Get in touch

Mythos and the changing cybersecurity narrative

The B2B tech market is moving fast. Marketing and sales teams need to keep up with emerging technologies, while also understanding what types of messaging decision makers trust.

Each month, we explore the issues shaping real-world technology decisions, drawing on insight from 100 IT leaders in our expert network, the Vanson Bourne Community.

Welcome to the June edition of Signals.

This month, we set out to understand:

  • How aware IT decision makers are of Anthropic’s Mythos and Project Glasswing
  • How emerging AI models are changing cybersecurity priorities and operational challenges
  • Where technology vendors need to focus to build trust and deliver value

 


The vulnerability surge

For organisations, the promise of Anthropic’s Mythos is obvious: faster discovery, better visibility and a clearer view of where risks sit. But more vulnerabilities found means more remediation work to prioritise and more pressure on teams that are already being asked to do too much.

The cybersecurity goalposts shifted when AI became mainstream. Mythos has shifted them further. Are organisations ready to deal with the consequences? Are vendors?

To find out, we asked 100 UK IT decision makers from the Vanson Bourne Community how emerging AI models are changing their view of cybersecurity risk, strategy and vendor support.

 

A poisoned chalice?

On paper, AI-enabled vulnerability discovery should be of huge benefit. It enriches cybersecurity teams with improved visibility, faster identification and a better chance of finding flaws before somebody else does.

But it also has the potential to be a poisoned chalice.

The NCSC’s secure AI system development guidance warns that AI systems bring novel security vulnerabilities and that security must be treated as a requirement across design, development, deployment and operation. NIST’s AI Risk Management Framework makes a similar point from a governance angle: risk management is not a one-off exercise, but rather a continuous discipline.

That matters because Mythos has changed the framing of the conversation from a tidy debate about whether AI will help security teams to a more uncomfortable question: what happens when AI starts finding weaknesses faster than organisations can understand, prioritise or fix them?

84% of IT decision makers say the cybersecurity threat landscape is likely to become significantly riskier for their organisation over the next 12 months.

At the same time, 71% agree that emerging AI models such as Mythos will require their organisation to fundamentally change its cybersecurity strategy over the next 2 to 3 years.

AI systems like Mythos are delivering the biggest cybersecurity shake-up in years, beyond just adding another tool to the SOC, but instead forcing a rethink of the operating model.

For vendors and marketers, this is the first messaging trap to avoid. Do not make “AI finds more vulnerabilities” sound like the whole story. Customers already understand the discovery story. The sharper question is what happens when discovery creates more operational pressure than the team can absorb?

 

 

Illuminating the backlog

Mythos is a gamechanger in vulnerability discovery, but discovery was never the whole job.

Security teams do not need a longer list of things that might be broken. They need a reliable way to decide what does and doesn’t matter and who owns the decision when the queue gets ugly.

84% agree that the greatest challenge created by emerging AI models such as Mythos will be acting on findings rather than discovering them.

This is the downstream consequence of AI-enabled discovery. It can make detection look brilliant while making response look painfully exposed. Finding more is not the same as fixing more.

 

“That whole ‘finding more vulnerabilities’ is good, thinking about the after is more important. The vulnerabilities were always there but it’s how they are addressed and risks mitigated that is key.”

Senior ITDM  |  Manufacturing sector |  1,000-2,999 employees

 

Human in the loop

There is a lazy version of the AI story where machines do the work, humans step back, and everyone gets to pretend efficiency is the same as control. Cybersecurity is unlikely to be that neat.

90% agree that emerging AI models such as Mythos will increase the importance of human oversight and decision-making within cybersecurity teams.

The phrase “human in the loop” gets thrown around a lot, sometimes as a reassurance and sometimes as a disclaimer. In this context, it needs to mean something more practical. It means expert judgement at the points where risk, context, business impact and accountability collide.

90% also believe emerging AI models such as Mythos will increase pressure on IT and cybersecurity teams. AI may reduce some manual discovery work, but it increases the number of decisions that need to be made and monitored.

 

“Don’t just jump on the AI bandwagon. Deliver end-to-end solutions that include human oversight.”

ITDM  |  IT and telecoms sector  |  5,000+ employees

 

Vendors should focus on AI as a way to strengthen expert judgement, not replace it. Put people where the hard decisions are: triage, prioritisation, remediation approval, exception handling and governance.

 

Glasswing: the power to move vendor consideration

Project Glasswing gives vendors a new credibility marker. Not a universal one, and not one that every customer will care about. But it is already moving consideration.

Amongst our respondents, 20% are very aware of Mythos and Project Glasswing and a further 37% are somewhat aware. In other words, 57% have at least some awareness of a development that only recently entered the conversation.

Of those, 71% say a technology vendor’s participation in Project Glasswing would increase their consideration of that vendor as a potential supplier. 18% say it would significantly increase their consideration. It should be of no surprise to anybody that if a vendor is close to the frontier of AI-enabled vulnerability discovery, customers are more likely to pay attention.

 

 

Glasswing participation cannot be the whole message, but it is a license to start a harder conversation.

Organisations are asking vendors to help turn machine-speed findings into business-speed decisions by helping security teams to avoid drowning in alerts, dashboards and half-prioritised risk and by showing where vendor capabilities actually change outcomes.

If you are involved in Project Glasswing, say what it practically means for customers. If you are not, explain how you are preparing for the same capability shift. Either way, do not let the conversation stop at participation. The proof has to travel all the way to customer impact.

 

The conversation is too quiet

Customers expect the world to change, but the vendor conversations are still too shallow.

 

Vendors are still working out what Glasswing, Mythos and similar developments mean for their own roadmaps. But customers are not waiting for a perfect answer, they are looking for practical, credible guidance that separates useful action from AI theatre.

 

“Start giving real world solutions and not just strategic points. Anyone can give these. To navigate the next 12 months, we need real actions and solutions.”

ITDM |  Financial services sector |  3,000-4,999 employees

“Don’t overhype, or scaremonger.”

ITDM |  Professional services sector  |  5,000+ employees

“They have to be able to prove their claims as so many talk a good game but cannot deliver on what they say.”

Senior ITDM |  Financial services sector  |  5,000+ employees

 

Proof wins confidence. As is so often the case, vendors need case studies, measurable outcomes, realistic limits and evidence that their tools work under pressure, not just in a launch deck.

 

Drowning downstream from detection

Organisations know the detection surge is coming. They also know that already overstretched cybersecurity teams will be depending on vendors for the tooling, workflows, expertise and response support needed to turn findings into fixes.

 

 

Confidence is not universal. 67% say they are confident in their organisation’s ability to remediate vulnerabilities before they can be exploited. But 29% are not confident. That is a lot of exposed organisations in a world where the speed of discovery is moving up.

 

 

Vendors need to show the path from finding to fixing. Threat detection may open the door, but remediation and response will decide who stays in the room. The brands that stand out will help customers move from insight to action without pretending that action is easy.

 

Sting like a bee

Mythos has made the future of vulnerability discovery feel uncomfortably close and Project Glasswing has made vendor credibility part of that story. But customers are not asking for a frontier AI victory lap. They want help with the hard, boring, business-critical work that starts after the model finds something. Find it. Prove it. Prioritise it. Fix it. Govern it. Repeat.

 

Signals for tech marketers:

1. Move beyond detection

Finding more vulnerabilities is no longer enough, with buyers increasingly focused on what happens after discovery. Messaging should give equal weight to prioritisation, remediation and response.

2. Position AI as an expert’s ally

Human oversight isn’t being replaced by AI, instead it is becoming more important. Show how your technology strengthens decision-making and governance rather than removing people from the process.

3. Turn innovation into customer impact

Participation in initiatives like Project Glasswing can build credibility, but customers quickly move beyond badges and partnerships. Explain what your AI capabilities actually enable customers to do differently.

4. Lead with practical guidance

Many organisations expect AI to reshape cybersecurity, yet relatively few are having in-depth conversations with vendors. This is an opportunity to educate customers with practical advice rather than AI hype.

5. Help customers move from finding to fixing

The brands that stand out will help customers prioritise, remediate and manage threats, not just find them. Position your value around operational outcomes, not just technical capability.

 


 

Signals is our regular snapshot of what IT leaders are thinking and prioritising. Each month, we survey 100 UK IT decision makers across sectors, from organisations with 100+ employees. All are members of our expert network, the Vanson Bourne Community, giving you direct insight from the humans at the heart of tech.

Read more articles from our series below:

February: What’s shaping tech purchasing decisions in 2026?

March: The cost of inertia: Why “doing nothing” is your biggest competitor in 2026

April: In a world of automated touchpoints, do human interactions matter more than ever?

May: Collaboration, credibility and AI security: what turns vendor partnerships into trust?

If you’d like to explore how these shifts are playing out in your sector, or go deeper into the data behind this edition, we’re always happy to continue the conversation.