The Mythos Moment can be defined as the moment when industry fully realized that human security has no chance of matching the speed and volume of AI-assisted cyberattacks.
The CSA responded to the Mythos Moment with advice in The ‘AI Vulnerability Storm’: Building a ‘Mythos-ready’ Security Program. It wrote, “Introduce AI agents to the cyber workforce across the board enabling defenders to match attackers’ speed and begin closing the gap.”
This is good advice if you can do it. From within the thousands of vulnerabilities being found, only some will be relevant to any one environment, and even fewer will be exploitable within that configuration. These are the vulnerabilities that need to be remediated fast – the rest can be safely ignored (at least for the time being).
The difficulty is finding and fixing exploitable vulnerabilities while keeping pace with the new vulnerabilities being continuously discovered or introduced. Agentic AI Red Teaming offers a theoretical solution but would require a deep knowledge of each infrastructure concerned.
Frontier models are brilliant generalists, but they don’t know individual clouds. So, an agentic system must be designed specifically for its user’s own environment. Security teams then have the additional problem of maintaining the agents’ contextual knowledgebase.
Sweet Security is offering a potential solution, simultaneously providing automated continuous agentic red teaming built on an automatic and detailed knowledge of each client’s own infrastructure – Sweet Attack.
“Since day one, Sweet has been indexing runtime data directly from inside our customers’ environments: runtime topology, unencrypted Layer 7 exposure, deployed source code, identity paths, and live application behavior,” Sweet explains. “That index is the substrate the agent reasons over. A frontier model on its own can hypothesize about an environment; Sweet Attack knows the environment.”
Sweet Security automatically provides and maintains the full context necessary for Sweet Attack to operate. The agent doesn’t have to guess on attack paths through the environment to exploit the vulnerability. It can see, says Sweet, “The roads most traveled, where the water actually runs – not theoretical paths with no data behind them. There’s a heuristic guiding which options and traversals are worth exploring, and which aren’t. It only goes where there is a path worth walking.”
Since this is done by a machine at machine speed continuously, there’s no waiting for the next scheduled human red team operation, nor concern over tiredness, boredom, stress or any other human condition that could result in something present being missed.
“Other tools enumerate every possible path. Sweet Attack finds the ones an attacker would actually take,” Yigael Berger, chief AI officer at Sweet Security, told SecurityWeek, “because it’s reasoning over the real environment, not a model of one.”
This real environment is the complete environment, including any shadow IT and shadow AI that may be unknown to the human Red Team. Sweet Attack discovers runtime assets and behaviors that might not be formally documented, including shadow AI components, AI agents, MCP servers, tools, packages, APIs, and other infrastructure elements – including itself.
It does this continuously and rapidly. If DevOps introduces a new vibe coded app, or if an employee quietly downloads a SaaS app, Sweet Attack will reevaluate potential attack paths as soon as any new component appears in the runtime environment.
Knowing which vulnerabilities can be exploited by understanding any and all attack paths that can reach them provides a timetable for vulnerability remediation. Inconsequential vulnerabilities can be ignored, knowing they will continuously be reevaluated if new additions to the infrastructure create new attack paths.
One beta tester, the CISO at Cast & Crew, commented that his environment had employed third party red teamers annually, always resulting in clean reports. “Sweet Attack ran for three days and surfaced fully exploitable attack chains those engagements never came near. It did not end there – Sweet Attack gave us a concrete mitigation and remediation action plan that had us completely secure within two hours.”
The purpose of Sweet Attack is to do what the CSA recommends: “begin closing the gap” between AI-assisted attackers and AI-assisted defenders. It is available now to Sweet Security customers.
Related: ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks
Related: The Mythos Moment: Enterprises Must Fight Agents with Agents
Related: Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos
Related: Furl Raises $10 Million for Autonomous Vulnerability Remediation
