This Thursday (April 30), register for a LinkedIn Live on Anthropic Mythos and cybersecurity, featuring Greg Notch, James Shank, and Marcus Hutchins.
This is part two of a multi-part blog series on Anthropic Mythos.
TL;DR
- Mythos’ vulnerability-finding capability is the canary in the coal mine. The bigger story is what a model this powerful means for every domain that runs on knowledge work.
- Even the top AI security researchers in the world feel behind right now. The ones moving fastest are the ones willing to quickly unlearn.
- AI is simultaneously the source of new security problems and the most likely answer to them. That tension isn’t going away.
- The patching governance problem is real and unsolved: compliance frameworks require humans in the loop, but AI is shipping code at 10x velocity. Nobody has cracked this yet.
- Patch Tuesday may already be an attacker’s advantage. A patch tells you exactly where to look. The race to exploit inside the patching window is here, and the skill bar just dropped.
When Greg Notch posted on LinkedIn that “cybersecurity is the least of the problems” Mythos signals, the comments did what LinkedIn comments do. Some people agreed. Some people pushed back. A few asked him to explain himself.
I asked him to explain himself too, when I sat down with Expel’s Chief Technology Officer for part two of our series on Anthropic Mythos and the Cloud Security Alliance’s report on what defenders should do about it. Greg was also an official reviewer on that report.
His answer reframed the whole conversation. Mythos isn’t primarily a cybersecurity story. It’s a capabilities story. And cybersecurity just happens to be the domain where those capabilities are easiest to see.
Bug finding is the canary. What’s in the mine?
To understand Greg’s point, start with what Mythos is actually doing. It’s chaining together vulnerabilities—multi-step, abstract, deeply obscure exploit paths that the top fraction of a percent of security researchers in the world can find. And it’s doing it faster than they can.
But the model wasn’t trained for cybersecurity. That’s the point.
“It just happens to be able to [chain together obscure vulnerabilities],” said Notch. “So now I think about what that means for other things. Finding novel drugs.The ability to democratize understanding of the law. Understanding a foreign language and presenting information. Really, anything that involves knowledge and the ability to string together complicated concepts is fair game.”
The vulnerability-finding capability that has security teams on high alert is, in Notch’s framing, a proof of concept for something much broader. If a model not specifically trained for cybersecurity can outperform the world’s best human security researchers, what does the same model do to every other domain that runs on domain knowledge and pattern recognition?
Notch didn’t shy away from the dual-use implications. “These are all dual-use technologies,” he said. “Now imagine you’ve democratized the intelligence to build cyber weapons. Or perhaps other kinds of weapons or destructive capacities. You’ve got to broaden your horizon thinking—what does this mean for warfare, education, healthcare, for the legal profession? Just pick one.”
The security community is right to focus on the cybersecurity angle. But Notch’s argument is that if that’s the only angle you’re focused on, you’re limiting your perspective on both the benefits and the risks.
Everyone feels behind. Including the people who shouldn’t.
I asked Greg whether the pace of AI development—models advancing faster than organizations can adapt—creates an increased risk of burnout inside security teams. He gave me an answer I didn’t expect.
He told me about a conference he attended a month ago called [un]prompted, a gathering of roughly 600 of the top AI security researchers in the world. “Every single one of them that I talked to said, ‘I feel deeply behind. I feel like I’m not keeping up,’” said Notch. “And I was like, oh—I feel a little better that I’m in the company I’m keeping right now. Like, everybody kind of feels that way, and we’re all hurtling forward at this uncomfortable speed together.”
That’s not a reassuring story in the conventional sense. But it reframes the problem usefully. Feeling behind is simply the ambient condition of the moment. The question isn’t whether you feel overwhelmed. It’s whether you’re moving anyway.
For Notch, the most universally valuable skill right now isn’t a technical one. “The people that are the most successful with AI are the ones that are the most able to challenge their predicates and unlearn,” he said. “Everything I thought I knew yesterday—not true anymore. Time to learn it all again.”
AI is both the problem and the answer. At the same time.
The CSA report has a full section on burnout and career uncertainty inside security teams. I asked Greg how he thinks about that as a leader.
His framing was unusually candid: the thing causing the pressure is also the most likely escape from it. “It’s both the problem and the solution, and that’s what makes it so bedeviling,” he said. “I know if I can just figure out how to leverage AI for this problem I’m working on, it’s going to help me both solve that problem and create space in my day to go solve some of the other hairy problems on my list.”
At the same time, he acknowledged the new class of problems AI is generating—identity, data governance, agentic supply chain risks. “We’re going to speed-run all the bad decisions we’ve ever made about identity and data governance, at scale, right now,” he said. “And the answer to how I’m going to have time to solve that probably lives in the same Claude Code window.”
That tension—AI as both accelerant and antidote—isn’t going to resolve cleanly. Notch was honest about his forecasting range.
“My crystal ball is broken. I used to be able to see out 18 months. Now I’ve got 60 days. If I’m lucky.”
The patching problem nobody has solved
Greg posted on LinkedIn recently about a tension that doesn’t get enough coverage: AI is accelerating code deployment velocity dramatically—developers shipping at 10x the pace they were a year ago—but compliance frameworks still require a human to sign off on every patch before it goes to production. SOC 2. ISO. Change management controls that assume a person takes responsibility for a thing.
“Imagine what that means for a development team,” said Notch. “The development team just went from shipping code to spending some large percentage of their time reviewing code written by AI or other people augmented by AI. And some of these pull requests are huge. Here’s a 4,000-line pull request that an AI made overnight. That’s a massive task.”
The natural next question: can another AI agent do the review? Is AI-reviewed code sufficient to satisfy regulatory requirements? “Right now, my best understanding is the answer is no,” Notch said. “But I could be wrong—and that’s why I posed the question on LinkedIn. Because it’s not clear to me. And a couple of people DMed me and said, ‘Yeah, it’s a really hard problem. Nobody has the answer.’”
He pushed the thought further. Git—the version control system essentially every development team on earth uses—may not be up to the task of a massively parallel AI development workflow. “Imagine 15,000 agents all shipping code in parallel. I don’t even know what your git branch rebasing looks like,” he said. “There are startups working on this problem. They’re like, well, Git might not be a thing. So think about walking into a development team and saying, ‘We just can’t use Git anymore. All your code is in a vector database now, so swarms of AI can operate on it during its entire lifecycle.’ That’s a major sea change.”
His best guess at equilibrium: we eventually land in a world where AI reviews code, and other organizations’ AI reviews that AI’s code. But the middle ground—where we are now—requires rules to change and closely-held assumptions about secure software delivery to be rethought.
The thing that concerns Greg most isn’t Mythos
Near the end of our conversation, I asked Greg what he thought was underreported about all of this.
According to Greg, it’s not Mythos itself. It’s what’s already possible—and what patches inadvertently enable.
“If you have a patch from Microsoft, you know where to look, because you know what they fixed,” said Notch. “Taking that apart and building an exploit means that real-world exploitation lives inside the patching window of every enterprise. How quickly can you deploy Microsoft’s patch? Usually not faster than 24 hours. In some cases, it’s weeks. Or months. Or years.”
The gap between when a patch ships and when it’s deployed at scale has always existed. What’s changed is who can exploit it. “The skill bar for that is very low,” he said. “That is something that, without any spin on the ball, you and I could probably figure out how to do in an afternoon.”
And he made the point directly that the problem predates Mythos by a meaningful margin. “Opus 4.6 today can do a crazy amount of this stuff. I saw demonstrations of people doing software exploitation in minutes for pennies—beyond the skill of most red teamers,” said Notch. “There are open models on Hugging Face that have been fine-tuned and can produce exploits. The problem was already here. Mythos just made it a lot harder to look away.”
Which brings him back to where he started: Mythos is a canary. Not because the danger is abstract or distant, but because the thing it’s warning you about is already in the building.
So where does that leave us?
Part one of this series ended with James Shank’s advice to align your executive team on strategy before the pressure peaks. Greg’s contribution to that conversation is a wider aperture: the organizations that navigate this well won’t just be the ones with the best patching velocity or the most hardened infrastructure.
They’ll be the ones willing to question assumptions they’ve held for years—about how code ships, who reviews it, what compliance actually requires, and what “secure software delivery” even means when the people writing the code aren’t entirely people anymore.
That’s a harder ask than a patch priority list. But it’s the right one.
