An AI model has already completed a 32-step cyberattack on its own with a 30% success rate.
Now, for anyone non-technical reading that, here’s what it actually means. A “32-step attack” isn’t one hack. It’s a chain of actions getting in, moving through systems, escalating access, and reaching something valuable. Historically, that required a skilled human attacker, time, and coordination.
This AI did it by itself. And it worked nearly one in three times. That’s Claude Mythos.
Developed by Anthropic, it’s not just another AI tool, it represents a shift in how cyber threats are created, scaled, and executed. The concern isn’t just its capability, but how quickly those capabilities can be used in the real world. Reports of unauthorised access have already surfaced, which tells us something important:
This isn’t theoretical anymore. From an MSP perspective, this changes the conversation. For years, cybersecurity has been about staying ahead patching vulnerabilities, improving detection, strengthening controls. But tools like Mythos introduce a new dynamic: speed at scale. AI doesn’t get tired. It doesn’t slow down. And it doesn’t need years of experience to execute complex attacks.
That means the gap between discovering a vulnerability and exploiting it is shrinking fast. And when that happens, traditional approaches start to struggle. Take patching, for example. Most organisations still operate on cycles monthly updates, scheduled maintenance, prioritisation queues. But if vulnerabilities can be found and weaponised almost instantly, that window of exposure becomes far more dangerous.
Then there’s identity. Modern attacks aren’t just about getting in they’re about becoming something trusted once inside. Whether that’s a user, an admin account, or even an AI-driven service identity, privilege is what turns access into impact. And this is where Mythos becomes particularly relevant. Because once an AI can chain attacks together, it doesn’t just stop at entry. It keeps going escalating, moving, expanding until it reaches something valuable. That’s not a future risk. That’s a capability that already exists.
The broader implication for the industry is clear: we’re entering an era where cyberattacks can be automated, scaled, and repeated at speed. Not by elite attackers. But by anyone with access to the right tools. For MSPs and security teams, this creates both a challenge and an opportunity. The challenge is obvious keeping pace with threats that move faster than ever before. But the opportunity is just as important. Because in this new landscape, the organisations that win won’t be the ones that try to eliminate every vulnerability. That’s not realistic.
They’ll be the ones that reduce impact. That means:
Claude Mythos isn’t the end of cybersecurity. But it is a clear signal that the rules are changing. And in a world where attacks can think, adapt, and act at speed… Control matters more than ever.
Need a partner that’s proactive about your security?
Let’s start a conversation.
