Key Takeaways
- Advanced AI models like Claude Mythos Preview could dramatically accelerate vulnerability discovery, reshaping the cybersecurity landscape.
- Project Glasswing highlights growing concerns about managing AI-enabled security risks at scale.
- ResOps helps shift organizations from reactive defense to proactive resilience and recovery.
- Cybersecurity tools focus heavily on prevention, while recovery capabilities remain underdeveloped.
- In an AI-enabled world, the ability to recover quickly from disruption will define operational success.
Anthropic’s new Claude Mythos Preview model is reportedly powerful enough to identify vulnerabilities in software systems in seconds. In early testing, the company claims the model was able to break out of its containment environment and email an engineer about the event.
Given these potential risks, Anthropic is limiting access to a small group of large organizations through Project Glasswing. The goal: stay ahead of the security implications of a world where vulnerability discovery and exploitation may become trivial.
This shift strengthens the case for resilience operations (ResOps™). It could fundamentally change how organizations approach cybersecurity.
In a recent LinkedIn post, “The Beginning of the End of Cybersecurity,” Jen Easterly, CEO of RSAC and former director of CISA, argues that today’s cybersecurity industry is built to identify, defend against, and respond to software defects.
In effect, it compensates for gaps in software quality and secure development practices. If models like Claude Mythos Preview perform as described, their ability to surface vulnerabilities at scale could significantly disrupt today’s security tooling landscape.
A recent STRIVE episode – Evidence Over Hope: Will Your Recovery Plan Hold Up Under Pressure? – echoes this concern. Organizations have invested heavily in tools to prevent attacks, yet relatively little innovation exists “right of boom” – the capabilities required to recover the business when disruption inevitably occurs.
Why ResOps?
ResOps is an organizational discipline that embeds resilience into daily operations. It shifts organizations from passive, reactive backup strategies to an active, continuous model.
Traditional IT operations focus on efficiency. ResOps focuses on surviving failure. It brings together security, infrastructure, and operations teams around a common goal: Identify the organization’s minimum viable business – the critical systems, data, and processes required to operate – and enable those services to be restored quickly and cleanly after a disruption.
Most operational disciplines optimize for when systems work as expected. ResOps is designed for when they don’t. Its core question is simple: Can you recover each critical service right now – with confidence and evidence?
What Does the Future Hold?
If Easterly’s perspective proves accurate – that cybersecurity largely compensates for software defects – then technologies like Claude Mythos Preview represent more than incremental progress. They signal a structural shift in enterprise risk.
AI may help reduce the time between vulnerability discovery and remediation. It may even eliminate certain classes of software flaws. But it does not remove the risk of outages, misconfigurations, identity compromise, or cascading failures in complex systems. And it does not replace the operational discipline required to respond and recover.
Failure will still happen. That reality makes ResOps more important – not less. As prevention becomes more automated, resilience becomes the differentiator. Organizations will no longer be measured solely by their ability to block attacks. They will be measured by how effectively they recover – restoring critical services and trusted data under real-world conditions.
Cybersecurity aims to keep threats out. ResOps prepares you for when they get in. In an AI-accelerated world, the ability to survive and recover from failure may be the most important operational capability an organization can build.
Read more in our Readiness Report, Evidence Over Hope: The Executive Case for Resilience Operations, and learn more about the ResOps discipline on the Readiverse.
FAQs
Q: What is Project Glasswing, and why does it matter?
A: Project Glasswing is an initiative by Anthropic to limit and study access to powerful AI models capable of identifying software vulnerabilities. It matters because it signals a future where vulnerability discovery becomes fast and widespread, increasing both defensive and offensive risks.
Q: What is ResOps, and how is it different from traditional IT operations?
A: ResOps is a discipline focused on enabling organizations to survive and recover from disruptions. Unlike traditional IT operations that prioritize efficiency, ResOps prioritizes continuity and rapid recovery of critical services.
Q: How could AI impact the future of cybersecurity?
A: AI may significantly reduce the time needed to detect and fix vulnerabilities, potentially disrupting existing security tools. However, it does not eliminate risks like outages or misconfigurations, making recovery capabilities even more important.
Q: Why is recovery becoming more important than prevention?
A: Despite heavy investment in preventive tools, disruptions still occur. As threats evolve and automation increases, organizations will be judged more on how quickly and effectively they can restore operations after an incident.
Q: What does “right of boom” mean in this context?
A: “Right of boom” refers to the phase after an incident has occurred, focusing on response and recovery. It highlights the gap in innovation around restoring business operations compared to preventing attacks.
Q: How can organizations start adopting ResOps?
A: Organizations can begin by identifying their minimum viable business – critical systems and data – and building processes to restore them quickly. This involves aligning security, IT, and operations teams around resilience-focused goals.
Jason Meserve is Director of Social Marketing at Commvault.
