Anthropic’s upcoming Mythos model just collapsed the cost of offensive cyber to less than a Shahed drone. The two decade race between exploit development and the patch cycle, the one thing that kept defense viable, is over. The 75% of vulnerabilities that offense used to throw away as “not weaponizable” are suddenly in play. Defense is about to relive 1999, except there are roughly 100x more targets and offense has a decades-deep shelf of discarded 0-day to pull out of the trash bin.

I wrote my first fuzzer in 1999, hunting bugs in TCP/IP stacks. Back then, cyber was scale-constrained: very few people understood vulnerabilities, fewer could code, and almost nobody could do both. You pointed a fuzzer at a target and exploitable bugs fell out. Dan Geer used to ask in every conversation whether vulnerabilities were “sparse or dense.” In 1999 they were dense, and defense responded over the years with broad mitigations: firewalls and IDS/IPS to deny attackers the reconnaissance they needed; NX to make exploits harder to build; ASLR to force them to be dynamically tuned per target.

By the late ‘00s, cyber commoditized and then industrialized. Michał Zalewski’s AFL generalized industrial-scale vulnerability research, and Google’s OSS-Fuzz subsidized the open-source ecosystem at scale. Discovery became a factory process, and an asymmetry emerged that nobody quite named at the time: vulnerabilities became defensively dense (lots to fix) but offensively sparse (few that actually weaponized). Offense was throwing away roughly three-quarters of discovered vulnerabilities because they couldn’t be turned into reliable exploits that worked in the real world.

The reason was a race against the patch cycle. Chrome ships every four weeks. If (re)weaponizing a working exploit takes two weeks, then the user is only exposed half the time. If it takes more than four, a user on the latest version is effectively never exposed. That race, exploit dev versus patch cadence, is the thing that kept defense viable for fifteen years. It is the load-bearing implicit assumption underneath every modern security program.

Anthropic Mythos just broke it.

What just changed

Anthropic’s project GlassWing focused the industry on how easily frontier models are finding bugs and generating exploits. The “finding bugs” part isn’t really a step change. Any reader of this post could have cashed in their 401k and bought a vulnerability in most software, and probably a proof-of-concept exploit too. What’s new is that fully weaponized exploits are now cheap, and more profoundly the three-quarters of vulnerabilities offense discarded as non-weaponizable are now weaponizable.

Sit with that. Offense has been throwing bugs in the trash for two decades. Defense is now in a race to discover and patch those vulnerabilities against an adversary who has a decades-deep trashbin of low-quality 0-day and can spend tokens generating exploits for it. Offense didn’t just receive rocket fuel for the race. Offense started with a multi-decade head start, and the race itself now runs on a clock measured in hours rather than weeks.

The economic frame matters too. A weaponized 0-day used to cost the labor of a small team of specialists for weeks every time the target software was updated. The marginal cost is now plausibly below the cost of a Shahed-136 drone, roughly $20–50K of physical hardware that nation-states are already comfortable burning by the thousands. Cyber capability used to be the expensive option. It’s now the even cheap one, and it scales without a supply chain.

The seams nobody owns

Here’s what I’m most worried about, and it isn’t what platform vendors and app builders are focused on. Everyone is hopefully pointing the new tooling at their own products. Nobody is pointing it at the seams between products.

When we ran DARPA’s Cyber Grand Challenge a decade ago, one hypothesis we wanted to test was whether vulnerabilities lived in the joints between independently-secure components. Application A sits on Platform P. Neither contains a vulnerability on its own. But the way data traverses the logic of both creates an exploitable condition that exists in neither codebase. CGC proved the seam surface is rich. It also proved seam vulnerabilities are rarely found. They are almost impossible to fix, because the moment you have two vendors you have an unanswered question: who owns it? Who patches? Whose stock price takes the hit when it gets reported?

I love these vulnerabilities because they look like business-logic exploitation. They abuse functionality that already exists but isn’t intended to be as influenceable as it is. Concrete example: you’ve probably noticed that abandoning a shopping cart triggers a discount email a few hours later, and that the discount gets bigger if the retailer’s inventory system projects end-of-season excess. A SQL attack that corrupts inventory reconciliation to inflate projected excess, and therefore inflate the discounts offered to attacker-controlled accounts, is a business-process attack. No money technically changes hands at the moment of exploitation. No CVE gets filed. No vendor is unambiguously at fault. Policy, law, and regulation are nowhere near this, especially for the cases where the attack moves organizational state rather than dollars.

This is the class of problem regulators should be asking platforms to publish methodology on, not CVE counts. CVE counts measure the wrong thing in a world where the most consequential attacks don’t generate CVEs.

Anthropic’s upcoming Mythos model makes this entire class economically viable for the first time.

Mobile is the canonical seam at scale

Look at your phone. Count the apps. Count the ones that can send you a message: your robot vacuum that pings you when it’s stuck on a kid’s sock, your thermostat, your garage door, your dog’s fitness tracker. Each one is an attack surface against the device underneath it, and each one is a seam between a third-party developer, a platform OS, and an app store that nominally vouches for both.

Historically, the app ecosystem hasn’t been operationally useful to offense for two reasons. First, there are simply too many apps to staff vulnerability research and exploit dev across, and each update can break exploitation. Second, targeting is brutally manual: getting a malicious message to a specific person’s robot vacuum requires bespoke per-app reconnaissance, account association, and device discovery. You usually don’t even know a priori which vacuum your target owns.

Expert cyber reasoning systems collapse both problems. Coverage scales because the model does the per-app work. Targeting scales because the model does the reconnaissance. Every app that can deliver a notification becomes a viable vector to the device underneath it, and the device in question is increasingly the one in someone’s pocket during a sensitive meeting.

What defenders should actually do

I don’t want to leave this as offense-side commentary, because the people who need to act on it are defenders. Four moves for this quarter:

Reprice your bug bounty. If your program still pays a fraction for “low-severity, not weaponizable” findings, you’re using 2015 economics in a 2026 threat model. Those bugs are now ammunition. Pay to take them out of the problem space.

Compress patch cadence past where it’s comfortable. The four-week Chrome cycle worked when exploit dev took weeks. Assume it now takes hours. Anything slower than weekly on internet-facing surfaces is a gift to offense, and within three months I expect “weekly” to feel as quaint as “monthly” feels today. Plan the engineering org for continuous shipping if they aren’t already.

Get a seam owner. If your product sits on a platform, or is a platform, somebody needs to be specifically tasked with adversarial analysis of the joints. Not your code. Not their code. The interaction. This role does not currently exist on most security teams. It should.

App Store operators: this one is for you. Apple, Google, and Microsoft, you have spent a decade telling regulators and users that your review processes make your app stores safe. That claim was defensible when per-app exploitation was manual and expensive. It is not defensible now. You are about to be the only entity with the visibility, the standing, and frankly the business model exposure to do meaningful security testing across the long tail of apps on devices you ship. Price it in now, build the team now, and get ahead of the regulatory conversation that’s coming. The alternative is having that team built for you by legislation, and you will not like the version legislators write.

Party like it’s 1999

In 1999, offense was cheap because defense hadn’t really been invented yet. In 2026, offense is cheap again; but this time defense exists, has budget, has regulation, has two decades of institutional muscle, and is about to discover none of it was priced for this. The fifteen-year truce between exploit dev and the patch cycle is the load-bearing assumption underneath every security program, every compliance regime, and every cyber insurance policy written since 2010. Most defenders didn’t even know it’s what held the floor up. It’s gone. Nothing built on top of it is going to age well.

Platforms, you’re about to find out you’re the perimeter. Regulators, you’re about to find out how poorly the CFAA has aged. Defenders, you’re about to find out how fast your org can actually ship.

It’s going to be a hell of a party. The guest list is everyone with a cell phone.