Eighty of the world’s top security minds published a working response to the AI vulnerability storm. We synthesized what matters most.
On April 7, 2026, Anthropic announced Claude Mythos Preview, an AI system that autonomously found thousands of previously unknown security flaws across the software the world depends on, including a bug in OpenBSD that had gone undetected for 27 years. It also generated working attack code without human guidance at a success rate no human team could match.
Within two weeks, 80 of the world’s most senior security practitioners — including the former Director of CISA, the former NSA Cybersecurity Director, the CISO of Google, and Bruce Schneier — published a working response.
Here, we synthesize key takeaways about what’s changed and what it means for your programs — and outline four questions worth asking now.
What’s changed
Mythos didn’t start the clock — it revealed how little time was left.
When you read a headline like “AI Finds Thousands of Zero-Days,” your instinct may be to treat it as a rupture, a clean before and after. But the security experts pushed back on that framing for a specific reason.
“The capability predates it. What changes are the speed, scale, and the reduction in skill required to execute complex attacks.”
— CSA CISO Community, April 2026
In other words, autonomous systems were already outperforming human security researchers on competitive platforms. AI-driven tools were already finding real vulnerabilities in production software. And the capacity to turn security flaws into working attacks had been accelerating for over a year before Mythos arrived.
Most risk models assume a threat environment that no longer exists.
The time between a security flaw being disclosed and a working attack being built from it has been shrinking for years. What used to take months now takes hours.
CBTS CISO Chris DeBrunner calls this phenomenon “The Great Compression” — the operational reality that the time to detect, decide, and act has shrunk to the point where only organizations with their fundamentals already in place can keep up.
When a vendor releases a fix, it becomes part of the roadmap. AI can analyze the difference between the patched and unpatched code, identify the underlying flaw, and begin building an attack before most organizations have finished testing the update.
“Each patch also becomes an exploit blueprint, as AI accelerates patch-diffing and reverse engineering of fixes.”
— CSA CISO Community, April 2026
With its Project Glasswing, Anthropic is giving roughly 40 major software vendors early access to Mythos findings so they can patch before public disclosure. That window closes around July 2026. After that, the fixes and exploit blueprints become public simultaneously.
Boards are being briefed on obsolete risk postures.
Security teams communicate risk upward — to boards, executives, and auditors — using metrics designed for a different threat environment. Patch timelines assume human-speed attackers. Incident frequency models predate AI-driven attacks. And exploit-scarcity assumptions reflect a world where writing exploits was hard.
“The CISO’s ability to control risk has shifted, which could affect business reporting and projections.”
— CSA CISO Community, April 2026
As a result, many organizations are reporting to their boards a risk picture that is more optimistic than their actual exposure. That isn’t dishonest. Rather, no one has updated the underlying assumptions to match what changed. The brief calls for that revision to begin immediately, not at the next planning cycle.
What does it mean for your program
Culture matters as much as technology.
The brief’s most counterintuitive argument concerns culture, not technology.
Attackers are using AI freely to find vulnerabilities, build exploits, and run attack campaigns. Yet many defensive teams haven’t deployed the same tools on their own side, where they could be used for code review, patch triage, incident response, and compliance work.
“The resulting asymmetry is not just technological but cultural: Teams that do not adopt AI-based tools cannot match the speed or scale of AI-augmented threats, regardless of their technical skill.”
— CSA CISO Community, April 2026
The brief conclusion is direct: Optional AI adoption programs haven’t worked, and the gap will keep widening until leadership treats adoption as a requirement rather than a suggestion.
Recommit the fundamentals.
Amid all the AI-specific points in the brief, one of its most emphatic recommendations is a return to fundamentals, such as segmenting networks, maintaining access controls, disabling unnecessary services, and ensuring multi-factor authentication is deployed and enforced.
“Implement egress filtering. It blocked every public Log4j exploit.”
— CSA CISO Community, April 2026
Log4j was one of the most damaging vulnerabilities in recent memory. Every documented exploitation attempt against it was stopped by a single defensive control: egress filtering. That’s not a new tool, an AI-augmented platform, or something only well-funded teams could deploy.
Outbound traffic control has existed for decades and costs relatively little to implement. As attacks move faster, the value of containing what an attacker can do once they’re inside compounds. A breach that stays contained is a very different event from one that doesn’t.
The brief doesn’t argue that AI changes nothing. It asserts that nailing the basics compounds in value when the threat environment accelerates.
Find the real bottleneck in your response chain.
Most organizations with a functional security program are already finding vulnerabilities. The scanning infrastructure exists, reports are generated, and patches are deployed on a schedule. That part generally works.
What doesn’t work is the handoff between those steps. A flaw gets found; a report gets written; someone eventually reads it and opens a ticket; the ticket enters an operations queue and waits for the next patch window, assuming nothing more urgent displaces it. By the time a patch deploys, two or three weeks have passed.
“The vulnerability intelligence exists. The remediation capability exists. In many cases, the automation capability already exists and is installed, awaiting activation. What’s missing is the operational model that connects them.”
— Chris DeBrunner, CISO, CBTS Team
The useful question for security leaders right now isn’t “are we patching?” (Most are.) Instead, ask, “What actually happens in the four hours after a critical flaw is confirmed as actively exploited in the wild?” Walk through it honestly. Determine who finds out and how quickly, who has authority to push a patch outside the normal window, and who makes that call at any time of day or night.
If the answer depends on who’s available and how busy they are, consider that a process gap dressed up as a staffing question.
Treat burnout as the security risk it is.
Security analysts and practitioners are watching AI do in hours what took them years to develop. The uncertainty about what their roles will become is genuine and ongoing, and it’s falling on teams already at capacity. These teams are now being asked to handle a significant increase in alert volume, patch load, and incident frequency on the same headcount.
“Burnout and attrition in security functions represent a direct operational risk. The expertise needed to navigate this transition is scarce, takes years to develop, and is not replaceable on short timescales.”
— CSA CISO Community, April 2026
The brief’s answer to this is structural: Automate what can be automated so experienced people aren’t spending their attention on work that machines can handle. Build reserve capacity before the July patch wave rather than after it hits. Treat staff retention as a security outcome, just as you’d treat uptime or detection coverage. After all, when an experienced analyst leaves an organization, they take institutional knowledge with them.
Four questions worth asking now
Ultimately, the brief surfaces a central question: In a threat environment where the window between disclosure and exploitation is measured in hours, does your current program assume timelines that no longer exist?
Here’s where that question often lands hardest:
- When was the last time your incident response runbook was pressure-tested against an hour, not a week-long timeline?
- If a critical flaw is confirmed as actively exploited at 9 pm on a Friday, who has the authority to push a patch before Monday — and do they know it?
- Are you reporting risk to your board using metrics built for human-speed attacks?
- Have you deployed AI-based tools on the defensive side, or only thought about it?
If any of these questions lead to uncomfortable answers, you aren’t alone — or behind. The organizations getting this right are asking the questions now, before the July patch window closes.
