Exposure management , AI/ML , Vulnerability Management , Threat Management Fighting fire with fire: Defending against Mythos-powered cyberattacks May 12, 2026 Share By Paul Wagenseil Created with SocialSight AI. Because frontier AI models like Anthropic's Claude Mythos and Opus 4.6, as well as OpenAI's GPT-5.5-Cyber, can rapidly find software vulnerabilities and chain them together to form potentially devastating attack paths, exploits on a level that once required elite researchers and weeks of effort can now be crafted in minutes. Access to the most powerful vulnerability-finding AI models is currently limited to a handful of trusted companies. But security experts agree that comparable capabilities will become widely available to everyone, including common threat actors, in the next six to 18 months. Consequently, defenders can no longer rely on traditional vulnerability management and simply identify and fix vulnerabilities. They must reduce exposure before AI-powered attackers can exploit it. AI-powered exposure management defends against AI-powered adversaries by beating them to the punch, identifying how flaws in assets, identities, cloud systems, applications, and configurations can be chained into viable attack paths before they are exploited. In an AI-driven threat landscape, understanding exposure context means more than counting vulnerabilities. "The arrival of Claude Mythos marks a fundamental shift in the cyber landscape, where the speed of vulnerability discovery is now measured in minutes rather than months," writes Tenable Chief Technology Officer Vlad Korsunsky in a recent blog post. "While this 'mythic' new model provides attackers with an unprecedented ability to find and chain exploits, it also serves as a catalyst for organizations to modernize their defense." How threat actors are already using public AI models Threat actors already benefit from AI. Publicly available large language models help humans conduct reconnaissance, manage phishing campaigns , code malware, research potential exploits, and run social-engineering bots. Even today, AI is speeding up the attack lifecycle by automating complex tasks. Mythos, Opus 4.6 and GPT 5.5-Cyber are taking the attack lifecycle to lightspeed because they don't need human guidance to do any of these things. Tenable's analysis finds they can autonomously reason through complex codebases, spot likely vulnerability locations, validate exploitability, and construct attack chains across environments. "This is about a moment of danger where if we respond to it correctly, and I think we started to take the first steps, then we can have a better world on the other side," Anthropic CEO Dario Amodei warned recently . Experts warn that when Mythos-class capabilities become mainstream, organizations will be hit with a deluge of documented exploitable vulnerabilities that will overwhelm all but the speediest patch teams. But you can prepare for this flood of flaws by finding and categorizing assets and known vulnerabilities, prioritizing each fix according to your own organization's environment and business goals, and using AI to accelerate each process. This is AI-powered exposure management. How AI-powered exposure management can preempt AI-driven attacks Exposure management flips defense from reactive patching to proactive risk reduction. It doesn't treat each vulnerability as an isolated flaw; it evaluates how weaknesses can interact across the enterprise environment. Skilled attackers also think in chains, not individual exploits, and AI models are catching on. A low-severity cloud misconfiguration, an overprivileged identity, and an unpatched application may seem somewhat harmless, but together they can guide an attacker to critical assets. So how can an organization become " Mythos ready "? The answer is to implement exposure management, and to use AI to do it more quickly. In a recent blog post, Tenable Co-CEO Steve Vintz lists continuous asset discovery, stringent risk filtering, attack-path analysis, automated red teaming, and agentic remediation as the five steps that can lead you there. AI-powered exposure management takes you there by continuously mapping and prioritizing exposure surfaces, such as cloud infrastructures, identities, operational technology, applications, and third-party assets. AI then correlates threat intelligence, exploitability data, business context, and attack-path analysis to identify which risks matter to each specific organization, and which can be safely ignored. "Whether an attack utilizes an AI-discovered zero-day or targets the AI training pipeline directly, the challenge remains the same," writes Vintz . "You can't manage what you don't see, and you can't defend what you don't prioritize." How exposure management shifts the question from 'What's broken?' to 'How can this be exploited?' Traditional vulnerability management asks: Which systems are vulnerable? Exposure management asks a more important question: How can attackers exploit these weaknesses in the context of my environment? This distinction becomes critical in the face of AI-powered attacks. Sorting out the truly dangerous attack paths from the far more numerous false warnings is essential if defensive teams are to have any chance of keeping up with the pace of AI-driven exploits. Exposure management provides the environmental context that AI-powered attackers exploit. It evaluates network relationships, identity privileges, cloud connectivity, business criticality, and defensive controls together rather than separately. This lets security teams prioritize remediation based on exploitability and business impact instead of raw vulnerability counts. The organizations most likely to withstand Mythos-powered attacks will not necessarily be those with the fewest vulnerabilities. They will be the organizations that continuously understand their exposure surface, validate exploitability in context, and reduce high-risk attack paths faster than adversaries can weaponize them. "Without context and accuracy, more is not better; it just creates noise," writes Korsunsky in a Tenable blog post about AI exposure management . "AI is raising the bar on what’s possible in cybersecurity. The question now is how we turn that potential into outcomes." An In-Depth Guide to AI Get essential knowledge and practical strategies to use AI to better your security program. Learn More Paul Wagenseil Paul Wagenseil is a custom content strategist for CyberRisk Alliance, leading creation of content developed from CRA research and aligned to the most critical topics of interest for the cybersecurity community. He previously held editor roles focused on the security market at Tom’s Guide, Laptop Magazine, TechNewsDaily.com and SecurityNewsDaily.com. Related AI benefits/risks Why we need a ‘zero-trust for code’ behavioral approach to secure software Ken Ammon May 11, 2026 AI has broken down the old model for classifying code – here’s how a behavioral approach makes more sense today. Email security Beyond the inbox: Why your domain and social media are the next front lines Paul Wagenseil May 7, 2026 Protecting the inbox is no longer enough. The real battle is fought everywhere your brand exists. Threat Management How to make CTEM operational versus aspirational David Balaban April 29, 2026 Here’s seven ways to get the most out of CTEM. Related Events Cybercast RSAC Preview: Exposure management takes center stage On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Buffer Overflow Bug Corruption Covert Channels Darknet Denial of Service Distributed Scans Domain Hijacking Drive-by Download Dumpster Diving You can skip this ad in 5 seconds