The security industry has spent a decade building better cameras.
Wiz. Orca Security. Prisma Cloud. Exceptional tools. World-class at finding problems after they exist — scanning your environment, surfacing misconfigurations, alerting on threats. The Gartner-defined CNAPP category raised billions of dollars on a simple promise: visibility IS security.
It was never wrong. It was just incomplete.
And Anthropic just made that incompleteness impossible to ignore.
Mythos Changes the Math
Last week, Anthropic published a system card for Claude Mythos Preview — a new AI model so capable at cybersecurity that the company decided not to release it to the general public.
This wasn’t a cautious PR move. It was a genuine safety decision.
Mythos autonomously found and exploited a 27-year-old vulnerability in OpenBSD. A 17-year-old remote code execution bug in FreeBSD — with no human intervention after the initial prompt. Zero-days in every major web browser. In one case, it chained four separate vulnerabilities to write a browser exploit that escaped both the renderer and OS sandboxes.
Exploits that would have taken expert penetration testers weeks. Mythos did them in hours.
And here is the part that should stop every CISO cold: Anthropic didn’t train Mythos to do any of this. These capabilities emerged as a downstream consequence of general improvements in reasoning and code. The same improvements that make it better at writing software make it better at breaking it.
Mythos is not the threat. Mythos is the preview of the threat. Models with similar capabilities will eventually be broadly available. The window to get ahead of this is not years. It is months.
The Camera Problem
Imagine your enterprise security posture as a building.
You’ve installed cameras on every corridor. Motion sensors on every floor. When an intruder enters, you’ll know within minutes. Your incident response team will mobilize. Reports will be filed.
But the doors are unlocked.
That’s the CNAPP model. Exceptional visibility. Exceptional detection. And an assumption — implicit, rarely examined — that you have time between the misconfiguration and the breach.
Mythos eliminates that assumption. The window between a vulnerability existing in your infrastructure and it being autonomously discovered and weaponized just collapsed. A camera doesn’t stop an intruder. It just gives you a better record of what happened.
You need locked doors. You need them before the threat arrives.
CISOs Don’t Know This Gap Exists. And That’s On Us.
There is almost no tooling in the market focused on preventing cloud misconfigurations before they ship.
Wiz, Orca, and Prisma are built for detection. Scan, surface, alert, report. Excellent at telling you what went wrong. Not designed to stop things from going wrong. Detection is your last line of defense, not your first.
Nirmata has been building that first line — policy enforcement for Kubernetes, Cloud and Terraform across the full deployment lifecycle. We created Kyverno, the open source policy engine trusted by thousands of organizations. We know better than anyone what “deployed but never enforced” looks like. And we’ve helped companies go from nearly 100% of policies in audit mode to 100% enforce.
And most CISOs have never heard of us. Because we’ve been mostly working with platform engineering teams. They understand policy-as-code. They see the value immediately. But they don’t sign the Wiz renewal. CISOs do. And the conversation we need to be having with CISOs — about prevention, not just detection — hasn’t happened at scale yet.
Mythos is making that conversation urgent.
What Prevention Looks Like at Mythos Speed
Three things, in order:
- Shift-left enforcement. Catch policy violations in CI/CD and AI coding tools at the moment of authorship — before code reaches a cluster. The cheapest moment to stop a misconfiguration is when a developer is writing it, not after it’s running in production.
- Admission enforcement. Block non-compliant workloads at the cluster gate (admission control). Not flagged. Not logged. Blocked. A policy in audit mode is a camera with no lock. Every flagged-and-deployed violation is a door you left open, with a log entry noting the exact time.
- Continuous compliance. Automated remediation in real time. In a world where Mythos-class models can turn a known vulnerabilities into a working exploit in hours, the gap between disclosure and remediation cannot be measured in days.
Stop misconfigurations before they ship. Not because you’ll catch them faster — because they’ll never reach production.
The Window Is Narrow
Anthropic notes that Mythos will inform future models that will eventually be broadly available. The transitional period, by their own assessment, “will be fraught.”
Every day your clusters run in audit mode, your attack surface is larger than it needs to be. The cameras are excellent. The doors are still unlocked.
If you’re a security leader asking whether your prevention layer actually exists — let’s talk.
For a deeper look at the Kubernetes enforcement gap specifically: Your Clusters Are Unlocked. Your CISO Doesn’t Know.
Nirmata helps platform and security teams enforce policy across AI, Kubernetes, Cloud and Terraform — from code to runtime. Learn more at nirmata.com.
