often “boring” aspects of vulnerability management. If an AI model can rapidly discover a decades-old bug in legacy code overnight, it can significantly expedite alerting the appropriate personnel and even assist in developing protection measures.
We must resist the urge to “knee-jerk.” The fundamentals of cybersecurity – robust access controls, hygiene, and layered defence – remain the most effective antidote to any AI.
Every time a new model drops, half the industry wants to declare the ‘end of security’ and the other half wants to run for the hills, buy a log cabin, and live off-grid with nothing but a pen and paper! Whilst I might see the appeal, I don’t think we’ve got to that stage yet.
While the headlines are being pushed by the AI vendors who gain value from their hyperbole, we’ll need to keep the pinches of salt flowing.
Mythos is a powerful new tool, but we’ve survived every “game-changer” so far by staying grounded in engineering rather than buying into the hype. We will do the same here.
Which MSP leader thinks Mythos’ capability “fundamentally marks a shift”? See next page…
