This blog is a summary from our webinar: Mythos, The Glasswing Project, and the Technical Debt Crisis. You can watch the webinar here.
The threat landscape is shifting at an unprecedented pace. According to the latest CrowdStrike Global Threat Report, AI-based attacks have surged by 89% year-over-year. More alarmingly, the attack window—the time it takes for an adversary to move laterally after initial compromise—has shrunk drastically. Just a few years ago, the average attack took days to unfold. Last year, it was 59 minutes. Today, it is down to just 27 minutes.
Meanwhile, the average human response time remains stuck at around six hours. The reality is stark: you cannot fight adversary AI with a human Security Operations Center (SOC). In a recent webinar, Jennifer Gill (VP of Marketing) and Nathan Schmidt (Solutions Engineer) at Skyhawk Security sat down to discuss what this means for cloud security, focusing on the emergence of Anthropic’s Mythos model, the implications of Project Glasswing, and how organizations can overcome the technical debt crisis by shifting their focus from what is merely exploitable to what is truly weaponizable.
What is Mythos and Project Glasswing?
Mythos by Anthropic is an advanced, unreleased frontier AI model. It has unprecedented capabilities in vulnerability discovery and exploit generation system. It leverages advanced AI models to find Common Vulnerabilities and Exposures (CVEs) at an incredibly aggressive rate. As Nathan Schmidt noted during the webinar, Mythos is not necessarily creating net-new types of vulnerabilities; rather, it is exceptionally good at “connecting dots” and understanding the context between disparate vulnerabilities that already exist in an environment.
In response to the sheer volume of vulnerabilities being uncovered by AI, Project Glasswing was born. It represents the largest coordinated multi-party vulnerability disclosure effort in history, designed to help organizations manage the incoming wave of AI-generated threats.
However, the traditional industry response to this wave of disclosures has been simply to “patch faster.” As Jennifer Gill pointed out, this is no longer a manageable strategy. Security teams are already overwhelmed by technical debt, and asking them to pedal faster against an AI-driven adversary is a losing battle.
The Problem with “Patch Faster”
Gartner recently echoed this sentiment, noting that an organization’s exposure window is no longer governed by its patch schedule, but by how fast attackers can automate exploitation using AI. Because AI significantly reduces the time attackers need to turn known vulnerabilities into working attacks, material risk exposure is now determined by how quickly a team can detect and mitigate exposure not by how quickly they can patch.
This brings us to the core challenge with traditional Cloud Native Application Protection Platforms (CNAPP) and vulnerability management tools. These tools are excellent at identifying theoretical risk. They can scan an environment and generate a list of tens of thousands, or even hundreds of thousands, of alerts.
But as Schmidt explained, these tools only look at the topology. They can connect the roads on a map, but they cannot change the map. They generate a massive list of exploitable vulnerabilities, leaving overwhelmed security teams to figure out which ones actually matter.
Exploitable vs Weaponizable: The Skyhawk Difference
To survive the AI threat landscape, organizations must rethink vulnerability prioritization. This requires a fundamental shift in perspective: moving away from what is exploitable and focusing strictly on what is weaponizable.
- Exploitable Vulnerability: A theoretical risk. A threat actor could use this vulnerability, but it may not lead to anything of value.
- Weaponizable Vulnerability: A practical, immediate risk. A threat actor can dynamically manipulate this vulnerability, chain it with other exposures, and use it to breach your most valuable cloud assets.
Skyhawk Security bridges this gap using its AI-based Red Team, which is rooted in advanced digital twin technology. Unlike traditional AI penetration testing that requires strict rules of engagement and risks disrupting production environments, Skyhawk’s deep learning AI creates a continuous, digital simulation of your cloud infrastructure.
Within this simulation, the AI acts as an independent adversary. It does not just look at the map; it actively tries to change it. It attempts to steal access keys, create its own EC2 instances, modify security groups, and deploy malicious code. By running these continuous, non-disruptive adversary simulations, Skyhawk identifies the exact attack paths that can be weaponized to reach your “crown jewels.”
Cutting through the Noise
The results of this approach are transformative for security teams drowning in alert fatigue. During the webinar, Gill shared a real-world example of a customer who started with over 500,000 vulnerabilities identified by their traditional tools. By applying Skyhawk’s AI-based Red Team simulation, they discovered that only seven of those vulnerabilities could actually be weaponized to compromise their critical assets.
Instead of trying to sort through half a million alerts, the security team was handed a prioritized list of seven actionable items that would immediately reduce their material business risk. As Amit Levran, CISO at SundaySky, noted in a previous case study, Skyhawk allowed his team to focus on just the top 0.3% of alerts, effectively reducing alert noise by 99.7%.
Try Skyhawk Security for free for 30 days.
Or, learn more about Skyhawk and our key differentiators? Check out our whitepaper. After you read it, book a meeting with us today!
