For most of the last two decades, enterprise cybersecurity was built around a single strategic premise: make it harder to attack. Add more authentication steps, patch faster, segment networks, train employees to recognize phishing. These are all sensible controls. The assumption underlying them is that if you raise the cost of an attack high enough, most attackers will go elsewhere.
That assumption is no longer safe.
In April 2026, Anthropic published research on Claude Mythos Preview, an AI model that demonstrated the ability to autonomously discover and exploit zero-day vulnerabilities across multiple real-world software systems. The research did not just reveal a new capability — it revealed a structural shift in what security controls can and cannot reliably prevent.
The implications for Canadian organizations extend well beyond the specific capabilities of a single AI model. They reveal a structural shift in what “secure” actually means when the attacker’s cost function is dramatically different from the one security programs were designed to address.
Friction-based defense is the security philosophy that treats cost-to-attacker as the primary metric of protection. Patch your systems so vulnerabilities require more effort to find. Deploy MFA so credential theft requires more steps. Segment your network so lateral movement requires more time. Train employees so phishing requires more convincing messages.
None of these controls are wrong. They are necessary. The problem is that friction-based defenses operate on the assumption that attacker capability is roughly human-scale: bounded by expertise, time, and available workforce.
Friction-based defense also assumes a human attacker constrained by time, attention, and expertise. A human attacker has limited working hours and cognitive bandwidth. These constraints are precisely what AI-assisted attack tools compress. An AI system does not get tired, does not have a day rate, and can operate across hundreds of systems simultaneously.
The Mythos Preview research is worth examining specifically because it was published by a safety-focused AI developer as a controlled disclosure — precisely the opposite of how these capabilities usually become known. The findings are specific, documented, and verifiable by other researchers.
The research noted explicitly that Mythos could identify and exploit vulnerabilities that friction-based defenses assume will slow or stop attackers: unpatched systems, misconfigured access controls, complex software with multiple interacting components. It operated across these targets at a speed and scale that renders the “raise the cost” model insufficient as a standalone strategy.
The Anthropic team’s response was not to abandon defensive controls but to shift emphasis toward what the paper called hard barriers: isolation mechanisms, cryptographic controls, and immutable architectures that do not rely on making attacks more expensive — they make them structurally impossible regardless of attacker capability.
The shift from friction to hard barriers does not mean starting over. It means understanding which controls in your environment function as genuine barriers versus which only function as friction. Three categories are consistently identified in security research as hard barriers:
Cryptographic Isolation
Data that is encrypted with properly managed keys, where the keys themselves are stored in hardware security modules or isolated key management systems, cannot be accessed through system compromise alone. An attacker who gains access to an encrypted database through any exploit — zero-day or otherwise — cannot read the data without the encryption keys. Proper identity and access management ensures those keys are not accessible through the same path.
Network and System Isolation
Systems that are physically or logically isolated from internet-accessible infrastructure cannot be reached by remote exploitation, regardless of the sophistication of the attacker. Isolation is categorically different from segmentation: segmentation raises the difficulty of lateral movement; isolation eliminates it for the isolated system.
Immutable Audit and Backup Architecture
Backup systems that cannot be modified or deleted by a compromised account — write-once storage, offline backups, cryptographically signed audit logs — survive system compromise intact. For ransomware protection and zero-day defense alike, immutable backups are your recovery guarantee when other controls fail.
Canadian organizations face a specific version of this challenge. The CCCS National Cyber Threat Assessment 2025-2026 identifies Canada as a high-priority target for both state-sponsored and financially motivated threat actors. Canadian organizations that serve US clients, operate critical infrastructure, or hold valuable intellectual property face elevated attention from sophisticated attackers.
A cybersecurity program built exclusively on friction-based controls — patching, awareness training, MFA, segmentation — is no longer a program that can credibly claim to address the full threat landscape Canadian organizations face. This does not mean those controls are useless. It means they are insufficient as a complete program.
This does not mean every Canadian organization needs to defend against nation-state AI attackers tomorrow. It means that the architecture decisions you make now — particularly about isolation, encryption, and backup strategy — determine whether your organization can recover from the attacks that will become more common as these capabilities mature.
One consequence of the friction model’s limitations is that detection and response become more important, not less. If no set of preventive controls can guarantee that a sufficiently capable attacker will fail to get in, your program needs to be built on the assumption that a breach will occur and that your ability to detect, contain, and recover is what determines the outcome.
This is the operational logic behind zero trust security architecture and assumed-compromise planning. It is also why continuous security monitoring — the kind that detects anomalous behavior rather than just known attack signatures — becomes a more critical investment as the attack capability baseline rises.
A formal threat risk assessment that maps your current controls against the actual capabilities of current attackers — including AI-augmented adversaries — is the starting point for understanding where your program relies on friction that is becoming less reliable, and where hard barriers are needed.
The practical difference between a friction-based program and one that incorporates hard barriers is not about replacing everything you have. It is about adding the structural controls that remain effective regardless of how capable the attacker becomes.
A post-friction security program typically includes:
Brigient’s approach to security program development starts with this kind of architectural audit — mapping your current controls against the real threat model your organization faces, identifying where genuine barriers are needed, and building a practical transition plan that does not require replacing your entire infrastructure at once. For organizations evaluating cybersecurity insurance, these hard barriers are increasingly what insurers require before coverage is extended at higher thresholds.
Does this mean MFA and patching are no longer worth doing?
No. MFA, patching, and other friction-based controls remain necessary. They stop the vast majority of attacks that are not AI-augmented, and they raise the baseline cost for any attacker. The argument is not that friction controls are useless — it is that they are not sufficient as a complete program against the evolving capability baseline.
How does the Mythos research affect organizations that are not critical infrastructure?
The capabilities demonstrated in the Mythos research represent the direction of attacker capability generally — not just for critical infrastructure targets. Ransomware groups and financially motivated attackers adopt AI tools rapidly once they become accessible. The CCCS NCTA 2025-2026 specifically identifies commercially motivated attackers as the primary threat to most Canadian organizations, and these actors are already using AI-assisted tools for reconnaissance and target selection.
What is the difference between friction and a hard barrier in practical terms?
Friction makes an attack harder. A hard barrier makes it structurally impossible regardless of attacker capability. A locked door is friction — a sufficiently motivated attacker can pick it, break it, or find another way in. A wall with no door is a hard barrier. In cybersecurity terms, making a database harder to access through better authentication is friction. Encrypting the database with keys that are physically isolated from the network is closer to a hard barrier.
How do we assess whether our current program has enough hard barriers?
A formal threat risk assessment that specifically evaluates your controls against AI-augmented attack scenarios will identify where friction-based controls are the only protection for high-value assets. This is the conversation Brigient starts with every new client: not “are your controls in place?” but “which of your controls would survive a capable attacker who is not slowed by the friction you have built?”
Is this relevant for Canadian organizations that are not targeted by nation-states?
Yes. Ransomware groups are already using AI to automate reconnaissance, vulnerability identification, and phishing at scale. The CCCS NCTA 2025-2026 specifically calls out commercially motivated cybercrime as the primary threat to most Canadian organizations. The friction model’s limitations are relevant to any organization facing these threats — which is virtually every Canadian business with meaningful digital infrastructure.
What does Anthropic’s controlled release approach mean for defenders?
The Mythos research was published by Anthropic through Project Glasswing — a controlled program that shares findings with defenders before broader deployment. This represents a best-case scenario for defenders: advance warning of a capability shift before it becomes a commodity attack tool. The window between this kind of research publication and the capability becoming more broadly available to attackers is the window in which to act.
The Mythos research did not reveal a new threat so much as it clarified the direction of a trajectory that security architects have been watching for years. AI assistance compresses the cost of sophisticated attacks. The security programs that survive this shift are those that combine necessary friction controls with genuine hard barriers for the assets that cannot be lost.
Brigient helps Canadian organizations assess their current architecture honestly, identify where hard barriers are needed, and build security programs that address the actual threat model — not the one from five years ago. Visit brigient.com to start that conversation.
Let’s Talk About Your Project: Unleash Possibilities, Explore Solutions, and Forge a Brighter Digital Future Together.
Contact Us Today!
