As Anthropic’s Mythos and other platforms change cyber operations and reshape enterprise security, cybersecurity pros need new skills to keep up. Industry leaders note that AI fluency, human oversight and operational expertise will become critical.
In a few short weeks, Mythos upended the cybersecurity community.
On April 7, artificial intelligence firm Anthropic announced its latest large language model (LLM), dubbed Mythos, which the company claims has advanced cybersecurity capabilities to detect vulnerabilities – including zero-day flaws – across a variety of applications and operating systems.
In one case, the company detailed how the Mythos model found a 27-year-old flaw in the OpenBSD operating system. Anthropic also noted that this LLM can find vulnerabilities in various applications and convert them into active exploits.
With this potential set of powerful capabilities, Anthropic originally planned to limit access to Mythos to a handful of large companies and organizations, including Amazon, Google, Microsoft, Apple and the Linux Foundation. Almost immediately, however, the initial announcement faced a backlash from governments and cybersecurity watchers concerned about how sophisticated threat actors and nation-state groups could exploit Mythos if they gained access to the LLM.
The U.K.’s AI Security Institute (AISI) noted that when its analysts tested Mythos’ capabilities, they found that “it could execute multi-stage attacks on vulnerable networks and discover and exploit vulnerabilities autonomously – tasks that would take human professionals days of work.”
The concern about Mythos also reached the upper tiers of the White House, which has taken a light regulatory touch to AI technologies and safety for the last 18 months. The release of this new Anthropic LLM, however, unnerved some officials and has prompted the White House to consider an executive order that could limit access to these newer, more advanced AI models, according to The Wall Street Journal.
U.S. officials have also asked Anthropic to limit access to Mythos for the time being.
The Mythos announcement – coupled with OpenAI detailing GPT-5.5-Cyber – comes as AI technologies and platforms continue to reshape the cybersecurity industry, as well as security professionals navigating a job market increasingly disrupted by these developments.
Over the last several years, AI has taken over some entry-level cybersecurity positions, while more advanced roles require specialized training to meet job requirements. As AI changes the way enterprises do business, government regulations have crept up, giving rise to professionals with experience in areas such as governance, risk and compliance (GRC).
“The rise of AI platforms like Mythos is going to fundamentally reshape cybersecurity roles over the next five years, but not in the way many people assume,” Heath Renfrow, co-founder and CISO at security firm Fenix24, recently told Dice. “AI will absolutely automate portions of security operations, particularly around data correlation, investigation acceleration, workflow orchestration, and repetitive analyst tasks. However, the bigger shift is that cybersecurity professionals will increasingly be expected to think like resilience engineers and business operators, not just technical defenders.”
SUBHEAD: Mythos and Changing Roles for Cybersecurity Professionals
For now, Mythos remains in limited release through Project Glasswing, which includes a small number of companies and security researchers who are testing the model.
Despite the hype around the announcement and the backlash that followed, there is also some skepticism about what Anthropic and other AI companies have built and what effects it will have on cybersecurity. Security researcher Marcus Hutchins, for example, posted on LinkedIn about what it means to find a 27-year-old vulnerability and whether it could be truly exploited.
Still, based on what is known, several cybersecurity experts note that Mythos and other LLMs will accelerate certain aspects of the security process, especially around discovery, triage and analysis.
While the cyber skills and expertise security organizations prioritize are changing, AI does not eliminate the need for human experts entirely, said Diana Kelley, chief information security officer at Noma Security.
“We’re already seeing a shift away from purely repetitive, entry-level cybersecurity tasks toward higher-context work involving threat modeling, event investigation, agentic governance, validation, and operational decision-making,” Kelley told Dice. “The future security practitioner will increasingly need to understand how to work alongside AI systems, how to use AI to optimize their own work, and how to recognize when those systems fail, hallucinate, or behave unpredictably.”
In years past, the cybersecurity industry prioritized prevention and detection. The increasing use of AI is compressing the time required to execute attacks and defensive analysis, which means organizations can no longer rely solely on humans manually stitching together alerts, telemetry and response decisions, Renfrow added.
“The future CISO will need teams capable of understanding operational dependencies, recovery sequencing, identity security, business continuity, and how to maintain operations during disruption – not just how to identify malicious activity,” Renfrow noted.
What these new LLMs show is that cybersecurity is in an evolutionary phase where security leaders are working to better understand their tech stacks and AI’s real capabilities. At the same time, not every AI security tool is effective, especially bolted-on AI features inside traditional products and narrow AI-native tools that only address a slice of a security program, said Randolph Barr, CISO at Cequence Security.
This is why cybersecurity professionals need to understand the rapid changes AI has brought, though not every tool will solve every problem.
“The deeper shift is agentic: AI agents are entering enterprise environments whether security teams are ready or not, and each agent is effectively a new persona, a ‘mini-me’ acting on behalf of a user, with that user's access, running 24/7 at machine speed,” Barr told Dice.
SUBHEAD: Why AI Fluency Is Becoming Essential for Cybersecurity Careers
John Gallagher, vice president of Viakoo Labs at Viakoo, noted that recent data from ISC2 found that 90 percent of organizations report that they lack cybersecurity professionals who have the skills they need, especially around AI.
At the same time, AI platforms and tools are expanding the attack surface and creating new vulnerabilities and risks for organizations. While Mythos and other LLMs can address these issues, Gallagher noted that many organizations still require “human-in-the-loop” processes to ensure that virtual chatbots are performing the right tasks.
“AI becoming more integrated into cybersecurity operations will probably be closer to how machines – such as in the Industrial Revolution – or computing – starting in the 1970s – impacted employment. In both cases, despite serious concerns that it would crater employment for existing workers, it actually did the opposite; introduction of new technologies often can increase overall human employment because they can expand what the team or organization is capable of doing,” Gallagher told Dice. “For the next couple of years, and potentially for the foreseeable future, the introduction of agentic AI into cybersecurity operations will be highly positive – reduced risk to the organization, resources to address threats being ignored, expanded focus on governance and architecture, and faster response time to incidents.”
Noma Security’s Kelley noted that when it comes to cybersecurity jobs, having fluency in AI is similar to how professionals built up their cloud computing fluency a decade ago, as that technology went mainstream and organizations shifted away from on-premises computing.
“The long-term opportunity is less about AI replacing cybersecurity professionals and more about cybersecurity evolving into a field where AI fluency becomes a core professional skill,” Kelley added. “The best way to future-proof a cybersecurity career right now is to actively learn these systems, understand how they fail, and develop the skills to safely and effectively use and govern them.”
When thinking about Mythos and other LLMs, Ram Varadarajan, CEO at Acalvio, noted that these developments have sparked a long-term arms race between defenders and adversaries that will not end anytime soon.
“The looming – indeed, accelerating – factor that becomes a priority is that as agentic AI models now execute complex workflows with minimal oversight, the threat surface shifts from human error to autonomous misbehavior,” Varadarajan added. “The essential defensive skill for cyber professionals and technologies alike will be detecting emergent misalignment before it becomes systemic risk.”
