What if Mythos is the harbinger of cyber insurance’s death? – but just not the way you’re thinking
17th April 2026Something has changed in the last few months with AI. Whether it’s the newest models, broader adoption and experimentation, or a combination of those and other factors, Artificial Intelligence suddenly seems very real. Example: we’re working on a new product which requires a special-purpose policy administration system. The basic platform architecture build was days (vs months or years). An instant journey from configuring another’s to coding ours. From renting to owning. We’ll see if it works in production, but either way, I can’t unsee what I’ve seen. The future has arrived, and I’m ready to embrace it.
And then BOOM, the future is on hold! Anthropic won’t even release Mythos because it’s too damn powerful. It’s outpacing decades of manual/semi-automated security tool development and research, noting that in pre-release testing it autonomously identified a slew of zero-day vulnerabilities (some of them Millennials!) across a variety of widely used technologies; in the wild, it could empower threat actors in a way that’s never been seen before. However, as part of their Project Glasswing, Anthropic is releasing it to just 40 key companies; these companies will be able to use Mythos to assist in identifying and remediating vulnerabilities prior to broader/public release of the model.
When I read that bit of news, two questions immediately formed: 1) Hey, what about that handful of other companies out there (besides the lucky 40 getting a test drive)? And 2) What if Mythos is the beginning of the end of cyber insurance? What if all the handwringing around AI and cybersecurity implications is for naught? What if we just found out that AI will soon identify all existing software vulnerabilities in the universe? And given the acceleration in AI coding competency, how long until it can autonomously patch all existing software vulnerabilities? Just as fast as its little multicore processors can carry it… And if it can identify and fix all vulnerabilities, and is the lead-horse for ALL FUTURE CODE GENERATION, are we entering the golden age of secure software development, where software vulnerabilities simply no longer exist?
As scary an idea as AI-empowered threat actors may be for a cyber underwriter, perfect security is even scarier! No losses, no premium.