Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

When Anthropic revealed the existence of Mythos, the frontier AI model they deemed too dangerous for public release, the security community was alarmed. And it’s not hard to see why: Mythos is capable of detecting software vulnerabilities at a previously unimaginable scale, and autonomously crafting exploits to weaponize these flaws. According to Anthropic, Mythos created 181 exploits of Firefox in testing, ninety times more than the company’s previous model (Claude Opus 4.6).

You often hear companies touting that they are AI enabled. But most do not give you the results of how that new AI stacks up with their previous non-AI offerings. We have some early data and want to share it. KnowBe4 was the first Human Risk Management (HRM) vendor to use AI. While our competitors have been touting the use of AI only since 2023 at the earliest, we have been using machine learning (ML), the backbone workhorse of AI, since early 2016 – for a decade!

Anthropic’s latest Claude news shows how AI is compressing the time from vulnerability discovery to credentialed lateral movement, and why security teams need behavior-based detection across humans and AI agents. Anthropic’s Project Glasswing, announced on April 7, 2026, gives selected partners early access to Claude Mythos Preview for defensive cybersecurity work. Anthropic says the model has already identified thousands of zero-day vulnerabilities across critical infrastructure.

CrowdStrike has been selected for OpenAI's Trusted Access for Cyber (TAC) program. Today, OpenAI released GPT-5.4-Cyber, a frontier model designed for defensive cybersecurity, and expanded the TAC program to give verified, selected defenders governed access through identity verification and tiered controls. CrowdStrike continues to lead the market in secure AI adoption, trusted by AI leaders and organizations of all sizes to accelerate the world's AI revolution.

The last generation of Governance, Risk and Compliance (GRC) software built a multi-billion dollar ecosystem by becoming systems of record for risk. ServiceNow became the system of IT workflows. Archer for audits. Diligent for policy management. Own the control framework, own the workflow, own the audit trail. It worked: for a world where risk moved slowly enough to be captured annually. That world is gone. Point in time attestations are obsolete. The Apple Watch didn’t replace the annual checkup.

In “Terminator 2“, the T-800 does not win because humans worked harder. It wins because the same machine capability that made it dangerous was reprogrammed to fight for the defenders. Project Glasswing is exactly that. Claude Mythos Preview is Anthropic’s most powerful AI model and the one they refused to release publicly because it autonomously found thousands of zero-day vulnerabilities across every major operating system and browser. Flaws that decades of expert review never caught.

For years, conversations about AI security risks were framed as forward-looking. Organizations were told to prepare for a future where autonomous agents would act on their behalf, access sensitive systems, and make consequential decisions without human intervention at every step. That future, it turns out, is now.

AI agents need to authenticate with numerous systems, making AI authentication a crucial security boundary that determines blast radius, revocability, and long-term governance risk.