• Jamie Moles, Senior Technical Manager at ExtraHop


• 27.05.2026 04:30 pm
#CyberSecurity #AI

The arrival of advanced autonomous models like Mythos has fundamentally altered the geometry of the cyber landscape. As these systems move from experimental stages into the core of the public and private sector, they introduce vulnerabilities that legacy security frameworks are ill-equipped to address. This creates a precarious risk profile for Critical National Infrastructure (CNI), where the stakes of a breach extend far beyond data loss.

While rapid progress in artificial intelligence is essential for economic growth, the rollout of such influential technology necessitates a rigorous approach to risk oversight. Securing infrastructure against threats moving at machine speed requires a deep reassessment of current defensive architectures. It also demands immediate, open collaboration between AI developers and state regulators. A failure to harmonise these safety protocols risks creating a permanent security deficit where the agility of attackers consistently outstrips response speeds.

The industrialisation of exploit discovery

The timeline for vulnerability exploitation has undergone a radical compression. Threat actors can now automate to uncover zero-day flaws in a matter of seconds, a pace that renders traditional human-led security operations obsolete. This trend poses a direct threat to the government and financial sectors, which often function on a complex web of interconnected legacy systems which are particularly vulnerable to automated reconnaissance.

Because modern AI models can parse millions of lines of source code almost instantaneously, any undocumented flaw or unpatched entry point becomes a high-priority target. Malicious actors can now compromise network integrity without ever alerting standard monitoring systems. This capability effectively turns the speed of data processing into a weapon, making it impossible for manual update cycles to offer any meaningful level of protection against a persistent adversary.

Mythos has already exposed thousands of high-risk vulnerabilities within enterprise environments, many of which had remained hidden for decades. The model has proven it can chain minor flaws in the Linux kernel to achieve full system takeover. It has also identified remote execution paths in hardened systems like OpenBSD. While these milestones prove the technical prowess of the model, reports of unauthorised access and international efforts to replicate this technology have sparked a digital arms race. Organisations must now prepare for a future where the gap between the discovery of a bug and its active exploitation has effectively vanished.

Addressing regulatory friction

Legislation by itself is insufficient to bridge the capability gap opened by autonomous offensive tools. Deploying frontier models like Mythos without enforceable safety benchmarks creates a systemic weakness in national security. Currently, legislative bodies like the UK Parliament are finding it difficult to set the parameters for responsible development. A UK Treasury Committee report recently highlighted the dangers of a passive regulatory stance, warning that failing to act would leave the financial system open to severe disruption. The committee noted that AI-driven trading could cause market instability by encouraging herd behaviour among firms relying on the same unregulated providers.

The stability of the state depends on the resilience of the financial and government sectors. If these pillars are weakened by the use of unverified autonomous tools, the resulting social and economic fallout will be significant. To prevent AI-induced market volatility, the Treasury Committee has proposed mandatory, AI-specific stress tests. Developers have a duty to work alongside regulators to ensure their models meet these rigorous safety criteria. Beyond legal compliance, technology firms must be proactive about the transparency of their training data to maintain the trust of the citizens they serve.

Transitioning to real-time behavioural defence

Securing critical systems in this new era requires a move away from perimeter-focused security. Organisations must prioritise continuous, real-time visibility into internal network traffic. When autonomous tools use valid administrative credentials to move through a network, traditional static defences fail to stop them. Instead, security teams need deep network context built on established behavioural baselines. This allows them to spot subtle anomalies at high speed, identifying malicious intent the moment it appears and allowing the Security Operations Centre (SOC) to stay ahead of the attack.

The industry average for containing a breach currently stands at 241 days. Reducing this window requires a shift from reactive indicators to real-time analysis of network behaviour. Security professionals need an objective, unblinded view of all traffic to catch deviations as they occur. When the system detects a risk, it can trigger precise, automated responses. This might involve isolating a compromised asset or killing a suspicious data session to quickly stop the spread of an attack. This level of granular control is the only effective way to neutralise the speed and agility of agentic offensive tools.

Ultimately, protecting the foundations of the state requires an admission that cyber risk is an operational reality. Beyond compliance audits, leaders must invest in tools that offer total transparency and defence across every system. True resilience comes from an assume-breach mindset where constant monitoring and automated response are the default. Through deeper cooperation between the public and private sectors, cybersecurity can become the resilient backbone of national and economic stability.