Cisco Meets Mythos: The AI That Found Thousands of Vulnerabilities

Added: 2026-05-31

[00:00:00]This is Tweet.

[00:00:02]>> Cisco recently produced a slick eight-page PDF document titled, well, they borrowed a name I'm quite familiar with, Shields Up. They said, "Guidance for defending in the age of AI-enabled attacks." And I'm only going to share the introductory executive summary from this piece, but I wanted to start with it because it nicely serves to introduce us to what Cisco themselves have now realized is about to happen to the industry.

[00:00:34]The executive summary says, "In early April 2026, Anthropic announced that it would be holding back on releasing their new AI model Mythos due to deep concerns around the offensive cyber capability of that model. Anthropic decided to work with select companies, including Cisco, so that those companies could use the model to find and patch security vulnerabilities. Cisco's changing our Cisco is changing our near-future threat modeling of AI-enabled attackers in view of our experience with Mythos.

[00:01:19]That in turn has changed how we defend ourselves and led us to develop a set of defensive recommendations for customers.

[00:01:26]While the capabilities of Mythos may not be widely available, we do anticipate that this capability and more will become widespread as AI technology advances across the board. This paper lays out what Cisco has seen so far from AI-enabled capabilities and what we believe the new threat landscape will look like. Whether these models are wielded by attackers, leveraged by researchers, or operating as agents within your own environment, the security implications are significant.

[00:02:00]Subject to appropriate safeguards and controls, we will share what we've implemented based on this new understanding and lay out our recommendations for customers.

[00:02:11]The threat surface is going to change, in some ways dramatically.

[00:02:18]Defenders must take the time to understand what the new normal will look like and evaluate what changes their environment must make to stay secure.

[00:02:29]Cisco is committed to being a partner through that transformation.

[00:02:34]So, it's pretty clear, reading between the lines, that Cisco got a wake-up call from their experience with Mythos. Um I have a link in the show notes to Cisco's full report. Though, you know, it's an eight-page glossy sort of thing. You know, I didn't find anything there that was really that interesting or worth sharing. Um it appears, you know, to be far removed from Cisco's trenches, where Cisco developers appeared to have run out of explosives to express their degree of astonishment and concern.

[00:03:12]So, link in the show notes toward the bottom of the second page.

[00:03:15]But, speaking of running out of explosives, uh Cisco's security blog poses some interesting questions about the future.

[00:03:25]Um And specifically, the practicality of our existing time-tested CVE, which we're talking about every week, the common vulnerabilities and and exposures system, uh and the impact of AI vulnerability discovery on that.

[00:03:45]Now, my own expectation, as I teased earlier, differs from Cisco's. So, nevertheless, I want to share Cisco's thoughts since they're Cisco's and that matters and they're worth understanding.

[00:04:00]So, under their title, when AI finds faster than humans can patch, when AI finds faster than humans can patch, disclosure must evolve.

[00:04:15]So, they write, "Project Glasswing is an amazing initiative by Anthropic. Cisco's one of the main participants and I, writes this author, have been honored to work on it since it started."

[00:04:32]And then here it is. This is not, all caps, this is not hype. [snorts] "Claude Mythos has discovered thousands of Now, he's not talking about his own stuff cuz he's, you know, they're politic here. Thousands of zero-day vulnerabilities across every major operating system and web browser.

[00:04:55]The CVE program, already buckling under 50,000 entries a year, was never designed for this.

[00:05:05]We need to talk about what comes next before the flood arrives.

[00:05:11]As you probably have heard from many sources, Claude Mythos preview found a 27-year-old remote crash vulnerability in OpenBSD.

[00:05:20]It found a 16-year-old bug in FFmpeg that survived 5 million automated fuzzing runs. It chained together Linux kernel vulnerabilities to escalate from unprivileged user to full system control with no human guidance. And it did this in days, not decades.

[00:05:40]Key technology providers providers are finding and fixing hundreds of vulnerabilities.

[00:05:49]Participant organizations are also finding thousands of open source vulnerabilities and working on a coordinated disclosure timeline.

[00:05:58]That is the responsible move. But it also forces an uncomfortable question.

[00:06:04]What happens when this class of model becomes commonplace, meaning mythos?

[00:06:10]What happens when mythos level everybody can have it?

[00:06:14]He says, "When the vulnerability discovery rate jumps from thousands per month to hundreds of thousands."

[00:06:23]Okay, so I'll just pause here to note that the title of today's podcast vulnerability debt repayment uh looks at this at the end of the podcast. And my conclusion is not the same as this author's, as I said. But I thought this was interesting because this guy is on the front line of Cisco meets mythos.

[00:06:44]>> Yeah, he was scared.

[00:06:46]>> [laughter] >> He was Yes, he was obviously deeply affected by what happened. If you remember Bambi Well, anyway, since he's an employee of Cisco and obviously wants to keep his job, he's not talking in detail about what they found. But again, how much sleep is he getting, I wonder?

[00:07:05]Uh it doesn't take much imagination, given what we know of Cisco's own rickety past with security. One could just imagine. I mean, it's got to be similar to what Microsoft is going through. Anyway, this guy continues writing, "The answer is that every piece of infrastructure between discovery and mediation, disclosure norms, the CVE system, patching pipelines, and the human workflows that connect them will need to be re-architected, not updated.

[00:07:40]We must rethink how to scale.

[00:07:44]The problem is that the CVE system was built for a different era.

[00:07:49]The Common Vulnerabilities and Exposures program turns 27 this year.

[00:07:55]It was designed when the security community measured vulnerability disclosures in the hundreds per year.

[00:08:03]For example, 321 CVEs were issued throughout all of 1999.

[00:08:12]By 2023, the number had climbed to nearly 29,000.

[00:08:17]And a 2026 forecast projects a median of roughly 59,000 CVEs this year with the realistic upper bound scenarios reaching 100,000.

[00:08:32]And that forecast was published before Project Glasswing was announced.

[00:08:39]So, 100,000 at the high end, median estimate around 60,000 before this all happened.

[00:08:49]At RSAC 2026, he writes, "CVE board members acknowledged the program needs an overhaul. GitHub reported a 224% increase in vulnerability reports over the last 3 months alone. Again, that's the current volume before AI scale discovery tools were going wide.

[00:09:14]When a single AI model can surface thousands of high severity vulnerabilities in a few weeks of scanning, assigning an individual CVE to each one, enriching it with CVSS scores, routing it through the NVD, the National Vulnerability Database, and waiting for human analysts to triage it becomes illogical.

[00:09:42]Not not wrong in principle, but extremely challenging in practice.

[00:09:48]The bottleneck is no longer discovery.

[00:09:51]It's everything that comes after.

[00:09:54]The CVE system assumes a world where vulnerabilities are found one at a time by human researchers, disclosed individually, and patched on human timelines.

[00:10:08]AI scale discovery breaks every one of those assumptions simultaneously.

[00:10:16]Individual CVEs may no longer be the right unit.

[00:10:22]Here's the heretical idea that needs to be said.

[00:10:26]When a model like Mythos scans a code base and produces 300 findings in a single pass, buffer overflows in some parsing library, null pointer dereferences across related system calls, use-after-free conditions in the same memory management subsystem.

[00:10:46]The one CVE per bug model no longer serves defenders. It buries them.

[00:10:55]Okay, now again, we'll notice that this guy never said what's happening when Cisco's when Cisco met Mythos, but if it had happened if what we expect happened had, we wouldn't be surprised. He continues, "What defenders actually need is a vulnerability summary, a grouped, contextualized disclosure that says, "Quote, this code base has a class of memory safety issues concentrated in these five modules with these representative examples and this aggregate severity profile. Unquote. In other words, a vulnerability class report, a VCR, rather than 300 individual CVE tickets.

[00:11:49]So, it certainly does sound like this may be what exactly happened to him. And if it had, it's understandable, right? He's down in the trenches following the original 27-year-old CVE model, which requires that each and every discovered vulnerability be cataloged, described, evaluated, listed, and resolved.

[00:12:15]It's not a big deal when you field one or two, but when 300 drop on you during the first pass scan of just one piece of one's massive code base, what are you supposed to do? Let me Really.

[00:12:29]So, I do see this guy's point. Um, the existing piecemeal approach becomes immediately impractical. So, he writes, this is not about hiding information.

[00:12:42]Every individual finding should still be documented and available to the maintainer, the CNA and the downstream consumers who need it.

[00:12:52]But the disclosure unit, the thing that gets published, tracked, and acted on by defenders should be the summary, not the avalanche.

[00:13:03]Think of it as the difference between receiving 400 individual package tracking notifications and receiving a single shipment manifest.

[00:13:13]The manifest tells you what's coming, how critical it is, and what you need to do. The individual tracking number still exist, you just don't need to process them all at once to take action.

[00:13:26]Here's the stat, he writes, that should keep every CISO awake.

[00:13:31]The median enterprise patch deployment time is approximately 20 days. Okay, the median, that is to say, the point where there are just as many quicker as there are slower, that that point is 20 days. So, at 20 days, half of the patches take longer than 20, the other half take fewer than 20 days.

[00:13:55]He says, "But, in March of 2026, right, 2 months ago, researchers observed active exploitation of a critical LangFlow vulnerability within 20 hours of its advisory with no public proof-of-concept code available.

[00:14:15]Attackers built working exploits directly from the advisory description.

[00:14:22]20 days to patch, 20 hours to exploit.

[00:14:27]That gap, he says, is already fatal.

[00:14:30]AI-scale discovery makes it catastrophic.

[00:14:34]The uncomfortable truth is that human-driven patch cycles cannot keep pace with AI-driven discovery.

[00:14:45]If models like Mythos are finding vulnerabilities at machine speed, and adversaries with similar models will exploit them at machine speed, then remediation has to move at machine speed, too.

[00:14:59]This means we need to use AI to scale, fix, and patch, but code changes must be carefully reviewed and tested. This must become a standard part of our lives.

[00:15:12]It also means organizations need autonomous patch deployment pipelines for the most critical categories, not, quote, "We'll schedule it for the next maintenance window." unquote. No, not "It's in the backlog." No.

[00:15:29]Automated testing, staged rollout, and rollout capabilities that can absorb a continuous stream of patches without human bottlenecks at every stage.

[00:15:41]The pieces are assembling. What's missing is the operational framework to use them at scale.

[00:15:49]Again, I believe that by the end of the podcast, I'm going to be able to make a strong case for why for the thing this guy's missing. But, I think that what he says still bears hearing.

[00:16:00]He says, "The CVE program must adapt.

[00:16:04]Let's be direct." he writes. "The CVE program in its current form cannot handle what's coming. Not because the concept is flawed. A universal identifier for vulnerabilities is valuable, but because the implementation assumes human-speed discovery, human-speed enrichment, human-speed consumption.

[00:16:27]All three assumptions are collapsing.

[00:16:30]The National Vulnerability Database enrichment backlog is already a known problem. CNAs, the CVE numbering authorities, are already overwhelmed with submission volume. And downstream consumers, the vulnerability scanners, security information and event management systems, and risk platforms that ingest the CVE data, are already struggling to provide actionable signal rather than noise.

[00:17:00]Several adaptations are necessary, and they need to start now. Machine-readable first, human-readable second.

[00:17:09]CVE records need to be designed for automated consumption as the primary use case, with human readable descriptions as a secondary output. This means structured fields for affected components, exploit preconditions, environmental factors, and critically machine-readable patch references that automated deployment systems can act on.

[00:17:34]Now, okay, actually all those things I agree with completely.

[00:17:39]Modernizing our 21 our 27-year-old CVE system to take advantage of everything that's been learned since its original design and the fact that, you know, again 1999 321 CVEs, even 2023 was tens of thousands. So, even pre-AI, just the the sprawl of software has created a far greater demand. I I mean, we don't even have Adobe with Flash anymore keeping us busy. So uh I think it makes a ton of sense to to, you know, revisit the CVE system un- under today's world. And that's what the RSA guys were looking at. It should be designed to be deeply automated, to be managed, ingested, and digested by machine. Why not?

[00:18:38]That's overdue already. And as I said, that's what the CVE board members who met during the 2026 RSA conference acknowledged about the CVE program needing a complete overhaul. You know, and again, not specifically due to AI or mythos. That wasn't That it hadn't happened during RSA 2026. Uh just because we could now do such a better job of what has become a critical need. So this the Cisco guy considers the shape of some of those changes that we would need. He writes, "So, should we use hierarchical identifiers?

[00:19:18]A parent vulnerability class report identifier with child CVEs for the individual bugs.

[00:19:27]Defenders who need to take action at the class level can operate on the parent.

[00:19:32]Researchers and tooling that need the granularity can drill down into the children. Scanners and S-bombs, software bills of materials, can index either level. This gives organizations the ability to respond to, quote, 'Your TLS library has a family of parsing vulnerabilities,' unquote, rather than individually tracking 47 separate advisories.

[00:20:00]CVSS, the Common Vulnerability Scoring System, was designed for human assessors making static judgments. EPSS, the Exploit Prediction Scoring System, moved toward probabilistic exploit prediction. The next step is continuous AI-updated risk score scoring that incorporates real-time threat intelligence, proof-of-concept availability, attacker tooling trends, and the defender's own environment context. So, what should defenders do now?

[00:20:35]He writes, "You don't have to wait for the CVE program to reinvent itself. The practical steps for security teams are clear, even if they're painful.

[00:20:45]Remove and migrate away from end-of-life software and hardware." Well, okay, then.

[00:20:52]Generic security advice, always good.

[00:20:55]Stop treating every CVE equally. If you're patching by CVSS score alone, you're already behind. Use EPSS, CISA KEV, you know the the the commonly or the known exploited vulnerabilities.

[00:21:12]And real-time threat intelligence to prioritize by exploitability and environmental relevance. The volume is about to make score-based patching physically impossible.

[00:21:27]Next, know your inventory. Yes, actually know it. You cannot respond to a flood of vulnerability disclosures if you don't know what software you're running, where it runs, and how it was built.

[00:21:42]Software [snorts] bills of materials are not a compliance checkbox anymore. You need them. They're the only way to answer, "Does this affect me?" at machine speed.

[00:21:54]And finally, invest in autonomous patching infrastructure. Automated testing, canary deployments, staged rollouts, and automated rollback. If your patch deployment requires a human to click approve for every single update, your cadence will be measured in weeks when it needs to be measured in hours.

[00:22:18]He finishes writing, "Project Glass Wings findings will flow through these normal channels as patches land. Your job is to be ready when they arrive, and the window is closing."

[00:22:31]Anthropic chose not to release Mythos preview publicly. That decision buys the industry time, but not much.

[00:22:40]Frontier AI capabilities and open weight models will advance substantially within months.

[00:22:46]The capability to autonomously discover and exploit software vulnerabilities at scale is no longer theoretical.

[00:22:55]It's only an engineering problem, and multiple organizations are solving it simultaneously.

[00:23:02]The vulnerability disclosure system we built over 27 years was a remarkable achievement for its time. It gave us a shared language, a coordination mechanism, and a way to hold vendors accountable.

[00:23:15]But it was built for a world where a prolific researcher might find 50 vulnerabilities in a year.

[00:23:24]We are entering a world where a single AI system can find that many before lunch.

[00:23:31]The choice is not between perfection and action. It's between adapting now with grouped disclosures, tiered timelines, AI-generated patches, federated databases, and autonomous remediation.

[00:23:46]Okay, so if nothing else, we've just heard the somewhat panicked reaction from someone in in inside another major enterprise that obtained early access to Mythos.

[00:24:03]Though this author was careful to talk about the software security industry at large, it seems pretty clear that it was his own direct experience when Cisco met Mythos that drove this posting. He's essentially saying that there are so many problems that we cannot even count them.

[00:24:26]So, at least for the first pass, we're just going to classify them by generic type because enumerating them individually seems pointless and probably, you know, >> [laughter] >> really sad.

[00:24:40]So, I think the major takeaway from this is that, yes, indeed, it is time to update the industry's aging coordinated vulnerability management system. And while we're at it, since AI has arrived in full force and it's obviously never going to leave, let's incorporate AI friendliness into the new system.

[00:25:00]Where I disagree with this author is in the long-term effects of AI's involvement. I think it's going to be different. I'll make my case for that once we get to today's main topic.

[00:25:13]Hey, I hope you enjoy these little highlights from our shows. We do a bunch of them and they're all available on the web at twit.tv or right here on YouTube.

[00:25:20]You can even watch most of them live on YouTube. I'll tell you what, you'll see a link below and if you would like and I would like it, like and subscribe.

[00:25:30]Thanks so much for watching.

[00:25:32]>> [music] >> Security Now [singing] >> [music]