惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
AWS News Blog
AWS News Blog
V
Vulnerabilities – Threatpost
D
Darknet – Hacking Tools, Hacker News & Cyber Security
量子位
博客园 - 叶小钗
AI
AI
T
Tor Project blog
Forbes - Security
Forbes - Security
W
WeLiveSecurity
博客园_首页
爱范儿
爱范儿
J
Java Code Geeks
B
Blog
G
GRAHAM CLULEY
aimingoo的专栏
aimingoo的专栏
Cloudbric
Cloudbric
C
CXSECURITY Database RSS Feed - CXSecurity.com
TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 热门话题
阮一峰的网络日志
阮一峰的网络日志
有赞技术团队
有赞技术团队
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
Simon Willison's Weblog
Simon Willison's Weblog
云风的 BLOG
云风的 BLOG
Google DeepMind News
Google DeepMind News
H
Help Net Security
博客园 - 三生石上(FineUI控件)
C
Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
P
Palo Alto Networks Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
Recent Commits to openclaw:main
Recent Commits to openclaw:main
博客园 - 司徒正美
The Last Watchdog
The Last Watchdog
Blog — PlanetScale
Blog — PlanetScale
T
The Blog of Author Tim Ferriss
S
Secure Thoughts
Spread Privacy
Spread Privacy
F
Fortinet All Blogs
月光博客
月光博客
大猫的无限游戏
大猫的无限游戏
S
SegmentFault 最新的问题
H
Hackread – Cybersecurity News, Data Breaches, AI and More
A
About on SuperTechFans
Security Latest
Security Latest
Webroot Blog
Webroot Blog
Scott Helme
Scott Helme
Hugging Face - Blog
Hugging Face - Blog

Security Research | Blog

ClaudeFix: Shared Claude Chats Meet ClickFix | Zscaler Why Do F1 Teams Need Cybersecurity, and What Is AI’s Role? Indirect Prompt Injection Targets AI Agents | ThreatLabz Splunk Enterprise RCE (CVE-2026-20253) | ThreatLabz Edgecution: Malicious Edge Extension Backdoor | ThreatLabz SmartApeSG Supply Chain Attack Targets Okendo | ThreatLabz AI Generated ClickFix Attack Delivers SmartRAT | ThreatLabz What the ThreatLabz 2026 Phishing and Initial Access Report Means for the Public Sector | Zscaler Shai-Hulud: Miasma, Hades, & AI Scanner Evasion | ThreatLabz Zscaler ThreatLabz 2026 Phishing and Initial Access Report Technical Analysis of MLTBackdoor | ThreatLabz OpenClaw Skill Distributes Remcos & GhostLoader | ThreatLabz Tropic Trooper: AdaptixC2 + Custom Beacon | ThreatLabz Do not delete blog (testing) | Zscaler Payouts King Takes Aim at the Ransomware Throne | ThreatLabz The Alibaba Incident and Why Zero Trust Matters More Than Ever In-Memory Loader Drops ScreenConnect | ThreatLabz Supply Chain Attacks Surge in March 2026 | ThreatLabz Claude Code Leak: Critical AI Security Threat 2026 Latest Xloader Obfuscation Code & C2 Protocol | ThreatLabz CVE-2026-20131: Analysis of FMC RCE | ThreatLabz Technical Analysis of SnappyClient | ThreatLabz China-nexus Group Targets Arabian Gulf Region | ThreatLabz Middle East Conflict Fuels Cyber Attacks | ThreatLabz Dust Specter APT Targets Gov’t Officials in Iraq | ThreatLabz APT37 Adds New Tools For Air-Gapped Networks | ThreatLabz GuLoader Malware Obfuscation Techniques Analyzed GuLoader Obfuscation Analysis | ThreatLabz Technical Analysis of Marco Stealer | ThreatLabz Latest Public Sector AI Adoption Trends: What Government, Healthcare, and Education Security Teams Need to Know | Zscaler Operation Neusploit: APT28 Uses CVE-2026-21509 | ThreatLabz 7 Predictions for 2026 | Zscaler SHEETCREEP, FIREPOWER, and MAILCREEP Analysis | ThreatLabz AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report | Zscaler GOGITTER, GITSHELLPAD, and GOSHELL Analysis | ThreatLabz Malicious NPM Packages Deliver NodeCordRAT | ThreatLabz What’s Powering Enterprise AI in 2025: ThreatLabz Report Sneak Peek | Zscaler BlindEagle Deploys Caminho and DCRAT | ThreatLabz Technical Analysis of the BlackForce Phishing Kit | ThreatLabz React2Shell RCE Vulnerability (CVE-2025-55182) | ThreatLabz Shai-Hulud V2 Poses Risk to NPM Supply Chain | ThreatLabz Technical Analysis of Matanbuchus 3.0 | ThreatLabz In-Depth Analysis: Water Gamayun APT Multi-Stage Attack Uncovered CVE-2025-50165: Windows Graphics Component Flaw | ThreatLabz Mobile, IoT, and OT Risks Converge in the Public Sector | Zscaler Industry Attacks Surge, Mobile Malware Spreads: The ThreatLabz 2025 Mobile, IoT & OT Report | Zscaler Zscaler Discovers Vulnerability in Keras Models Allowing Arbitrary File Access and SSRF (CVE-2025-12058) | Zscaler F5 Security Incident Advisory | Zscaler Under the Radar: How Non-Web Protocols Are Redefining the Attack Surface | Zscaler SEO Poisoning Targets Ivanti VPN: Credential Theft Alert Cisco Firewall and VPN Zero Day Attacks | ThreatLabz COLDRIVER Adds BAITSWITCH and SIMPLEFIX | ThreatLabz YiBackdoor: Linked to IcedID and Latrodectus | ThreatLabz Technical Analysis of Zloader Updates | ThreatLabz Mitigating Risks from the Shai-Hulud NPM Worm | ThreatLabz Malicious PyPI Packages Deliver SilentSync RAT | ThreatLabz Technical Analysis of SmokeLoader Version 2025 | ThreatLabz Technical Analysis of kkRAT | ThreatLabz APT37: Rust Backdoor & Python Loader | ThreatLabz Anatsa’s Latest Updates | ThreatLabz Termncolor and Colorinal Explained | ThreatLabz GenAI Used to Impersonate Brazil’s Govt Websites | ThreatLabz Tracking Updates to Raspberry Robin | ThreatLabz Ransomware Surges, Extortion Escalates: ThreatLabz 2025 Ransomware Report | Zscaler China-nexus APT Targets the Tibetan Community | ThreatLabz CVE-2025-53770 | ThreatLabz Black Hat SEO Poisoning Search Engine Results For AI | ThreatLabz
When the Scanner Starts Thinking: Learnings from Mythos & GPT 5.5 Cyber in Security Testing | Zscaler
Deepen Desai · 2026-05-23 · via Security Research | Blog

Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Overview

Frontier AI models like Anthropic Mythos and OpenAI GPT 5.5 Cyber present a critical inflection point for enterprise security. While they unlock transformative potential for security engineers seeking to embed AI into their workflows, they also expand the attack surface for organizations facing increasingly sophisticated attacks when used by threat actors. Mythos and GPT 5.5 Cyber do something fundamentally different from previous models. They reason across attack paths, weigh exploitability, and generate security-relevant workflows. The threat chain remains the same. Attackers will continue to find what’s exposed, break in through a weak point, move laterally, and steal data. What’s changed is the expertise required, speed, and scale.

The question isn't whether these models will impact your security posture; it's whether your team will harness them faster than your attackers. In this blog, we share what we've learned from putting these models to the test at Zscaler: what they can do for your security operations, vulnerability management, and what they mean for your enterprise cyber defenses.

Frontier Model Testing Methodology

To unlock the full potential of frontier AI in security testing, we engineered a purpose-built evaluation framework organized around three core testing harnesses—each designed to mirror real-world attack and defense scenarios.

  1. Think Like an Attacker - Black Box Testing: The model engages the target with zero internal system knowledge, simulating the perspective of a motivated external adversary. Findings validated through this harness are immediately elevated for remediation, given their direct exploitability by malicious actors in the wild.
  2. The Defender's First Take - Artifact & Code Repository Testing:  The model conducts deep inspection of source code, compiled binaries, and static files, looking for security weaknesses before they can be weaponized. While this harness yields fewer confirmed findings than its counterparts, we found it uniquely effective at decomposing complex systems and generating high-quality findings for downstream dynamic validation.
  3. The Informed Adversary - Gray Box & White Box Testing: The model conducts its most informed and precise analysis armed with partial or full system context, including threat models, architectural specifications, and results from prior scans. This approach generated the most actionable findings, enabling the model to identify paths to compromise more effectively, although results were heavily influenced by the quality and extent of the context provided.

With this framework in place, we could finally measure what matters. Not whether AI can simply find security issues, but whether frontier AI finds the right ones, faster than any approach before it.

Every run moved through the same pipeline: attack surface mapping, test planning, active testing, dynamic validation, deduplication, triage, ticketing, patching, and validation. We designed this structure thoughtfully, incorporating context like what held up under dynamic validation, how severity shifted after deduplication, and how clean the remediation path looked.

Image

Figure 1: The three core testing harnesses that we used to evaluate new frontier AI model capabilities.

How Mythos & GPT 5.5 Cyber Models Operate: A Fundamental Shift in Security Reasoning

The defining capability that separates new frontier AI models from conventional security tooling is multi-step reasoning. Rather than returning isolated findings, these models construct complete attack paths—connecting preconditions, privilege states, misconfigurations, and downstream exposures into chains that mirror how real adversaries actually operate.

We pushed these models hard across the full spectrum of security capabilities. Below are the findings:

Capability

Value to Security Teams

Attack Path Analysis

Identifies how separate weaknesses can combine into a viable compromise.

Demonstrable Exploitation

Backs findings with working proof-of-concept exploit scripts and independently validates the outcome.

Vulnerability Prioritization

Separates theoretical risk from reachable, exploitable exposure so teams focus on what matters.

Iterative Analysis

Able to dynamically use multi-step reasoning across a problem rather than returning pattern-based one-shot answers.

Detection Engineering

Accelerates the creation and refinement of detections, threat hunts, and analytic logic.

Investigation Support

Rapidly assists with evidence gathering, summarization, and data analysis for incidents.

Remediation Guidance

Recommends controls and corrective actions aligned to likely attacker behavior.

Operational Speed

Reduces time from signal to decision, especially in complex environments.

Of all the capabilities we evaluated, attack chaining and iterative analysis were the most consequential. Frontier models don't just enumerate vulnerabilities, they reason across them, connecting privilege states, misconfigurations, and exposures into plausible, multi-stage attack paths.

Here is an example illustrating the model’s advanced capabilities of reasoning.

Multi-Path Attack Chaining: Converging on the Same Objective from Multiple Angles

Mythos and GPT 5.5 Cyber can extend reasoning further than ever before, exploring multiple simultaneous attack paths toward the same adversarial objective. Starting from an initial endpoint mapping, the model branches across independent vulnerability chains, combines vulnerabilities with misconfigurations, preserves intermediate attacker state (credentials, tokens, session data), and converges on a single high-impact outcome.

Image

Figure 2: Three independent paths. One converging outcome. Identified autonomously, with full reasoning chains intact.

Frontier models are better sensors. They detect weaker signals while filtering more noise, and they do it fast. The data was always there, what changed is the ability to resolve it into a complete, actionable picture—something that is difficult or in some cases impossible for a human to do at this scale.

Across our benchmarks, frontier models surfaced twice as many high-severity findings, twice as fast as legacy tooling and pen-testing approaches. But the more important outcome is what survived validation. The findings that held up were all actionable with accurate severity, clear reproduction paths, and remediation guidance grounded in realistic attacker behavior. 

This represented a significant improvement in signal-to-noise ratio with actionable outcomes when compared to legacy tooling.

Key Learnings

  • The differentiator is reasoning depth, not just the scan speed: Frontier models win by thinking deeper, not scanning faster—chaining isolated, low-severity findings into critical attack paths that legacy tools miss entirely.
  • Context is a double-edged sword: Providing architectural context, threat models, and known weaknesses significantly improved accuracy. But there's a counterintuitive risk: feeding the model examples of previously found issue classes caused it to anchor on those patterns and stop hunting for what hadn't been discovered yet. Ground the model in its environment. Don't lead it to your conclusions.
  • No context inflates severity: Without grounding, models misread dependencies and over-escalate findings. Context-aware reasoning is the minimum bar for meaningful results.
  • Focused, expert-guided workflows outperform broad usage: Untargeted prompting wastes capacity and produces noise. Point the model at specific objectives (vulnerability hunting, code scanning, or targeted analysis) with relevant context. Expert-led, targeted workflows are what separate signals from slop.
  • The harness is the force multiplier: While the model quality is table stakes, the real force multiplier is embedding frontier AI into structured, repeatable test harnesses. Our most effective workflows evolved from a core set developed by Product Security and refined by Security Champions across engineering teams. 

How Security Leaders Can Prepare

Frontier AI capability is spreading quickly. The challenge will no longer be access to the models, but instead how to use them defensively before your adversaries use them to attack. Defenders need to prepare for this inevitable crossroads now.

We developed these high-impact recommendations that go beyond active vulnerability management to start reducing your risks today:

  1. Hide your apps: Reduce your external exposure by moving your applications behind a Zero Trust Architecture like Zscaler Private Access. Attackers can’t breach what they can’t reach.
  2. Understand your assets and associated risks: Establish complete visibility of exposed and internal assets including AI assets. This is where Zscaler can help with AI Asset Management, Asset Exposure Management, External Attack Surface Management, and Unified Vulnerability Management, powered by AI.
  3. Prioritize deploying proactive defense with Deception: AI will use multiple paths to get to the action-on-objective stage and, in the process, inadvertently trigger carefully planted decoys in the environment. Zscaler customers can deploy our built-in Deception technology to auto-contain the asset or identity from accessing all real applications while capturing full activity in the decoy environment.
  4. Prioritize Zero Trust everywhere architecture: Apply Zero Trust consistently across remote and on-prem environments. Enforce user-to-application segmentation to prevent lateral propagation and reduce the blast radius from AI-driven attacks.
  5. AI red teaming and guardrails for your production models: Treat your production AI like a real attack surface. Protect it from prompt injection, toxic content, hallucinations, and model drift over time.
  6. AI-Powered Exposure Management:  Prioritize remediation and patching using Zscaler Exposure Management Remediation Agent for high risk areas (applicable to both external and internal assets).
     

Conclusion 

AI is moving from simple assistants to a mission-critical operational capability. That creates both opportunity and urgency. Defenders now have the chance to improve speed, precision, and scalability in ways that were difficult to achieve with human effort alone. At the same time, adversaries will pursue the same advantages.

The organizations that lead in this next phase will be those that combine frontier AI with strong architecture, trusted context, and disciplined enforcement.

At Zscaler, we believe this is where frontier cyber models and Zero Trust naturally converge. The future of cyber defense will not be defined by more alerts or more dashboards. It will be defined by systems that understand exposure, reason across attack paths, and help defenders act faster and more precisely than the adversary. That is the future security teams should be preparing for now.

form submtited

Thank you for reading

Was this post useful?

Disclaimer: This blog post has been created by Zscaler for informational purposes only and is provided "as is" without any guarantees of accuracy, completeness or reliability. Zscaler assumes no responsibility for any errors or omissions or for any actions taken based on the information provided. Any third-party websites or resources linked in this blog post are provided for convenience only, and Zscaler is not responsible for their content or practices. All content is subject to change without notice. By accessing this blog, you agree to these terms and acknowledge your sole responsibility to verify and use the information as appropriate for your needs.

Explore more Zscaler blogs

eliminate-ai-attack-surface_blog-image-cover

Eliminating Your Attack Surface Is the Best Defense Against Vulnerabilities Discovered by Anthropic's Mythos Model

woman face-to-face with AI humanoid

AI is Now Default Enterprise Accelerator: Takeaways from ThreatLabz 2026 AI Security Report

Zscaler is Proud to be Part of Project Glasswing

Zscaler Is Proud to be Part of Project Glasswing: AI Can’t Breach What It Can’t Find

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.