AnthropicMythosBreakstheCost-of-AttackAssumption

◆ DEEP DIVES

1. 01

   Your Security Stack Just Became Transparent — Three Vectors, One Quarter to Respond

   The Capability Discontinuity

   The honest read on this week's results is that the curve broke upward, not that it continued. Anthropic's Mythos became the first model to clear both of the UK AI Security Institute's simulated attack ranges — full autonomous network takeover, not persistence. OpenAI's GPT-5.5 cleared one. Both are outperforming a curve that already doubled AI cyber task completion every few months. The researcher consensus, confirmed across multiple intelligence sources, is that models now find and chain exploits in something close to real time.

   The security posture assumptions written into the last board pack were drafted against a threat model that no longer describes the ground. Rewriting them now is cheaper than defending them later.

   Three Independent Failures

   Vector 1: EDR Architecture. TrustedSec ran LLMs against five commercial EDR products and found the same internals in all five — YARA-style rules, behavioral logic, allowlists, Lua scripted engines readable after a single decryption pass. Work that took a skilled reverser weeks now takes days. The category ran on security-through-obscurity. The obscurity left.

   Vector 2: Exploit Velocity. PraisonAI was actively targeted within 4 hours of disclosure. Microsoft's MDASH found 16 exploitable flaws in a single Patch Tuesday using multi-model AI analysis. Patch SLAs written for 30-day windows are now being measured against 4-hour weaponization. A honeypot dressed as an AI stack was indexed by Shodan in 3 hours and absorbed 113,000+ attacks per month.

   Vector 3: Platform Restructuring. OpenAI launched Daybreak with CrowdStrike, Palo Alto Networks, Cisco, Cloudflare, Oracle, Zscaler, Akamai, and Fortinet. The board-deck version is that this is a partnership. The complete version is that within 3-5 years, today's security vendors risk becoming feature providers on OpenAI's platform.

   The Defender's Dilemma

   The Foxconn breach, with 8TB exfiltrated from a single contract manufacturer holding Apple, Google, Intel, and Nvidia designs, settles the question of whether this is theoretical. The AI infrastructure layer — LiteLLM, Ollama, OpenClaw — already carries 5 KEV entries and was adopted faster than security review could keep pace. An 18-year-old RCE in NGINX's rewrite module confirms that foundational infrastructure auditing has systematic gaps.

   Mozilla found 271 real bugs in Firefox using custom Claude harnesses. The same model scanning curl produced 1 low-severity CVE. The variable is the harness, not the model. Organizations building target-specific AI scanning infrastructure get real outcomes. Those buying generic AI scanning get slide decks.

   ---

   The NSA Signal

   Congress is holding closed-door Mythos demos, and access routes through NSA, not CISA. The government is prioritizing offensive and intelligence operations over civilian defense, which means the private sector is on its own for several years. The same hearings mark the leading edge of a multi-year federal buying cycle.

   Action items

   • Commission a red team exercise specifically targeting your EDR with AI-assisted reverse engineering — scope the actual detection gap within 60 days
   • Compress critical vulnerability patch SLAs from 30+ days to 72 hours for internet-facing assets
   • Build custom AI vulnerability scanning harnesses for your 3 most critical codebases by end of Q3, following Mozilla's pattern
   • Map your strategic position relative to Daybreak — determine whether OpenAI becomes your security vendor or your security vendor's vendor
   • Inventory all AI infrastructure tooling (LiteLLM, Ollama, model registries) adopted without security review — bring under standard governance immediately

   Sources:Clint Gibler · The Information AM · CyberScoop · AINews · SANS AtRisk · The Hacker News

2. 02

   The Agent Execution Layer Is Being Claimed — Positioning Decisions Have an 18-Month Window

   The Collision

   SAP and ServiceNow stopped talking past each other this week. Both are explicitly pitching themselves as the execution layer — the surface where AI agents touch systems of record and actually do things. SAP bet €100M and a Knowledge Graph on vertical integration. ServiceNow adopted MCP servers as the headless communication standard for Action Fabric. These are incompatible theories of how the agent economy organizes: open interoperability vs. data-moat integration.

   Agents that act across finance, HR, IT, and procurement need one authoritative place to reconcile state. Two authoritative places is zero authoritative places.

   The Data That Settles The Debate

   Vercel's AI Gateway production index confirms that 59% of all token volume is now agentic workloads. More than half of production AI is agents taking actions, not humans having conversations. A product strategy still built around 'add a chatbot' is optimizing for the minority case.

   Anthropic captures 61% of spend (expensive Opus reasoning). Google captures 38% of volume (cheap Flash throughput). That bifurcation is structural. Model selection is now a routing optimization, not a strategic choice. The strategic choice moved one layer up — to who owns the orchestration surface.

   Platform Moves This Week

   Company	Move	Bet
   ServiceNow	MCP-based Action Fabric	Open interop wins
   SAP	Knowledge Graph + €100M fund	Data moat wins
   Apple	Agent App Store gating	Distribution control
   Google	Gemini Intelligence on Android	OS-level agent layer
   Notion	Developer platform for agents	Workspace as host
   Intercom	Rebrand to 'Fin'	Agent IS the company

   Apple's Constraint Layer

   Apple is inserting itself at the agent layer on 3 billion+ devices this summer. The framing tells you everything: Apple is addressing agents that 'spin up smaller apps on the spot after approval.' That language treats agent sub-spawning as both a safety risk and a revenue leak. For any product shipping consumer-facing agents on iOS, this is a new constraint that needs pricing into unit economics before WWDC turns it into a fait accompli.

   The Value Migration

   The a16z thesis quantifies it: $150B of GTM value migrating from CRM to orchestration layer. Lemkin's working data: 80% fewer human seats, 83% higher total spend, 20+ agents running. The CRM stops being where work happens and becomes where work is recorded. Switching costs migrate from data lock-in to workflow/reasoning lock-in — which is stickier because institutional context is prohibitively expensive to rebuild.

   Action items

   • Conduct an 'agent readiness' audit of your platform — can third-party agents discover, invoke, and orchestrate your workflows without a human UI? Report findings by end of Q3
   • Evaluate MCP as a strategic investment for your platform roadmap — build or integrate MCP server capabilities within 90 days
   • Model per-action/per-outcome pricing scenarios and pilot with 3-5 customers this quarter
   • Audit your iOS agent roadmap against Apple's likely fee/approval structure — model into unit economics before WWDC

   Sources:TLDR IT · a16z · Simplifying AI · TLDR · ben's bites · Techpresso

3. 03

   Enterprise AI Economics Are Structurally Broken — The Governance Gap Is Now the Strategy Gap

   The Budget Problem Is Structural, Not Cyclical

   ServiceNow burned through its full-year Anthropic budget by May, five months into a twelve-month plan. That is not one buyer's miscalculation. Anthropic does not offer SLAs, does not provide usage telemetry, and had nothing to say when an enterprise customer publicly described the blowout. A company valued at hundreds of billions is deliberately optimizing for capability over enterprise readiness, and the customers are funding that choice.

   The capacity math explains the experience. Anthropic grew 80x against a planned 10x, which means operating at roughly 12% of required capacity for extended stretches. Developers in that window were getting degraded service, rate-limited output, and probably lower-quality responses without disclosure. Productivity gains measured in that period understate what adequate provisioning would deliver.

   We are in the equivalent of cloud computing circa 2014: powerful capabilities, wildly unpredictable economics, and a governance vacuum that creates real financial exposure.

   The Hidden Cost Multiplier

   Every major AI provider has now converged on Palantir's forward-deployed-engineer model. Google is hiring hundreds of FDEs. OpenAI acquired a 150-person consulting firm. ServiceNow and Salesforce are building FDE teams. The market has collectively admitted that AI deployment is a human-intensive problem and stopped pretending otherwise.

   At $300-500K loaded cost per FDE, and 5-10 needed for meaningful deployment, the true cost of an AI program lands at 3-5x the model fees. Boards approving AI envelopes off token costs are approving a fraction of the actual spend.

   The Data Foundation Gap

   The board-deck version is that 85% of organizations are spending millions on agentic AI without adequate data foundations. The complete version is more useful. In the PDC survey of 334 practitioners asked what they need most, 4.8% said better tools. The remaining 95.2% asked for training, clearer requirements, more time, and dedicated ownership. This is an organizational problem being treated as a technology purchase.

   Netflix and Meta independently converged on identity-based, team-owned data governance, replacing brittle ACLs and human-owned identities with durable app identities. That is the prerequisite for letting an AI agent read and write data without tying permissions to a human's next job change. Most organizations have not started that migration.

   The FOMO Dynamic

   A reasonable skeptic would point out that companies always overspend when they fear a competitor will figure out the economics first, and that this looks like classic bubble psychology. The skeptic is correct, with one saving grace: AI spend is uniquely reversible. Unlike a cloud migration or an ERP implementation, token consumption can be cut to zero overnight. The enterprise AI revenue base carries a fragility that model-company valuations do not price in. For buyers, that optionality is an asset, provided the workflows underneath can still function without the model.

   The xAI Signal

   Elon Musk agreed to lease 220,000 GPUs (45% of Colossus) to Anthropic, a company he has publicly called 'misanthropic and evil.' When financial logic overwhelms competitive logic at that scale, GPU supply has become a financial instrument first and a strategic moat second. Excess infrastructure is moving onto the lease market, and that should reshape compute economics for enterprises over the next 12-18 months.

   Action items

   • Conduct an immediate audit of all AI model consumption spend vs. budget with per-team and per-use-case attribution — deliver findings to CFO within 30 days
   • Renegotiate AI vendor contracts to include SLAs, committed pricing tiers, and usage telemetry requirements before next renewal
   • Commission an agentic AI readiness audit focused on data quality, lineage, and governance maturity — restructure data ownership with dedicated modeling roles
   • Model true AI deployment cost at 3-5x model fees and present revised investment envelope to board before Q3 budget planning

   Sources:Laura Bratton · The Pragmatic Engineer · TLDR AI · TLDR Data · StrictlyVC · Martin Peers