Traditional Cyber-Defense Models Failing to Keep Pace in the Mythos Era: Infosys Study Finds

Infosys Warns of Breakdown in Traditional Cybersecurity Models Due to AI Acceleration

Traditional enterprise cybersecurity models built around the cycle of "discover, disclose, patch" are beginning to break down as powerful "Mythos-class" AI systems accelerate vulnerability discovery and exploitation, according to a new report from Infosys' Responsible AI Office.

The report, The Cybersecurity Singularity: An Enterprise Assessment of Mythos-Class AI, said enterprises are entering a phase where artificial intelligence (AI) systems can identify software flaws at a pace that legacy security processes may struggle to match. The report noted that enterprises are entering a phase where AI systems can identify thousands of high-severity vulnerabilities across major operating systems and browsers, including flaws that had remained undetected for decades.

Read also: Treasury Yields Experience Largest Increase in Two Weeks Following Release of Labor Market Data

Infosys' comments come after Anthropic announced Claude Mythos Preview through Project Glasswing earlier this year but chose not to make the model generally available because of concerns around its dual-use potential. The report emphasized the need for "governed, controlled, and accountable" security systems built with earlier discovery, defensive automation, and tighter vendor controls.

Syed Ahmed, global head of the Infosys Responsible AI Office, wrote in the report that the message for every enterprise leader is now unambiguous: AI capability has outpaced legacy security rhythms, and the cost of delay is rising. The report said enterprises would increasingly move toward automated vulnerability scanning, remediation, and monitoring models, describing the trend as the emergence of VulnOps (Vulnerability Operation) management capabilities.

Infosys also warned that small gaps in third-party controls, governance processes, and software release discipline could become major enterprise risks as AI systems become more capable. Ashish Tewari, head of Infosys Responsible AI Office for APAC, Middle East, and India, emphasized the importance of governing and controlling security systems before scaling them up.

The report highlighted concerns around AI agent ecosystems and supply-chain vulnerabilities, pointing to a critical flaw discovered in Anthropic's Model Context Protocol (MCP), which demonstrated how AI agents could widen attack surfaces when adoption outpaces security controls. The report also noted that the broader regulatory environment around AI governance is tightening globally, with countries including the US, UK, Australia, and China increasingly focusing on AI safety, transparency, deep-fakes, and responsible deployment frameworks.

Read also: US-Iran Tensions Spark Uptick in Oil Prices Amid Global Market Decline