A zero-day vulnerability is a security flaw that the software vendor does not yet know about — and therefore has not patched. For most of cybersecurity history, zero-days were the exclusive province of nation-state intelligence agencies and the most sophisticated criminal groups, because finding them required rare expertise and significant time investment.
In April 2026, Anthropic published research on Claude Mythos Preview that fundamentally changed that picture. The model demonstrated the ability to autonomously discover and exploit zero-day vulnerabilities across multiple real-world software systems — operating faster, at greater scale, and with less human involvement than any previous tool in this space.
For Canadian organizations, this research has concrete operational implications. It does not mean every business will face a Mythos-level attack tomorrow. It does mean that the security architecture you have built against a previous generation of attacker capability needs to be reassessed against the new baseline this research establishes.
Every software system contains bugs. Most bugs are discovered and patched before attackers find them, or at least before they are widely exploited. A zero-day is a vulnerability that is unknown to the vendor — meaning there is no patch, no vendor advisory, and no known signature for security tools to detect. Attackers who find a zero-day can exploit it without triggering any patch-based or signature-based defense.
The reason zero-days are particularly dangerous is that conventional defenses — patching, vulnerability scanning, signature-based detection — do not protect against what they do not know exists. A patched environment is only as secure as the completeness of vendor knowledge about its own software.
Historically, the technical barrier to zero-day discovery acted as a natural limiter. Most attackers worked with known vulnerabilities because finding genuine zero-days required rare expertise and significant reverse engineering capability. The Mythos research represents a meaningful compression of that barrier — with direct implications for the ransomware protection strategies Canadian organizations currently rely on.
Anthropic’s Mythos Preview research documented several capabilities directly relevant to zero-day exploitation:
Anthropic published this research through Project Glasswing, a controlled disclosure program that shares findings with defenders before broader deployment — specifically so that security organizations can update their programs before the capabilities become more widely available.
The most widely adopted defensive response to vulnerabilities is patching: when a vendor releases a fix, organizations deploy it as quickly as possible. Patch management programs are designed to minimize the window between vendor disclosure and organizational deployment.
Patching-first security works well against known vulnerabilities. Against zero-days, it provides no protection during the exploitation window — the period between when an attacker has found and is using a vulnerability and when the vendor discovers and patches it. Historically, that window could span months for sophisticated zero-days held by advanced actors. AI-assisted discovery compresses the time required to find those vulnerabilities, potentially changing the risk calculus significantly.
This does not mean stop patching. It means patching needs to be supplemented by controls that provide protection even when a vulnerability is unknown. The question is what those controls look like.
Not all security controls lose effectiveness against zero-day attacks. The following categories remain meaningful even when the attacker has found an unknown entry point.
Behavioral Monitoring and Anomaly Detection
A zero-day exploit is a technique for getting in. Once inside, attackers still need to move laterally, access data, and establish persistence. These post-exploitation activities produce behavioral signals detectable even when the initial entry method was unknown. EDR and SIEM tools calibrated for behavioral detection rather than signature matching remain effective against post-zero-day activity.
Network Segmentation and Least-Privilege Access
If an attacker exploits a zero-day in a user workstation, the value of that access depends entirely on what that workstation can reach. Proper identity and access management with least-privilege controls and network segmentation means a compromised endpoint cannot directly reach your highest-value systems, databases, or backups.
Cryptographic Data Protection
Data encrypted with properly managed keys cannot be exfiltrated meaningfully even if the system it lives on is compromised. An attacker reaching an encrypted database through a zero-day still needs the encryption keys — which, if properly isolated, are not reachable through the same exploit path.
Attack Surface Reduction
AI-assisted zero-day discovery operates by analyzing software. Systems that are not internet-accessible, not running unnecessary services, and not connected to external networks cannot be analyzed or exploited remotely. Attack surface reduction directly limits the scope of what AI-assisted tools can target.
The Mythos research represents a clear signal that security programs need to be assessed against a more capable attacker model than most were designed to address.
Reassess Your Threat Model
A threat risk assessment conducted before the Mythos research was published was calibrated against a different capability baseline. Reassessing your threat model to explicitly include AI-assisted zero-day discovery changes which assets need hard barrier protection (not just friction controls) and which detection capabilities need to be prioritized.
Shift Investment Toward Detection
If the window between zero-day discovery and exploitation is shortening, the time available to detect and respond becomes more critical. Organizations that invest primarily in prevention need to assess whether their detection and response capabilities are adequate to the speed at which AI-assisted attacks can move.
Implement Hard Barriers for Critical Assets
Identify your most critical systems and data and apply the highest tier of protection: cryptographic isolation, network isolation, and immutable backups. For both zero-day defense and broader ransomware protection, isolated backups that an attacker cannot reach are your recovery guarantee regardless of how they got in.
The CCSPA requires designated operators to maintain cybersecurity programs adequate to the threats facing their critical systems. As the threat environment evolves — and the Mythos research is a documented evolution in attacker capability — the adequacy standard evolves with it. Organizations in designated sectors should treat this research as a trigger for reviewing whether their current program addresses the updated threat model.
PIPEDA’s safeguards principle requires protection proportionate to the sensitivity of the information held. In an environment where AI can autonomously find unknown vulnerabilities, “proportionate” protection increasingly means detection and isolation capabilities, not just patch currency. A current-state review of your PIPEDA compliance posture should explicitly address whether your safeguards are calibrated against current attacker capabilities. Organizations carrying cybersecurity insurance should also note that insurer requirements are evolving in response to this capability shift.
The Canadian Centre for Cyber Security publishes updated guidance as the threat landscape evolves. Organizations should treat the Mythos research as the type of threat intelligence that warrants a direct review of their current security architecture against updated attacker capability assumptions.
Is Claude Mythos being used by attackers right now?
No. Anthropic published the Mythos research through Project Glasswing — a controlled disclosure program — specifically to give defenders advance warning before the capabilities described become broadly accessible. The research represents a forward-looking threat signal, not a description of an active attack campaign.
Do small and mid-size Canadian businesses need to worry about AI zero-day attacks?
Not immediately from the specific Mythos model. But AI-augmented attack tools are already in use by ransomware groups at a lower capability level, and the research trajectory established by Mythos means that more capable AI-assisted attack tools will become available to a broader range of threat actors over time. SMBs should begin prioritizing behavioral detection and least-privilege architecture now rather than waiting.
Does patching still matter if AI can find zero-days?
Yes. The vast majority of successful attacks still exploit known vulnerabilities in unpatched systems. Patching eliminates a far larger attack surface than any organization can protect with detection alone. The point of the Mythos research is not that patching is obsolete — it is that patching is necessary but no longer sufficient as a primary defense strategy on its own.
How does behavioral detection catch a zero-day attack?
Behavioral detection monitors what systems and users are doing, not just whether they match known attack signatures. A zero-day exploit is a novel entry method, but once inside, attackers still need to move laterally, access data, and establish persistence. These post-entry activities produce behavioral anomalies that well-configured detection tools can identify, regardless of how the attacker got in.
How do we know which of our systems are most at risk from zero-day attacks?
Attack surface analysis as part of a threat risk assessment identifies which systems are internet-accessible, running what software, with what level of exposure to external scanning and analysis. Internet-facing systems running complex, widely deployed software are the highest-priority targets for AI-assisted zero-day discovery. Systems isolated from external networks cannot be remotely analyzed or exploited.
What should we tell our board about AI zero-day risks?
The Mythos research demonstrates that the technical barrier to zero-day discovery has dropped significantly with AI assistance. The board question is not whether to respond, but how quickly to prioritize behavioral detection, cryptographic isolation, and attack surface reduction investments relative to current program gaps. This is precisely what a current-state threat risk assessment is designed to quantify.
The Mythos research gives Canadian organizations something unusual in cybersecurity: advance warning of a capability shift, published by a responsible developer as a defense-enabling disclosure. The opportunity is to act before the capabilities described become widely available to a broader range of attackers.
Brigient provides cybersecurity services for organizations across the GTA and Canada, including threat risk assessments calibrated to current and emerging attacker capabilities. Visit brigient.com to start with an assessment of your current program against the updated threat model.
Let’s Talk About Your Project: Unleash Possibilities, Explore Solutions, and Forge a Brighter Digital Future Together.
Contact Us Today!
