惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
O
OpenAI News
V
Vulnerabilities – Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
S
Schneier on Security
Latest news
Latest news
F
Full Disclosure
T
Tenable Blog
T
Troy Hunt's Blog
The Last Watchdog
The Last Watchdog
S
Secure Thoughts
L
LangChain Blog
有赞技术团队
有赞技术团队
Project Zero
Project Zero
Cloudbric
Cloudbric
爱范儿
爱范儿
GbyAI
GbyAI
C
CXSECURITY Database RSS Feed - CXSecurity.com
T
The Exploit Database - CXSecurity.com
S
Security @ Cisco Blogs
Hugging Face - Blog
Hugging Face - Blog
Recorded Future
Recorded Future
大猫的无限游戏
大猫的无限游戏
Last Week in AI
Last Week in AI
C
Cisco Blogs
WordPress大学
WordPress大学
Apple Machine Learning Research
Apple Machine Learning Research
小众软件
小众软件
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V2EX - 技术
V2EX - 技术
Engineering at Meta
Engineering at Meta
Spread Privacy
Spread Privacy
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hacker News: Ask HN
Hacker News: Ask HN
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Schneier on Security
Schneier on Security
T
Threat Research - Cisco Blogs
M
MIT News - Artificial intelligence
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
K
Kaspersky official blog
The Hacker News
The Hacker News
V
V2EX
F
Fortinet All Blogs
L
LINUX DO - 最新话题
Cisco Talos Blog
Cisco Talos Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
N
News | PayPal Newsroom
博客园 - 三生石上(FineUI控件)
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Mythos and the Defender Time That Vanished
김형운 · 2026-04-28 · via DEV Community

On April 7, 2026, Anthropic released Claude Mythos Preview into Project Glasswing, a limited-access program. Twelve launch partners — AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, and Anthropic — got first access, with 40+ additional organizations behind them. No Korean firm appears on the list.

In Anthropic's own evaluations, Mythos autonomously found thousands of zero-day vulnerabilities across every major operating system and web browser, including a 27-year-old integer overflow in OpenBSD's TCP SACK implementation. It produced a working proof-of-concept on the first attempt 83.1% of the time. Anthropic called the model "too powerful to release publicly" and held it back from general availability.

Sixteen days later, on April 23, Korean CISOs gathered at the 2026 CISO Insight Forum. This piece reads the Forum for the structural shifts it surfaced, organized around the changes themselves rather than the speaking order.


1. Two things Mythos changed

Traditional vulnerability discovery had three steps. Discovery of a candidate flaw. Validation that it's real. Exploitation — building a working PoC. Each step needed different people, different tools, different context. The friction between them was the defender's grace period.

Mythos collapses all three into a single agentic loop. The published scaffold is minimal: an isolated container with no internet, the target source code inside, a one-paragraph prompt asking the model to find a security vulnerability. Then you let it run. The model reads code, hypothesizes, executes the program to confirm, drops into a debugger, and outputs a bug report with a working PoC.

Two things changed here.

One, the human time between discovery and exploit is gone. Time cost was tied to human salary and human learning curves. Defender patch windows were sized against that friction. Remove the friction and the patch SLA needs a new unit of measure.

Two, the cost floor for attacks collapsed. Anthropic's published numbers put 1,000 OpenBSD scans at under $20,000. For comparison: a 2025 enterprise penetration test runs $10K–$35K. So one pentest's budget covered 1,000 sweeps of a single major OS. Run the same math against every major open-source project and the picture writes itself. Risk models that assumed "attacks are expensive" need to be redrawn.

The same capability serves defenders, but almost no Korean CISO has access to a Mythos-grade tool. Capability arrives at attackers first and at defenders later. That asymmetry is policy, not technology.

Attack cost collapse
Figure 1. Pentest budget vs. Mythos cost — the assumption "attacks are expensive" no longer holds.


2. Korean AI policies sit on top of Generation 1

Korean enterprises spent the last 18 months drafting AI usage policies that assume Generation 1 — the user asks, the model answers. "Review AI-generated content before sending." "Don't paste customer data into ChatGPT." Rules built on top of single-shot Q&A.

That isn't where AI is going. Generation 2 is agentic execution: the user states a goal, the model plans and acts. Vibe coding lives here. Generation 3 is multi-agent: a high-level objective, agents talking to other agents to produce results.

Generation 3 can't be governed by Generation 1 rules. By the time a human is in the loop, dozens of agent decisions have already happened. Auditing what an agent did becomes a forensic problem, not a real-time control problem. That requires agent activity logs at a granularity most organizations don't have. Korean enterprises included.

There's a trade-off. Companies that block Generation 3 lose the productivity race. Companies that adopt it without audit infrastructure lose the compliance race. There's no middle path without new tooling.

Vibe coding produces a parallel rule. Don't hand-edit AI-generated code. The moment you do, the agent's context breaks. The next agent edit lands on top of your edit and the code degrades faster. Push corrections back through the agent. That's a real shift in what code review means, and most security teams haven't internalized it yet.

AI policy generations
Figure 2. AI usage policies were drafted for Generation 1. Real usage has moved past it.


3. The unit of attack surface has changed

Frontier models now process text, audio, video, documents, meeting recordings — all in a single pass. The change that creates is a change of unit.

Thinking about attack surface in units of "this codebase" or "this document" no longer holds. The new unit is everything that flows into a single model invocation, regardless of where that data physically sits. If it's in the same session, it's in the same exposure.

There's another trade-off here. Restrict context and you restrict your own analysts' capacity. Mythos-grade vulnerability discovery doesn't work without the model reading a full codebase in context. The same property creates the offensive risk and the defensive capability. The right move isn't input restriction, it's logged exposure with scoped controls — knowing which data went into which model call.

Shadow AI deepens this problem. SBOMs run on the assumption that you know what software is running inside the company. Shadow AI breaks that assumption a level deeper than shadow IT ever did. An employee uses ChatGPT or Claude through a personal account on a personal device, then pastes the output into work systems. The "tool" never touches the corporate network.

So the control point has to move. Not "what tools are employees allowed to use," but "what data are they allowed to handle". That's an HR and labor-policy problem before it's a technical one.


4. Board reporting is now a legal requirement, and translation doesn't carry the room

In 2026, Korean law moves board-level security reporting from "good practice" to "legally required." Three changes drive it. The Personal Information Protection Act now requires CPO appointment and dismissal to go through the board, and adds a board reporting obligation for privacy posture. The Information & Communications Network Act adds a parallel reporting obligation for information protection status. The Electronic Financial Supervisory Regulation is already in force — CISO must report to the board, not just the CEO.

Press will summarize this as "CISOs must now report to boards." True and uninteresting. The interesting question is why most CISOs will fail at this reporting.

CISOs typically prepare for a board session by translating technical material into accessible language. That doesn't work. Korean corporate boards are dominated by lawyers and business-school graduates. Sociotechnical risk language — CVEs, attack surfaces, MITRE ATT&CK matrices — doesn't land. The translation isn't bad. The attempt itself wastes the slot.

Start in business language. Boards want four data points.

One — risk in monetary terms. Not CVSS scores. The expected loss from an unpatched exposure if it becomes an incident.

Two — maturity against a recognized standard. NIST CSF, Zero Trust framework levels. "We're at level 2 of 4."

Three — compliance posture. PIPA, GDPR, Network Act — exposure to penalties under current and pending regulation.

Four — supply-chain risk. Most modern breaches enter through supply chain. Boards have started asking about it.

ISMS-P certification is the first thing Korean CISOs reach for to show the board "we're handling this." But ISMS-P was designed as an operational compliance standard, not a board communication tool. It shows whether you're patching things. It doesn't show whether your unpatched exposure is worth ₩100M or ₩10B in expected loss. The board needs the second number. ISMS-P doesn't produce it.

A quantitative risk model has to layer on top of ISMS-P, not replace it. Right direction, meaningful operational lift, and most Korean CISOs haven't started.

Board reporting four data points
Figure 3. The four data points boards actually want — and what ISMS-P doesn't produce.

One more thing. Secure your allies before the formal board meeting. Pre-meetings with the CFO and one or two friendly outside directors aren't optional. The actual board session is the wrong place to surface a controversial finding. The right place is the prep meeting, where you can lose without losing publicly. Has nothing to do with security and everything to do with surviving as a CISO long enough to do the security work.


5. Disclosure, repurposed as competitive pressure

Korea's information protection disclosure regime makes four things public and audited: information protection investment, workforce composition, certifications held, security activities. Most CISOs skim this regime because it looks administrative. Mistake.

In 2024, the law added post-hoc verification authority — the regulator can now check what was disclosed. Before that, filings were essentially what companies wrote. Now they aren't.

Then in 2027, the exclusion thresholds disappear. Companies that had been below the cutoff start filing.

Once filings are public and compared year over year, competitive pressure replaces regulatory pressure as the primary driver. A peer in your sector with a higher security investment ratio shows up in a filing that customers and audit committees both read. Annually. Compared to last year's, and compared to peers.

That shifts the political center of gravity inside the company. Security budget stops being a fight for IT-spend share and becomes a question of where you sit on a public benchmark. The CISO suddenly holds a number the CFO has to defend externally. ISMS-P certification status sits in the public artifact. The certification stops being something you renew quietly every three years and becomes something the market reads.

Disclosure 2027 shift
Figure 4. The 2024 verification authority and the 2027 scope expansion change the political weight of disclosure.


6. Dynamic access control — externalizing tacit knowledge

The shifts above all push the same question at operators: what can you actually do today, without Mythos-grade tooling? The Forum's most operationally specific answer was dynamic access control.

Korean enterprise access controls have been binary. You have permission or you don't. Employees who need access to personal information get exception-permissions, and those exceptions stay open.

Revalidating those exceptions dynamically is the alternative. Examples: a privileged user accessing the same data through VPN gets masked output. If the VPN-source IP matches a less-trusted endpoint, that's another signal. If a DBA's badge-in record isn't in the system this morning, their DB access is suspended.

What makes this interesting is the choice of signals. Operational signals nobody else queries — badge-in records, IP reputation deltas, peer behavior baselines — get pulled into authorization decisions. Familiar territory in zero-trust literature, but the implementation cues are different.

There's a deeper point underneath. The "abnormal" in anomaly detection mostly lives as tacit knowledge in CISOs' heads. "User X is sketchy" is a judgment that doesn't sit in any system. The dynamic control project is about externalizing that tacit knowledge into systematic signals.

This is harder than it looks. The moment a rule is formalized, it becomes gameable. Anyone trying to evade just routes around it. But the direction is right. Without formalizing and systematizing the concept of "abnormal," dynamic control doesn't actually run.

The same principle applies to pre-launch security review. Business teams skip it. There's a limit to how much you can prevent that. When skipping happens, run a post-implementation review. Document the gaps. List them. Escalate to executives. Preserve the paper trail. Not a control that prevents the skip. A control that ensures responsibility lands in the right place when a skip turns into an incident. Honest, and operationally workable.

This is the operational answer to "AI defense requires AI." Pattern-based security tools were built around static signatures. Post-Mythos attacks are context-driven — they reason, they chain. The only thing fast enough to defend against context-driven attacks is something that reasons in context. That's an AI system. Which is why AI security teams need dedicated personnel — not a generalist who also covers AI, but a specialist whose job is the AI defense layer.

Dynamic access control
Figure 5. Externalizing tacit "this user is sketchy" judgment into systematic operational signals.


7. The asymmetry Korea is facing

One gap to close on.

Mythos exists. Glasswing exists. AWS, Microsoft, Google, NVIDIA, Palo Alto Networks have access. No Korean firm is on the list.

The implicit assumption running through every Forum discussion was that Korean CISOs need to prepare for AI-driven attacks. The honest framing is that Korean CISOs need to prepare for AI-driven attacks without access to AI-driven defense at the same tier. The asymmetry is structural. By the time Mythos-equivalent capability is commercially available in Korea, the same capability will have been adversarial for some time.

That's the conversation the Forum didn't have. Also the most important one. The threat model, the board reporting mandate, the disclosure regime, the dynamic controls — all correct, all important. None of them resolve the asymmetry.

Three directions might shrink it.

Domestic security AI tooling — built defensively, designed for Korean compliance and Korean-language constraints. There's a view that the government's foundation-model push lost some strategic urgency post-Mythos. There's a case for re-pointing the goal — from "sovereign model" to "defensive AI."

Open-source defensive tooling — the Linux Foundation sits in the Glasswing launch partner list, which matters. Korean CISOs should track these projects actively rather than wait for vendor productization.

Operational discipline that doesn't need Mythos-grade tooling — dynamic access control is the example. Achievable today with existing infrastructure plus better signal integration.

The CISO's job in 2026 isn't to wait for Mythos-grade defense to land in Korea. It's to do everything that doesn't require it, and to prepare the ground for absorbing it the moment it arrives. That's a shorter list than people think. The Forum's value was in mapping it.


Note on this piece: written from session notes and a verified transcript summary of the 2026 CISO Insight Forum. Statistics that couldn't be traced to the transcript are omitted rather than guessed at. External claims about Mythos and Glasswing are limited to items cross-checked against Anthropic's own publications (red.anthropic.com, anthropic.com/glasswing) and multiple secondary sources (The Hacker News, Help Net Security, Schneier on Security). The 2025 enterprise pentest price benchmark cross-references multiple vendor pricing guides (BrightDefense, Astra, Compass IT Compliance, 2025–2026).