Mythos Model Exposes Enterprise Security Risks

CSO Hall of Famers Barry Hensley, Shaun Khalfan, and Jeff Trudeau weigh in on what it takes to lead cybersecurity at a critical juncture where risk and opportunity are evolving faster than ever. https://lnkd.in/eX5edAut

Vulnerability management is one of the most mature disciplines in cybersecurity. It's also completely overwhelmed. In his Secure Your Fortress 2026 talk, SANS instructor and SEC 501 co-author Dave Shackleford makes the case that the traditional approach to VM is broken — and walks through exactly how AI changes the equation. A few things that stood out: → CVE publications increased 263% between 2020 and 2025 — no team can manually triage that volume → NIST has stepped back from enriching most CVEs, putting the burden squarely on security teams → The answer isn't more scanners — it's smarter prioritization using AI-assisted attack path analysis → CVSS scores alone are no longer sufficient for meaningful prioritization If your team is drowning in vulnerability backlogs, this talk is 30 minutes well spent. 🎙️ Watch free: https://lnkd.in/es5UkEvP #VulnerabilityManagement #CyberDefense

It was great to hear from front line leaders on The Purple Book Community session getting their enterprises ready to tackle this new realty - the Mythos-class / Frontier AI Models. Excellent insights Nathan Motyl, MBA, Dheeraj Khanna, Paolo D. and Mark Lambert Volume, Velocity, Vulnerability chaining...

Last week I joined a The Purple Book Community panel on what frontier AI models like Mythos actually mean for security programs. 300+ security leaders showed up (Zoom hit capacity!) which tells you exactly where this topic sits on the priority list right now. Great conversation with Dheeraj Khanna & Paolo D., moderated by Mark Lambert. The reframing I keep coming back to: this isn't a new category of vulnerability. It's a new speed of attack. AI agents don't sleep, don't follow change control, and will chain a dozen low-severity findings into a critical exploit path without blinking. The question isn't whether your team can find vulnerabilities anymore, it's whether you can fix them faster than an AI agent can weaponize them. Recording is live if you want to dig in: https://lnkd.in/ekHPbpgE

Really great insight from Jacob Klein of Anthropic at the SANS Institute AI Summit! Points that stuck with me: - 80-90% AI work and 10-20% Human work - Approximately 70% of the MITRE enterprise taxonomy is already being automated by AI systems today - While AI increases the scale of the attack surface, it is a dual-use technology that defenders can also use for scanning vulnerabilities and investigating signals at scale - Watch out for the upcoming report https://lnkd.in/gvFzSMWk

For 14 years, Rafeeq Rehman's CISO MindMap has been one of the best snapshots of how the CISO role is evolving. The 2026 edition dropped in April and focuses on: → Adapting to AI → Reducing tool sprawl → Staying ahead of old threats → Taking care of security teams We shared our take on each — plus what feels like the unwritten fifth priority: security leaders increasingly driving revenue through Trust Centers, due diligence automation, and contract review. You can find it here: https://lnkd.in/dJcVMmje Full credit to Rafeeq Rehman. Definitely worth a read for security leaders planning their year.

Anthropic's Project Glasswing headlines are attention-grabbing, but the underlying shift is not a surprise to anyone who has been paying attention. AI is compressing the time between vulnerability discovery and exploitation. That changes the math for defenders. When attackers can move at machine speed through legitimate pathways, static rules and short time-window detections are not enough. Our latest blog gets into what that means for security teams and why behavior intelligence is the right foundation for what comes next. Read here: https://ow.ly/ZPr730sVIIS

Anthropic's Project Glasswing headlines are attention-grabbing, but the underlying shift is not a surprise to anyone who has been paying attention. AI is compressing the time between vulnerability discovery and exploitation. That changes the math for defenders. When attackers can move at machine speed through legitimate pathways, static rules and short time-window detections are not enough. Our latest blog gets into what that means for security teams and why behavior intelligence is the right foundation for what comes next. Read here: https://ow.ly/yEj130sVICz

Anthropic's Project Glasswing headlines are attention-grabbing, but the underlying shift is not a surprise to anyone who has been paying attention. AI is compressing the time between vulnerability discovery and exploitation. That changes the math for defenders. When attackers can move at machine speed through legitimate pathways, static rules and short time-window detections are not enough. Our latest blog gets into what that means for security teams and why behavior intelligence is the right foundation for what comes next. Read here: https://ow.ly/SpR130sVHCs