Protecting Against Mythos, Daybreak, and Beyond: Frontier AI Security

Vulnerability exploitation is now the #1 initial access vector, according to Verizon’s latest Data Breach Investigations Report. Last year, organizations saw a 50% increase in critical vulnerabilities to patch compared to the previous year. As models like Mythos and Daybreak make machine-speed vulnerability discovery and exploitation a reality, security leaders need a defensible strategy for protecting against AI security threats.   

In a recent webinar, Mythos and Daybreak: What Boards Are Asking and What to Actually Do About It, Zero Networks Field CTOs Chris Boehm and Albert Estevez explored why containment – not speed – is the only reliable advantage for defenders in the AI era. When lateral movement is blocked by default, it doesn't matter how fast an attacker finds a vulnerability or how quickly your team can patch. The breach is contained before it can spread into a crisis. 

We’ll unpack key insights from the session and walk through best practices for protecting your network against AI.  

Mythos and Daybreak: What They Are and Why They Matter for Security Teams  

Anthropic’s Mythos and OpenAI’s Daybreak are frontier AI models capable of finding, analyzing, and generating exploits for vulnerabilities at a speed and scale no human team can match. 

For example, Mythos found over 10,000 previously unknown vulnerabilities in seven weeks, including bugs that had evaded automated detection for decades. In a UK AI Security Institute evaluation, it successfully took over a simulated corporate network in 3 out of 10 attempts using only legitimate access paths.  

“In controlled evaluations where Mythos Preview was explicitly directed and given network access to do so, we observed that it could execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously – tasks that would take human professionals days of work.”  

AI Security Institute  

Daybreak delivers a similar class of capabilities; while OpenAI’s model is also capable of delivering candidate patches, it’s still not possible to deploy every critical patch quickly enough to prevent exploitation.  

Chris Boehm: These are two frontier models that are so cutting edge, they're keeping them contained behind a wall. And one of the prime examples Anthropic brought up was finding 300+ vulnerabilities on Firefox in a very short period of time. The concern is: how do I stay on top of patch management and operations when this is happening? 

Frontier AI models didn't invent new attack techniques; lateral movement, credential abuse, and privilege escalation are well-known tactics. What has changed is the speed at which those techniques can now be applied against vulnerabilities that already exist in the environment – and the scale at which a capable attacker can identify them.  

Gartner noted after Mythos launched that "CIOs must tell their boards they will have to recalibrate their risk appetite for vulnerabilities because faster patch cycles won't be enough." Boards heard that message before most security teams had formed a response to it, leaving CISOs to face an evolving set of questions. 

AI Security Questions: What Are Boards Asking CISOs?  

As models like Mythos and Daybreak continue to dominate headlines, board-level questions for security leaders are increasingly focused on AI-era business resilience. 

Albert Estevez: The most common question I get when I visit customers is: as a company, how do we stop this type of attack inside our network? How will Mythos impact our infrastructure? And then there's the unbudgeted board mandate – go secure us against Mythos. 

Chris Boehm: If AI can find vulnerabilities in our environment at warp speed, how do we protect ourselves? And can you prove our investment is actually reducing the risk? Those are the questions security teams don't always have a crisp answer for. 

Security leaders that come back to the board with a patch acceleration plan are going to have a harder conversation than those who can explain why speed is no longer the variable that matters. 

Why Patching Faster Won’t Solve AI Threats  

According to the 2026 Verizon Data Breach Investigations Report, only 26% of critical vulnerabilities were fully remediated by organizations in 2025, and the median time for full resolution increased by nearly two weeks year-over-year.  

In other words, even before AI-enabled vulnerability discovery and exploitation burst onto the threat landscape, security teams have been struggling to keep up with patching. Frontier models have made traditional patching workflows an untenable solution.  

Albert Estevez: We cannot patch Mythos or Daybreak away. Discovery is infinite now. We can find thousands or even millions of new vulnerabilities every day. And the patching time we have is finite – it's impossible to digest all those patches, validate that a new patch isn't generating a business impact, and move fast enough. Even with prioritization, it will always be late. Because the time AI needs to generate an exploit will always be faster than the time you need to prioritize, test, and apply the patch. 

So, organizations now face an impossible tradeoff: patch immediately and manage updates that contain thousands of fixes at a time, or wait and prioritize while accepting risk exposure. In either case, operational continuity is at risk.  

OT and legacy systems can't always be patched on short notice without planning significant change windows that risk production impact. But leaving vulnerabilities uncovered is just as risky. Attackers can begin moving laterally in as little as 27 seconds, yet the mean time to identify a breach via vulnerability exploitation is 180 days. As AI accelerates exploit generation, that gap will only grow wider.  

Chris Boehm: Even if you have 90% detection, 90% analyst accuracy, 24/7 coverage, and fast response times – when you multiply all those numbers together, you still have a compounding failure rate. We're not blocking, we're not preventing. We're allowing attacks to go through even though we have most of what's necessary. The standard stack isn't enough anymore. 

There is no version of “respond faster” that gives defenders a reliable advantage over AI-enabled attackers. Instead, security teams need an architecture designed for containment to make speed irrelevant. 

Real-Time Threat Containment: Proactive Network Security   

Lateral movement is how attackers escalate a minor foothold into a business-disrupting breach – whether they get in via vulnerability exploitation, credential abuse, or any other initial access vector. The key to making an attacker’s speed irrelevant is building lateral movement prevention into the network architecture.  

Albert Estevez: We need to make the speed of detection and remediation totally irrelevant. How? By building an infrastructure that prevents lateral movement by design. If everything is locked down, it doesn't matter how fast you discover new vulnerabilities or how fast you need to patch them – your system will not allow any new connection that isn't already allowed. Stop running. Contain first. 

With this approach, attacker's speed advantage doesn't translate into business impact because there's nowhere to move in the first place. In a network where lateral movement is blocked by default and privileged ports are closed to all but explicitly authorized identities, a single compromised asset gives attackers very little access.  

Chris Boehm: If you actually contain and isolate appropriately, a hundred vulnerabilities discovered today wouldn't matter. You can go through your standard patch channels, do your testing and validation on your timeline, not theirs. You don't have to be in fear of a thousand patches dropping tomorrow. 

This same principle applies to the second distinct AI challenge organizations are navigating alongside attack acceleration: vulnerabilities created by AI already running inside the network. Employees are using unsanctioned tools, agents are operating with permissions nobody explicitly scoped, and every new connection represents a path attackers can exploit if it isn't governed. 

Albert Estevez: Shadow AI expands the attack surface. You need to govern those tools. Don't let users start using AI tools you haven't provided – you can't stop the adoption, but you can control what's sanctioned and what reaches what. Every agent needs an identity, scoped access, and defined communication paths. If you allow your AI agent to write to your database, the first question you should be asking is why. 

How to Measure AI Security: Metrics That Matter for Resilience  

Security teams have spent years reporting on alert volume, mean time to detect, and mean time to respond. In the context of AI-accelerated attacks, Estevez and Boehm argue those metrics are measuring the wrong thing. 

Albert Estevez: A year ago, customers were all talking about mean time to detect, mean time to respond. I would say ‘okay, mean time to be hacked. What is that time?’ Changing the mindset to contain first means asking: can my business keep running while I'm receiving an attack? The CEO and CIO don't care how long it took to identify something if they're already in the news. 

The metrics that map to board-level concerns include blast radius, mean time to contain, lateral movement scope, and uptime during cyber incidents.  

Chris Boehm: What if you don't have to respond because it's already been contained and isolated? That's what we're measuring now – mean time to containment, blast radius reduction, lateral movement scope, and whether I can prove my uptime stays intact during an incident. That's the shift from 'we saw a lot of alerts' to 'here's proof our architecture is working.' 

Zero Networks' Breach Map makes this visible in a way that resonates at the board level. A CISO can click on any user or device and see what that identity has access to with and without Zero Networks applied. A user with broad privileges might have access to dozens of workloads in an uncontrolled environment. With comprehensive microsegmentation, that scope narrows to only what they actively need and use, often by 90% or more. 

Chris Boehm: The beautiful paradox of microsegmentation is that when it's working well, you don't even notice it. So, we created a way for customers to actually see what it's doing – what their blast radius looks like with and without containment in place. Customers were asking: can you prove the difference of what you're doing? That's the answer. 

Building a Containment Architecture: Best Practices for Protecting Networks Against AI 

To minimize risk exposure in the AI era, security teams should focus on three key priorities: dynamically closing privileged ports, implementing identity-aware microsegmentation, and governing AI agents with identity-based policies.  

Over 70% of enterprise risk activity flows through admin protocols like RDP, SMB, WinRM, and RPC. By closing those lateral movement pathways with network-layer MFA, security teams ensure that administrators with an explicit business need can still get access – but only after identity verification, and only for a limited time.  

Albert Estevez: Imagine that in no time – one single click – you close access to those ports that don't need to be open 24/7. Now the vulnerabilities associated with those ports are blocked. Nobody can access them, exploit them, or bring credentials and try to use them, because those ports are closed behind a policy on the local server. You cannot exploit what is closed. 

Identity-based segmentation delivers the architectural controls to prevent unauthorized lateral movement. By leveraging deterministic, human-on-the-loop automation to create policies based on observed network behavior, organizations ensure granular segmentation won’t disrupt legitimate traffic, but it will break the attack chain.  

Albert Estevez: After you are segmented, an application can only communicate with these specific assets through these specific ports. There are no other endpoints available. You cannot scan the infrastructure to find vulnerabilities because everything is closed. Contained by default – you cannot discover or communicate with other parts of the network unless a policy explicitly allows it. 

Governing AI agents with the same identity-based, least-privilege controls that apply to human users ensures they can only reach what they explicitly need to reach, through the ports they're permitted to use. If an agent deviates from its approved communication baseline, the connection is blocked, drastically shrinking the agentic attack surface.  

These strategies give security leaders a clear, provable answer to questions about Mythos, Daybreak, and any other frontier AI models that may come next. In a network architected for containment, it doesn’t matter how many vulnerabilities are discovered – attackers still have nowhere to go.  

Network Security for the AI Era: Strengthening Cyber Resilience with Zero Networks  

Mythos and Daybreak have set a new capability baseline. The organizations that remain resilient in this evolving threat landscape will be the ones that respond with something more durable than an accelerated patching plan: lateral movement is blocked by default, and we can show exactly how far any attacker could go. 

Zero Networks’ automated, identity-based microsegmentation stops lateral movement and contains any attack – human or AI – to keep the business running. With Zero, security teams get complete AI visibility, deterministic control, and built-in containment to neutralize the risk of machine-speed vulnerability discovery and exploitation.  

To see how Zero Networks gives defenders the advantage in an era defined by Mythos and Daybreak, request a demo.