The Unpatched Estate
Mythos has identified major software flaws across the IT ecosystem. For organisations running legacy, customised, or end-of-life systems, the exposure may have no scheduled resolution.
Apertura is a series of articles for board members and industry leaders. Articles in this series are for subscription members only. A preview of the catalogue is available here.
The Development: Anthropic announced the Claude Mythos Preview and withheld public release. The model demonstrated an autonomous capacity to identify and exploit previously unknown vulnerabilities across all major operating systems and web browsers, including flaws that had remained undetected in widely deployed enterprise software for up to 17 years. Anthropic reports that over 99% of discovered vulnerabilities remain unpatched. The model is currently accessible only to Project Glasswing partners, including JPMorganChase, AWS, Apple, Google, Microsoft, and Nvidia.
Bank of England Governor Andrew Bailey called on global financial regulators to assess AI cyber risk, stating Mythos could crack “the whole cyber risk world open.” The Bank of England, the FCA, the HM Treasury, and the NCSC jointly briefed major UK banks, insurers, and exchange operators. Within the same seven-day window, Singapore’s MAS, South Korea’s FSS, and Australian prudential authorities each independently activated cybersecurity reviews.
Considerations
For the vast majority of organisations, the Mythos risk does not arrive through access to the model. It arrives through vulnerabilities already mapped, in systems already running, with patches not yet available.
The governance record is being created now.
Regulators in four jurisdictions have independently engaged their sectors on Mythos risk. For boards of regulated entities, formal regulatory engagement creates a documented record: the absence of a governed response to material risk information constitutes a compliance gap that can be referenced directly in examinations or enforcement actions.
Exploitation is a matter of timing, not probability.
Bad actors do not need Mythos, as other AI models in their hands will weaponise the vulnerability classes it has exposed. Organisations outside the Glasswing cohort will receive no advance notice of a specific threat. When an exploit lands, 93% of large enterprises experience system-average downtime costs exceeding $300,000 per hour.
The change program must operate at a different speed.
As software vendors release patches through Glasswing-assisted remediation, the interval between patch availability and deployment becomes the primary window of exposure. Standard patching cycles were not built for this environment:
Quarterly and annual patching cycles leave the organisation exposed across every interval between vendor release and production deployment.
Critical patches must move from vendor release to production in days, not weeks. This is a board-level operational question, not a technology team assumption.
Monitoring must be configured to detect active exploitation before patches are available, not after an incident has been confirmed.
Software vendors should be engaged now in remediation timelines so that deployment planning can begin before patches are released.
End-of-life, unsupported, and modified systems may pose unresolvable exposure risks.
Where a vendor has ceased active development, patches will not arrive regardless of severity. Heavily modified or customised systems may not accept standard patches without significant rework, introducing delay or new instability.
The scale and cost of replacing these systems do not reduce exposure: core system replacement in large financial institutions typically runs into the hundreds of millions of dollars and takes three to five years to complete, yet 35% of institutions remain on systems they are dissatisfied with because replacement is so costly and disruptive.
For enterprise CRM and workflow platforms, a structured rollout for organisations with more than 2,000 employees costs $1.2 million to $4.5 million and takes 8 to 16 months under normal conditions. A forced mid-cycle remediation of a heavily customised instance carries no comparable cost or timeline baseline. For each system that cannot be patched or replaced in the near term, the board requires a documented position:
