
The cyber risk conversation has changed materially in the last few months. Anthropic’s Mythos launch confirms that frontier models can materially improve vulnerability discovery and exploitation, while the UK AI Security Institute has already clarified that Mythos Preview could complete complex multi-step cyber tasks that earlier models could not. Now, this is not a single-vendor issue: open-weight challengers such as GLM-5.2 are being reported as near-frontier on real cyber tasks, which means capability is beginning to diffuse beyond tightly controlled labs. That is why Five Eyes agencies are now warning that the cyber impact of frontier models is “months, not years” away.
This matters because the threat collides with an already overloaded vulnerability landscape. Cisco points to a 2026 forecast of roughly 59,000 new CVEs, which means more flaws, more noise and less time to decide what actually matters. Static vulnerability management and periodic compliance reviews will also be unable to keep up in this environment. Thus, the industry challenge is no longer just finding weaknesses; it is triaging, validating and fixing the right ones before they are chained into real attack paths.
Defence is accelerating too
OpenAI has expanded Daybreak to help “democratise patching vulnerable software at machine speed” - moving AI from discovery toward validated patch management remediation. OpenAI’s Cyber model can identify vulnerable components, assess reachability, validate issues in controlled environments, develop patches and prepare evidence for human review.
But this does not remove the underlying risk. Trusted-access defensive models are still gated, attackers increasingly have strong open-weight alternatives and machine-speed patching still depends on governance, testing and safe deployment into production. In practice, the bottleneck shifts from “finding vulnerabilities” to operationalising remediation at scale.
What effective CTEM and vulnerability governance now looks like
This is where a CTEM-based governance model becomes essential. NCSC’s vulnerability-management guidance reinforces a practical lifecycle: identify, prioritise, remediate or mitigate and verify. In the post-Mythos era, that lifecycle needs to run continuously, with stronger governance, clearer ownership and faster decision-making.
In practice, organisations need to move from vulnerability reporting to vulnerability governance:
-
Identify — continuously discover assets, services, identities and dependencies, because unknown assets cannot be protected.
-
Prioritise — focus on exploitability, reachability and business impact, not CVSS alone, so teams work on the exposures that threaten essential services.
-
Remediate or mitigate — enforce timescales, manage exceptions formally and combine automation with human change control so fixes can move faster without losing governance.
-
Verify — confirm that fixes worked, track remediation to completion and retain evidence for operational and board assurance.
Mastek is helping highly regulated UK firms, including healthcare firms, to mitigate these risks. Utilising our experience, we have also created our lightweight CTEM accelerator (VulnGuard) to help our customers move faster. VulnGuard is designed to support faster vulnerability governance by helping teams identify, prioritise, track and verify remediation activity across the enterprise.

The answer is not to choose between exposure management and security fundamentals; it is to combine machine-speed prioritisation with the baseline controls that still determine whether a vulnerability becomes a contained issue or a business-impacting incident.
Those fundamentals still matter because even strong prioritisation will not prevent every compromise. Organisations still need:
-
Privileged access management (PAM) — minimise standing privilege, separate admin accounts, monitor administrative activity and apply stronger controls to privileged access paths.
-
Network segmentation — break networks into smaller trust zones to control traffic flow and limit lateral movement, particularly between critical services and higher-risk environments.
-
Automated hunts across historical logs - centralise and retain logs, validate monitoring coverage and proactively analyse historical authentication, network and endpoint activity for evidence of exploitation, abnormal admin behaviour or missed indicators.
-
Incident response readiness — maintain clear playbooks, escalation criteria and containment authority so teams can act quickly when exploitation is suspected.
-
Recovery discipline — protect backups from tampering, keep segregated or offline copies where appropriate, regularly perform test restores and feed lessons learned back into the wider security programme.
A realistic operating model in the post-Mythos era should include: CTEM-based prioritisation and governance, reinforced by strong baseline controls and resilient response processes.
A 100% compliance snapshot will not keep organisations safe. What matters is a strong baseline and a repeatable process for identifying, containing, fixing and recovering from new vulnerabilities quickly across the enterprise.
Stay ahead
This landscape is now moving week to week, not year to year. To help customers keep pace, we publish a weekly threat intelligence advisory covering frontier-AI cybersecurity developments, emerging exploitation techniques and high-priority vulnerabilities, with practical guidance for security and executive teams.