Claude Mythos Is Not the Watershed, Your Infrastructure Operating Model Is

The reaction to Anthropic’s Claude Mythos Preview has focused almost entirely on what AI can now find. Thousands of zero-day vulnerabilities, discovered autonomously, across every major operating system and browser. A 27-year-old flaw in OpenBSD, surfaced in minutes. A capability that independent evaluators are calling a step-change in offensive security.

That’s the wrong conversation.

Vulnerability discovery was never the bottleneck. Remediation was. And the gap between what AI can find and what enterprises can actually deploy across their infrastructure just widened by orders of magnitude. The watershed moment isn’t Mythos. It’s the operating model – specifically, the move to agentic operations – every security and infrastructure leader is now going to have to reckon with.

The Math No One Is Doing

Here is what the industry conversation has missed.

Before Glasswing, the average enterprise patch cycle for a critical CVE took weeks to months. Patches arrived at a manageable cadence. Operations teams could absorb them with the existing mix of scripts, runbooks, scheduled change windows, and manual coordination across multi-vendor environments. The system worked – not because it was good, but because the input rate was bounded.

That bound is gone.

Glasswing partners are about to start shipping patches at a velocity their customers’ operations teams have never had to absorb. And in 6 to 18 months, when Mythos-class capability is broadly available – including to attackers – the window between vulnerability disclosure and active exploitation collapses toward zero.

The asymmetry is the threat. AI finds vulnerabilities in minutes. Patches ship in hours. But most enterprises take weeks to deploy them across tens of thousands of devices spanning Cisco, Juniper, Arista, Palo Alto, Fortinet, Aruba, and the rest of a typical multi-vendor estate. That deployment gap is the new attack surface.

It’s worth asking the honest question that I think every CISO needs to put to their team this quarter: if Cisco shipped a critical patch tomorrow, how long would it take to deploy it across every affected device in the fleet – with proper validation and rollback? For most organizations, the answer is “weeks, and we’d cut corners on validation to do it that fast.”

The Alan Turing Institute reached the same conclusion in its analysis of the Mythos announcement: the strongest defensive response is to build pipelines that can patch at machine speed and scale. They’re right. The follow-up question is what those pipelines actually look like.

Why Scripts & Runbooks Won’t Survive This

Most enterprises today execute infrastructure change through some combination of scripts, runbooks, and manual coordination across teams. That model was never designed for governed, multi-vendor change at the velocity Glasswing implies. It worked because the input rate was tolerable. Once the input rate increases by an order of magnitude, the model breaks in three predictable ways:

• Scripts don’t scale across vendors. A patch that requires coordinated ACL changes on Cisco, Palo Alto, and Fortinet devices isn’t one script – it’s several, each maintained by a different person, none of which were written with a common policy framework. At low volume, that’s manageable. At Glasswing-era volume, it’s a backlog generator.
• Manual runbooks introduce human latency at exactly the moment latency is most expensive. The mean time to deploy a patch across a global infrastructure estate isn’t bounded by the patch – it’s bounded by the people coordinating it. Those people are good. They are also finite.
• Unsupervised AI agent access is worse than the problem it’s trying to solve. “We’ll just give the AI agent direct access to push changes” turns automation into a much larger Sev1 waiting to happen than the vulnerabilities the patches were meant to close.

There is a better architecture, and it has a clear principle underneath it: agentic reasoning needs deterministic execution underneath it. You want AI to decide what to do, faster. You absolutely do not want AI deciding how to do it, unsupervised, on live production infrastructure.

What an Operating Model for the Glasswing Era Looks Like

There are five capabilities every enterprise will need to operationalize over the next twelve months. None of them are speculative. They’re how the most operationally mature enterprises already run their networks. Glasswing is making them table stakes.

1. Vulnerability-to-Remediation Pipelines

When a vendor discloses a critical CVE, the response shouldn’t be “open a ticket and start a project.” It should be a workflow that validates the patch in a staged environment, generates the configuration changes for every affected device across every vendor, pre-checks them against policy, and rolls them out in coordinated change windows measured in hours, not weeks.

2. Event-Driven Response

Security telemetry from your existing SIEM, EDR, and XDR stack should be able to trigger governed quarantine and isolation workflows automatically. The decision logic about what to isolate can be agentic. The execution – actually pushing changes to firewalls, switches, and access policies – has to be deterministic, validated, and reversible. Anything else is a different kind of incident.

3. Continuous Configuration Enforcement

A meaningful percentage of what AI will exploit isn’t novel CVEs – it’s misconfiguration drift. Devices that fell out of policy three months ago and nobody noticed. Continuous validation against a golden configuration removes that surface automatically and reverses unauthorized state changes before they become an exploit path.

4. A Governance Gateway for AI on Infrastructure

This is the most important and most overlooked. As Mythos-class capabilities proliferate, every enterprise will eventually run AI agents that recommend or attempt to execute changes to infrastructure.

You cannot give a black-box AI direct access to your routers and firewalls. You need a control plane between agent intent and infrastructure execution that validates every proposed action, simulates its impact, logs it for audit, and can reverse it. The enterprises that build this layer will be able to take advantage of agentic capability without inheriting agentic risk. The ones that don’t will face a worse choice than the one they have today.

5. Hardening the Legacy Estate

The world’s critical infrastructure runs on memory-unsafe code that won’t be rewritten this decade. We don’t get to opt out of that reality. The defensive answer is automating the deployment and continuous enforcement of segmentation and access policies around that code, at the cadence the new threat model requires. Shrinking the attack surface dynamically is the only realistic counter to an exploitation timeline that has already collapsed.

Three Things That Separate Itential From the Rest of the AI Response

This is the operating model Itential has been building toward for years – well before Mythos was an industry conversation. The Glasswing era didn’t create the category. It made the category urgent. Three things separate the Itential Platform from what every other automation vendor will be claiming over the next 90 days.

The Architecture Was Designed for Governed Agentic Action

Most automation platforms in market today were built before agentic AI was a serious operational concern. Their “AI strategy” is a layer added on top of a product designed for a different era – usually a chat interface, sometimes a copilot for writing playbooks, occasionally a wrapper around an LLM API. None of that is the same thing as architecting for AI agents that take action on production infrastructure with policy controls, simulation, audit, and rollback built into the execution path itself.

The Itential Platform is built around three layers – agentic reasoning, deterministic execution, and integration and connectivity – with governance and insights running across all of them. FlowAI is where AI agents reason about what needs to change. The deterministic execution layer underneath ensures every change is validated, policy-checked, and reversible before it reaches production. The architecture isn’t a response to Mythos. It’s the spine the platform was designed around. It happens to be exactly the architecture the Glasswing era needs.

The Reach is Multi-vendor, Multi-domain, & Real

A patch deployment problem in 2026 is not a Cisco problem or a Juniper problem or an AWS problem. It is a Cisco-and-Palo-Alto-and-Fortinet-and-Arista-and-Juniper-and-AWS-and-Azure problem, triggered by a single disclosure, executed in a single coordinated change window. Vendor-bound automation platforms cannot solve that problem – they were never designed to.

Itential is one of very few platforms whose customers run governed automation across every layer of their estate through one workflow engine and one policy framework. That isn’t a feature. It’s the operational moat the Glasswing era is about to make visible.

The Proof is in Production

Itential is running today inside some of the most complex enterprise infrastructure environments in the world – global financial institutions, service providers operating at carrier scale, Fortune 500 enterprises managing tens of thousands of network and security devices across multi-vendor estates. These are the customers who are going to navigate the next twelve months gracefully. They figured out the operating model before Mythos forced everyone else to figure it out.

The bridge from “AI knows what to do” to “AI does the right thing on real infrastructure” is the entire problem the Glasswing era has just made impossible to ignore. It is the problem we exist to solve, and the architecture we were built to solve it with.

The Choice in Front of Every Security Leader

The next twelve months are going to sort enterprises into two groups. The first will have built remediation infrastructure that operates at machine speed. They will spend the Glasswing era patching faster than attackers can exploit. The second group will spend it explaining to their boards why their patch SLA hasn’t kept up with their threat model.

Mythos didn’t create this problem. It made it impossible to ignore.

If your patch cycle is still measured in weeks, it’s worth asking what changes about that calendar. The answer isn’t more people. It’s the operating model.

Key Takeaways

• Vulnerability discovery was never the bottleneck. Deployment was – and the gap just widened by orders of magnitude.
• Glasswing partners will start shipping patches at velocities most operations teams have never had to absorb.
• Mythos-class capability is expected to proliferate from other AI labs within 6 to 18 months, including to attackers.
• The defensive answer is agentic operations: AI reasoning paired with deterministic, governed execution on infrastructure.
• Scripts, manual runbooks, and unsupervised AI agent access all break under the new threat model – for different reasons.
• Itential’s three-layer architecture was built for governed agentic action before the Mythos announcement made the category urgent.