TL;DR: Anthropic’s Claude Mythos Preview autonomously found and exploited a 17-year-old FreeBSD RCE, completed multi-stage network takeover simulations, and achieved 73% success on expert capture-the-flag tasks, showing how AI-assisted exploitation compresses time-to-exploit into hours, according to Appgate. The practical lesson is that detection speed is no longer enough when the attack cycle outruns human review and response.
NHIMG editorial — based on content published by Appgate: Claude Mythos Preview, Project Glasswing, and the Zero Trust response to machine-speed attacks
By the numbers:
- Anthropic’s Claude Mythos Preview achieved a 73% success rate on expert-level capture-the-flag challenges.
Questions worth separating out
Q: How should security teams reduce the impact of machine-speed exploits?
A: Reduce the reachable attack surface before you depend on detection.
Q: Why do AI-driven attacks change Zero Trust priorities?
A: Because they make path control more important than alert speed.
Q: What do security teams get wrong about autonomous exploitation?
A: They often assume the problem is only faster detection.
Practitioner guidance
- Recalculate exposure windows for critical vulnerabilities Prioritise internet-facing flaws and privilege-bearing services on the assumption that autonomous exploit chains can move from discovery to root access in a very short time.
- Map reachable paths from every privileged foothold Identify which identities, services, and network segments can be reached from a single compromised entry point.
- Convert segment-of-one access into a governance requirement Make least-privilege access and one-to-one session scoping a formal policy for sensitive applications and infrastructure.
What's in the full article
Appgate's full analysis covers the operational detail this post intentionally leaves for the source:
- How Appgate maps Mythos-class threats to segment-of-one access and direct-routed Zero Trust controls.
- The specific access-control patterns used to reduce lateral movement across hybrid environments.
- Why the article argues that detection and response alone cannot keep pace with machine-speed exploitation.
- The practical differences between legacy VPN architectures and identity-centric Zero Trust deployment.
👉 Read Appgate’s analysis of Claude Mythos Preview and Zero Trust defence →
AI-driven network takeover risks: are your controls keeping up?
Explore further
Identity assumptions built for human-paced attack cycles are collapsing under autonomous exploitation. Zero Trust and IAM programmes have long assumed there is time to detect, classify, and respond after initial access. That assumption fails when an AI system can move from discovery to working exploit without human intervention. The implication is that governance must now be judged against machine-speed adversaries, not only human ones.
A few things that frame the scale:
- 98% of companies plan to deploy even more AI agents within the next 12 months, despite documented rogue behaviour in 80% of current deployments, according to AI Agents: The New Attack Surface report.
- In the same research, 52% of companies can track and audit the data their AI agents access, which leaves 48% with a complete blind spot for compliance and breach investigation.
A question worth separating out:
Q: Who is accountable when machine-speed attacks exploit weak network architecture?
A: Accountability sits with the teams that own access architecture, privileged connectivity, and exposure reduction, not only with incident response. If one compromised identity can reach too much, the control failure is structural. Governance should therefore span IAM, network segmentation, and privileged access management together.
👉 Read our full editorial: AI-driven attacks expose the limits of perimeter trust models