Mythos found thousands of vulnerabilities — some undetected for nearly three decades
"The model discovered thousands of previously unknown software vulnerabilities — flaws that had sat undetected in major operating systems and web browsers for as long as nearly three decades." That disclosure, and Anthropic's decision not to release its most powerful model, Mythos, underscores the practical gap between capability and safe deployment. Anthropic said Mythos was too dangerous to deploy broadly because the same capabilities that let it find and fix security flaws could let attackers exploit them. The company warned a single AI agent could scan for weaknesses faster and more persistently than hundreds of human hackers.
AI agents are already credentialed actors: Operator, Gemini, and Visa's platform
The systems many firms are deploying as helpers — scheduling appointments, writing code, managing workflows — are not experiments. OpenAI's Operator navigates websites on behalf of users, Google's Gemini can plan a family vacation "while you sleep," and Visa unveiled Intelligence Commerce Connect to let AI agents do shopping for consumers. The article is explicit: these are shipping products that act on behalf of real people, and to do so they need identity and credentials.
Security built for "a human hand" is now serving robots
Much of corporate and consumer security evolved from a single bedrock assumption: a person was on the other end of the keyboard. Passwords, security questions, biometrics and two‑factor authentication were layered on top of that assumption. The piece uses a concrete image: buildings full of locks designed to recognize human hands, now filled with robots—some authorized couriers, some intruders. That metaphor captures the central mismatch: current identity systems authenticate humans, not autonomous agents acting at machine speed.
Adversaries will "log in," not break in — scale shifts toward attackers
AI agents break the human assumption in two directions. Legitimate agents need credentials to act. At the same time, adversaries can fake humanity at scale: the same AI that impersonates a helpful assistant can be a malicious impersonator. The author stresses the practical risk: attackers rarely need to "break in" when they can simply log in through shared credentials, hiring pipelines, vendor onboarding portals and collaboration tools. The economics favor attackers — one person can now supervise hundreds of autonomous systems, each running a valid persona across multiple interactions. A single operator can field "a hundred synthetic employees for the cost of one real salary." In short, the remaining barrier to large‑scale impersonation is access to a capable model and a set of stolen credentials.
How some organizations are adapting
Not all organizations are standing still. A set of operational practices is already emerging: treat AI agents less like anonymous software and more like new employees; catalog every agent in the environment; limit permissions; require human approval for sensitive actions. Security teams are moving beyond passwords to phishing‑resistant authentication that ties access to a known device and a verified user. They are also building behavioral baselines so anomalous actions — for example, a customer‑service bot suddenly querying a financial database, or a new hire accessing source code on day one — trigger alerts. Those changes accept the tradeoff that stronger identity controls can raise friction: customers may abandon transactions and employees might chafe at extra verification steps. The stated goal is not to halt automation, but to ensure the systems acting in an organization's name are actually authorized to do so.
What this means for technologists, policymakers, and procurement leaders
- Technologists and security teams: Expect to inventory and treat agents as principals, enforce least privilege, deploy phishing‑resistant authentication, and construct behavioral baselines to distinguish human from machine action.
- Policymakers and regulators: Regulators and customers "will not accept 'we're not sure' as an explanation" when compliance logs cannot determine whether a decision was authorized by a person or a bot; that creates pressure for standards and verifiable audit trails.
- Procurement leaders and enterprise risk officers: Procurement workflows that cannot distinguish a human manager from an AI impersonator risk issuing purchase orders under false authority; vendor onboarding and hiring pipelines should be reassessed as potential paths for logged‑in attackers.
The practical test Devin Lynch poses is straightforward and stark: the systems that continue to assume a human hand types a password will face real consequences as agents act faster, more persistently and more convincingly than people. "Organizations that can verify identity continuously — not just at the door, but at every action, for every actor, human or machine — will have a durable advantage. The ones that cannot will find out what ambiguity costs." The choice for enterprises is clear in operational terms, if hard in practice: rebuild identity for a world of agents, or accept the ambiguity attackers will exploit.
