After Claude Mythos: Where Defensive Security Actually Falls Short | Part 2

Part 1 of this series covered what Claude Mythos Preview actually did — the specific vulnerabilities, the emergent capabilities, and the system card findings that matter for practitioners. If you have not read it, start there.

This is Part 2. It is not a list of things to worry about. It is an honest assessment of where most security programmes have genuine gaps right now, and what closing them actually requires. Part 3 covers the same ground for board members and the C-suite.

Where the Gaps Are

Legacy Code Is No Longer “Low Risk by Default”

Security teams have long operated an implicit triage logic: newer, internet-facing systems carry the highest risk; older, internal systems that “have never been breached” carry lower priority. The FreeBSD NFS and OpenBSD findings dismantle that logic directly. Both systems had not just been reviewed — they had been continuously, expertly reviewed for between 17 and 27 years. The vulnerabilities survived.

In our experience, the systems most organisations are least confident assessing are the ones with the longest operational histories: custom middleware written for a previous technology generation, bespoke integrations that sit between modern and legacy stacks, and internal APIs that were scoped out of the last five penetration tests because “they’re not customer-facing.” Those are the systems that now need re-examining, with fresh eyes and current methodology.

Social Engineering Has Changed and Most Awareness Programmes Have Not

Deepfake attacks on financial institutions increased 243% year-on-year. AI-generated content now accounts for over 80% of social engineering activity by volume. The training most employees received — look for typos, check the sender domain, be suspicious of urgency — was calibrated for a different threat. The tells that awareness programmes trained people to spot are no longer reliably present.

Updating social engineering defences is not a matter of adding a module to an annual training programme. It requires testing people against realistic AI-generated scenarios, establishing verification protocols for high-value requests that do not depend on voice or appearance recognition, and building organisational habits that hold under pressure.

What Good Looks Like in Practice

1. Map your AI attack surface before someone else does. Every AI system in your environment — sanctioned or shadow — needs to be in your asset inventory. You cannot assess what you have not found.
    
2. Commission AI-aware penetration testing. If your current testing provider cannot demonstrate methodology for AI-enabled attack vectors and LLM application assessment, that is a gap worth addressing before your next engagement.
    
3. Run a tabletop against an AI-speed adversary. Use the November 2025 campaign as a template. Ask honestly: at which point does your detection and response capability break down when the attack does not pause for weekends?
    
4. Audit your legacy exposure. Identify systems that have not had a deep security review in the past five years. Prioritise network-exposed systems and anything with access to sensitive data. Age and internal positioning are no longer adequate risk mitigants.
    
5. Start mapping to OWASP LLM Top 10 and MITRE ATLAS now. The NIST Cyber AI Profile is still in development; waiting for it to be finalised before acting is a choice with a cost.
    
6. Apply Zero Trust principles to AI agents. Following Microsoft’s March 2026 reference architecture, AI agents should be treated as autonomous actors: verified identity, continuous behavioural monitoring, strict least-privilege access, hard network segmentation. Not trusted insiders.
    

At Corsaire, we are building AI-aware assessment methodology into our core service delivery — not as a separate AI product, but as a capability that applies across penetration testing, red team, and assurance engagements. If you want a direct conversation about where your programme stands, we would rather have that now than after an incident. Reach us at corsaire.com.  Part 3 covers the same questions in terms that work for board members, risk committees, and the executives who commission security programmes.

Disclaimer: The technical analysis in this article is based on publicly available information as of April 2026. Corsaire has not had direct access to Claude Mythos Preview. This article is for informational purposes and does not constitute security advice for any specific environment.