In a single quarter this year, two events quietly redrew what cyber conflict means. Researchers at Anthropic working with the Claude Mythos preview model discovered thousands of previously unknown, high-severity vulnerabilities across every major operating system and browser in widespread use today, including a flaw in OpenBSD that had persisted undetected for nearly three decades [1][2]. Separately, a malicious actor reportedly used an Anthropic AI model as an active assistant in a cyberattack against the Mexican government, exfiltrating roughly 150 gigabytes of sensitive data: tax records, voter registries, employee credentials [3][4].
Canada’s National Cyber Threat Assessment 2025–2026, published by the Canadian Centre for Cyber Security, is explicit: AI-enabled attacks represent a defining feature of the emerging cyber threat landscape, and Canada’s attack surface – spanning federal ministries, provincial health networks, municipalities, and critical infrastructure – is expanding faster than our collective ability to defend it [5][14].
Our preparedness model has not kept pace. Canada’s cyber posture remains organized primarily around periodic risk assessments, annual penetration tests, static security controls, and human-tempo incident response. These practices were, until recently, on the low side of adequate. They were designed for a world in which adversaries move at human speed, in which utilizing a zero-day vulnerability required months of painstaking manual research and a skilled team operating over weeks or even years. That world is over.
This article examines what the Mythos era means for Canadian institutions, why classical “patch and pray” vulnerability management no longer scales, and what continuous, AI-native hardening would look like as a national baseline.
Canada’s Unseen Second Front
Neither the Claude Mythos disclosures nor the Mexican government breach made front-page news in Canada for long. They should have. Both events signal a shift in the operating tempo of cyber conflict that Canadian public and private institutions have not absorbed.
The classical cyber threat model assumes adversaries operating at human speed: skilled teams, painstaking manual research, multi-week or multi-year exploit chains. Periodic risk assessments and annual penetration tests were designed for that world. They presume that the time between vulnerability discovery and active exploitation is measured in months, that defenders and attackers compete on roughly equivalent footing, and that human incident response teams can catch up after the fact.
Each of these assumptions is now in question.
The Threat Landscape: From Nation-States to Autonomous Exploits
State-sponsored actors from China, Russia, Iran, and North Korea have been regularly implicated in major breaches affecting Canadian and allied institutions. Telecom compromises, attacks on healthcare systems, intrusions into government contractor networks – these are documented, recurring events, not hypothetical scenarios drawn from threat intelligence briefings [5].
The overall breach landscape continues to worsen at a structural level. Multi-billion-record data leaks, ransomware disruptions of critical services, and sophisticated supply-chain compromises are now annual events. The 2024 and 2025 breach cycles produced some of the largest data exposures in history, affecting healthcare providers, financial institutions, and government contractors across North America [6].
What has changed most dramatically is not the identity of the adversaries but the tools available to them. AI is not a new category of threat actor. It is an accelerant. Adversaries are already using machine learning models to scale and personalize phishing campaigns at a level that defeats traditional detection heuristics [6]. And as the Mythos story makes plain, the frontier of AI capability now includes autonomous vulnerability discovery and exploit development [1][15].
Key Finding: Canada’s National Cyber Threat Assessment 2025–2026 identifies AI-enabled attacks as a defining feature of the new landscape, yet Canada’s defensive posture still assumes adversaries operating at human speed.
When AI Crosses the Line from Assistant to Attacker
Anthropic’s announcement that Claude Mythos had discovered thousands of high-severity zero-day vulnerabilities, across Windows, macOS, Linux, and every major browser, was not just a marketing claim. It was, if anything, an admission: Anthropic restricted access to the model’s offensive security capabilities in part because they surpass what any human vulnerability researcher could accomplish alone [1]. Project Glasswing, the research programme underlying these capabilities, represents a genuine inflection point. For the first time, the discovery and weaponization of software vulnerabilities can be automated at industrial scale [15].
The implications for Canada are direct and should be alarming to anyone involved in Canada’s cybersecurity. If a defensive AI can find thousands of zero-days across major platforms in a matter of weeks, an offensive one operating with the same architecture can do the same. The window between vulnerability discovery and active exploitation – already compressed by the growth of exploit brokers and dark-market vulnerability trading – could effectively collapse.
Mythos makes it abundantly clear that LLMs for cybersecurity are now an offensive reality and a defensive necessity. But the breach of the Mexican government makes it equally clear that this danger exists even with significantly weaker, cheaper, and more accessible models as well. Canada must aggressively harden its critical infrastructure, and then continue in perpetuity. Static cyberdefense is itself obsolete.
— Tyler Kolody, CTO, Innervation AI
The Mexico breach provides a complementary data point. The AI model involved did not act fully autonomously. It served as a capable assistant, helping a human attacker accelerate and execute an attack that might otherwise have required a larger team with more specialized expertise [3][4][16].
Taken together, these two events define what might reasonably be called the Mythos era: a period in which both the discovery and exploitation of vulnerabilities can be partially or fully automated, and in which the resources required to execute a sophisticated attack are available to a much wider range of actors than was true even two years ago.
Canada’s Preparedness Gap
Darktrace’s State of Cybersecurity Canada 2026 report documents a significant and widening preparedness gap among Canadian organizations despite rising AI adoption and growing strain on security operations centre (SOC) teams [8][9]. The finding aligns with what practitioners across the sector report: security teams are dealing with alert fatigue at unprecedented levels, staffing shortages that have not abated despite years of awareness campaigns, and tooling investments that have not translated into meaningfully improved detection and response times.
There is a second, underappreciated dimension to this gap. ISA Cybersecurity’s analysis of AI and Canadian municipalities identifies a specific risk that most security frameworks have not yet incorporated: AI systems deployed within public and private sector organizations, systems capable of calling tools, triggering workflows, and acting with degrees of autonomy, can themselves become vectors for intrusion [10]. For organizations that deployed agentic AI to improve operational efficiency, the attack surface expanded at the same time as the tooling investment.
For Canadian municipalities and provincial governments, this creates a compounding problem. These organizations were already under-resourced relative to the conventional threat they faced. They must now contend with adversaries who can automate vulnerability discovery, leverage AI models as attack assistants, and potentially exploit the same AI systems those organizations deployed to improve efficiency.
Canadian Context: Canada’s attack surface spans federal ministries, provincial health networks, 3,500+ municipalities, and critical infrastructure operators – many of whom operate with security teams too small to run continuous monitoring, let alone AI-native red-teaming.
The World Economic Forum’s Global Cybersecurity Outlook 2026 captures the macro dimension of this clearly. The report describes AI as both a force multiplier for defence and a catalyst for new categories of risk, and identifies security-by-design, robust governance guardrails, and continuous monitoring as foundational requirements. Canada’s progress on each of these dimensions is uneven at best [11][12].
Why “Patch and Pray” Fails in the Mythos Era
The classical vulnerability management pipeline runs roughly as follows: a vulnerability is discovered through a researcher or bug bounty programme; a CVE is assigned and a patch developed; vendors notify customers; organizations schedule maintenance windows and roll out fixes. In a well-resourced, well-staffed environment, this process might be finished in days for high-severity issues. In the real world of stretched IT departments, legacy systems, and change management bureaucracies, it routinely takes months or even years, as more urgent priorities indefinitely delay patching.
This model was always imperfect. In this era of Mythos and automated discovery and execution, it is strategically inadequate.
If a frontier AI model can surface thousands of zero-days across major platforms in a compressed timeframe, many without vendor awareness, let alone available patches, the assumption that defenders can manage risk by patching known vulnerabilities promptly no longer holds [1][15]. Global data consistently shows that attackers exploit vulnerabilities that organizations have had months or years to patch [6]. Legacy infrastructure, resource constraints, and organizational complexity mean that even known, high-severity vulnerabilities persist in production environments long after fixes are available. When unknown vulnerabilities can now be discovered and weaponized at machine speed, the concept of a manageable remediation backlog begins to dissolve.
Defenders must assume that unknown vulnerabilities in their environments are being inventoried now, potentially by automated systems operating at a pace no human security team can match. The only adequate response is to discover and remediate continuously, deploying the same classes of tools that adversaries are using against you.
Either we will see an end to reactive patching as cybersecurity SOP, requiring significant investment in both compute and human resources. Or we will suffer a catastrophic cyberattack leading to widespread loss of capital and potentially life, and then we will invest the necessary resources for proactive defense. Those are the only two scenarios.
— Tyler Kolody, CTO, Innervation AI
What AI-Native Defence Looks Like
If adversaries can use AI to discover and exploit vulnerabilities at scale, defenders must deploy AI to continuously discover, safely exploit, and remediate vulnerabilities across their own environments – before adversaries reach them. Symmetry here is not a strategic preference. It is an operational requirement.
In practice, this means moving from periodic, human-led security assessments to continuous, AI-assisted or AI-autonomous hardening. It means instrumenting environments so that agent-based systems can map assets, probe configurations, generate exploit hypotheses, test them in controlled conditions, validate remediations, and re-test for regressions on a cycle measured in hours or days rather than quarters.
Fortinet has published guidance on how AI can augment threat detection, anomaly identification, and zero-day discovery when integrated thoughtfully into defensive operations [6][7]. The WEF’s 2026 outlook goes further, arguing that AI governance frameworks and security-by-design principles must be built into the foundation of any AI deployment [11].
If you are responsible for critical Canadian systems, an AI-native readiness assessment is the fastest way to map your current exposure against Mythos-era threats. Innervation works with public institutions and critical enterprises on continuous hardening pilots.
Innervation’s Thesis: Coordinated Multi-Agent Hardening
The relevant unit of capability for AI-native defence is not a single smart tool. It is a coordinated swarm of specialized agents operating under rigorous governance and transparency requirements.
A single AI model, however capable, is constrained by context, compute, and the limits of its training. A coordinated system of specialized agents, each optimized for a specific task in the security pipeline, decomposes the problem of continuous hardening into parallelizable, auditable workstreams. Asset discovery agents map and inventory hybrid environments continuously. Configuration analysis agents identify deviations from policy and known-good states. Exploit generation agents develop and test attack hypotheses against staging or sandboxed mirrors. Patch validation agents confirm that proposed remediations close the identified exposure without introducing regressions. Reporting agents synthesize findings into formats that feed directly into SOC workflows, risk registers, and executive dashboards.
By merging the flexibility of modern AI, the rigidity and provability of traditional software, and the auditability to allow users to interact with and inspect any step of the process, Innervation is ideally suited for the high-stakes but also highly verifiable domain of proactive, semi-autonomous cyberdefense.
— Tyler Kolody, CTO, Innervation AI
The neurosymbolic dimension of Innervation’s platform – combining statistical pattern recognition and generation with symbolic reasoning about policies, constraints, and safety boundaries – is what allows agents to operate both creatively and safely within defined rules of engagement. Ensuring that offensive agent capabilities are bounded by governance controls, that all actions are logged and auditable, and that the system aligns with the NIST AI Risk Management Framework [13] and Canadian public-sector security controls requires deliberate architectural choices. These cannot be retrofitted to systems designed purely for capability.
Applying This to Canadian Systems
Federal ministries and crown corporations operate large, complex hybrid environments with significant legacy infrastructure, supplier interdependencies, and regulatory obligations around data sovereignty. They are high-value targets, and many operate with security teams that are well-intentioned but structurally under-resourced relative to the threat [5][14].
Provincial health networks present a different but equally urgent case. Healthcare data is among the most sensitive and most traded on criminal markets. Ransomware attacks against Canadian hospitals have caused genuine patient harm: disrupted surgical schedules, diverted emergency cases, destroyed records [6][10].
For municipalities, Canada’s most numerous and most under-resourced class of public-sector institution, shared AI cyber ranges may be the most practical entry point [10].
AI-Enabled Attack Vectors vs. Traditional Controls
| Attack Vector | Traditional Control | Gap in Mythos Era | How Multi-Agent Defence Helps |
|---|---|---|---|
| AI-assisted zero-day discovery | Annual pen test + patch cadence | Vulnerabilities discovered faster than patch cycles | Continuous agent-driven discovery runs ahead of adversaries |
| Automated exploit chaining | Signature-based IDS/IPS | Novel exploit chains evade known signatures | Exploit generation agents test novel chains defensively first |
| AI-augmented phishing at scale | Email filtering + user training | Volume and personalization overwhelm heuristic filters | Behavioural anomaly agents detect pattern shifts in real time |
| Prompt injection / AI system compromise | Traditional perimeter controls | AI systems not modelled in legacy threat frameworks | Dedicated agents probe agentic interfaces and AI attack surfaces |
From Reaction to Readiness: A Canadian Roadmap
Closing Canada’s AI-era cyber gap requires more than technology adoption. It requires a policy and institutional shift that treats cyber readiness with the same seriousness Canada brings to military preparedness or pandemic planning [5][11].
Mandate AI-aware risk assessments across public institutions
Current assessment frameworks applied to federal and provincial entities do not adequately account for AI-enabled attack vectors, nor for the vulnerabilities introduced by AI systems deployed within those same institutions [5][10]. Updating mandatory frameworks to include AI attack-surface inventories should be a regulatory baseline.
A foundational strand of WEF cybersecurity thinking has long held that security and privacy must be treated as design-stage requirements rather than post-production patches, particularly for critical infrastructure and cyber-physical systems [18]. What is new is the scope. AI systems deployed inside government and enterprise environments are themselves cyber-physical in character: they call tools, trigger workflows, and take actions with real-world consequences. The security-by-design imperative, established for power grids and water systems, must now be applied with equal rigour to every AI-integrated workflow in the public sector.
Fund pilot programmes for continuous agentic hardening
The federal government and provincial counterparts should establish funded pilots for continuous AI-driven hardening in high-risk domains: federal ministries, provincial health authorities, and critical infrastructure operators. Partnerships with specialized providers who can deploy governed, auditable agent systems within existing security frameworks offer a faster and more cost-effective path than building internal capability from scratch.
Integrate AI incident response playbooks into national cyber strategy
Canada’s national and sectoral cyber incident response plans do not currently address the specific techniques involved in AI-assisted attacks: prompt injection, model manipulation, the exploitation of agentic tool-calling interfaces [10][14]. Developing and exercising playbooks for these scenarios, in collaboration with the Canadian Centre for Cyber Security, is an urgent gap [5].
Build shared AI cyber ranges
Municipalities, smaller crown corporations, and regional health authorities cannot individually fund sophisticated AI red-teaming infrastructure. Shared cyber ranges, government-funded or consortium-backed environments where Canadian public bodies can test against simulated AI-enabled attacks, would extend access to the kind of adversarial exercises that only the largest organizations can currently afford [11].
Canada already has institutional infrastructure to build on. The Canadian Cyber Threat Exchange (CCTX), a not-for-profit hub founded in 2017 by leaders from Canada’s largest corporations, serves as the country’s only cross-sector platform for sharing and analysing cyber threat intelligence [17]. Its membership spans organizations of all sizes across every sector and represents close to two million Canadian employees. The CCTX held its 2026 annual symposium in Toronto with a dedicated session on frontier AI readiness and resilience, confirming that the organization has already pivoted to address the Mythos-era threat environment [17]. Shared AI cyber ranges could be seeded through or alongside the CCTX’s existing collaboration centre model, giving under-resourced municipalities and smaller crown corporations access to coordinated AI red-teaming exercises without requiring each to build standalone capability.
Set the international standard
Countries that adopt continuous, AI-native cyber hardening first will establish de facto global standards for defensible architecture in the Mythos era. Canada has the strengths and positioning to lead this change: a deep talent pool in AI research, strong multilateral relationships with allied cyber agencies, and institutional credibility in setting internationally recognized standards [11][13].
Innervation’s Invitation
Virtually every advanced economy faces a version of the same challenge. The argument here is specific: the gap between the threat that AI-enabled attacks represent and the posture most Canadian organizations maintain is significant, measurable, and closeable within a realistic timeframe – if the right architecture and institutional will are brought to bear.
Innervation’s core proposition is that continuous, AI-driven hardening – coordinating specialized neurosymbolic agents to test, break, repair, harden, and re-test critical systems – is not a future capability. It is available today, under governance frameworks that align with white-hat protocols, regulatory obligations, and the operational realities of Canadian public and private sector security teams [13].
It will never be easy to budget for an uncertain future, or justify using immediate tangible resources against ephemeral future threats. But there has never been a larger gap between the scale and severity of the threat, and our preparedness, nor a better moment to take concrete steps to rectify it. The payoff will not come tomorrow, and it will not show up on a balance sheet. But when the flood comes, and it IS coming, being the only dry house on the block is worth more than can be quantified.
— Tyler Kolody, CTO, Innervation AI
The organizations that build continuous, AI-native hardening into their security architecture before the next major incident are not just better protected. They are building the institutional knowledge and the tested playbooks that will define Canadian cyber resilience for the decade ahead. The Mythos era does not arrive with a warning.
If you are responsible for Canadian systems that cannot afford a Mythos-era surprise, Innervation is actively partnering with public institutions, crown corporations, and critical enterprises to design continuous AI-driven hardening programmes. To explore a pilot or readiness assessment, reach out to the Innervation team.
Key Takeaways
- The Mythos era is operational, not theoretical – Claude Mythos surfaced thousands of high-severity zero-days across every major OS and browser, and a separate Anthropic model was already used as an active assistant in the breach of the Mexican government.
- Human-speed defence assumptions no longer hold – periodic risk assessments, annual penetration tests, and patch-cadence vulnerability management were designed for adversaries that no longer exist.
- Canada’s attack surface is exceptionally exposed – federal ministries, provincial health networks, 3,500+ municipalities, and critical infrastructure operators, many of whom run with security teams too small for continuous monitoring.
- Symmetry is now operational, not aspirational – if adversaries discover and exploit at machine speed, defenders must discover and remediate at machine speed too.
- Multi-agent hardening decomposes the problem – specialized agents (asset discovery, configuration analysis, exploit generation, patch validation, reporting) running in parallel under governance controls outperforms any single AI tool.
- Governance is architectural, not retrofittable – audit logging, NIST AI RMF alignment, and Canadian public-sector security controls must be designed in from day one.
- Canada has the infrastructure to lead – the CCTX, deep AI research talent, and strong allied cyber relationships provide a foundation for AI-native readiness if institutional will follows.
Frequently Asked Questions
Traditional cyberattacks operate at human speed. A skilled team typically needs weeks or months to discover a vulnerability, develop a working exploit, and execute a complex attack chain. AI-enabled attacks collapse that timeline by automating vulnerability discovery, exploit generation, and parts of the attack chain itself. Claude Mythos demonstrated that a frontier AI model can surface thousands of zero-day vulnerabilities across major operating systems in weeks. The Mexican government breach demonstrated that even weaker, more accessible models can serve as a capable attack assistant. The combined effect is that the resources needed to execute a sophisticated attack are now available to a much wider range of actors.
Claude Mythos is a preview AI model from Anthropic with offensive security capabilities that surpass what individual human researchers can achieve. As part of Project Glasswing, it surfaced thousands of previously unknown, high-severity vulnerabilities across Windows, macOS, Linux, and every major browser, including a flaw in OpenBSD that had persisted undetected for nearly three decades. Anthropic restricted access to those capabilities specifically because of their offensive potential. For defenders, Mythos is significant because the same architectural advances that allow a defensive AI to find thousands of zero-days can be turned to offensive use. The window between vulnerability discovery and active exploitation could effectively collapse.
Classical vulnerability management assumes a manageable backlog: vulnerabilities are discovered, CVEs are assigned, patches are developed, and organizations roll out fixes in a reasonable timeframe. In the Mythos era, two assumptions break. First, the rate of vulnerability discovery is no longer bounded by human researcher capacity. Second, many discovered vulnerabilities will not have vendor-supplied patches at all, because they were discovered by attackers first. Defenders cannot patch their way out of a backlog that grows faster than patches can be written and deployed. The only adequate response is to discover and remediate continuously, using the same classes of AI-driven tools that adversaries are using.
Most existing security tools are either monolithic platforms (SIEM, EDR, IDS) or point solutions for a single task. A single AI model bolted onto one of those tools inherits the limitations of the host architecture. Multi-agent defence decomposes the continuous hardening problem into specialized agents that each excel at one part of the security pipeline: asset discovery, configuration analysis, exploit generation against staging mirrors, patch validation, regression testing, and reporting. The agents run in parallel under governance controls, with all actions logged and auditable. This produces continuous, AI-driven coverage of the environment rather than periodic, point-in-time scans.
Three immediate actions. First, audit your current AI footprint – every agentic system deployed inside the organization is itself an attack surface that most security frameworks do not yet model. Second, update your vulnerability management posture from periodic to continuous; even an interim weekly cadence is closer to the threat tempo than annual penetration tests. Third, engage with shared infrastructure where available – the Canadian Cyber Threat Exchange (CCTX) is the natural starting point for cross-sector intelligence sharing, and consortium-backed AI cyber ranges are likely to emerge as the most practical resource for municipalities and smaller crown corporations.
References
- Anthropic / The Hacker News – “Anthropic’s Claude Mythos Finds Thousands of Zero-Day Flaws Across Major Systems.” The Hacker News, April 2026.
- AISLE Research – “AI Cybersecurity After Mythos: The Jagged Frontier (OpenBSD 27-year flaw detail).” AISLE, April 2026.
- Gambit Security / SecurityWeek – “Hackers Weaponize Claude Code in Mexican Government Cyberattack.” SecurityWeek, March 2026.
- Bloomberg – “Hacker Used Anthropic’s Claude to Steal Sensitive Mexican Data.” Bloomberg, February 2026.
- Canadian Centre for Cyber Security – “National Cyber Threat Assessment 2025–2026.” CCCS, October 2024.
- Fortinet FortiGuard Labs – “2026 Global Threat Landscape Report: Surge in AI-Enabled Cybercrime.” Fortinet, May 2026.
- Fortinet FortiGuard Labs – “Artificial Intelligence (AI) in Cybersecurity: The Future of Threat Defense.” Fortinet, 2026.
- Darktrace – “State of Cybersecurity Canada 2026.” Darktrace, 2026.
- Darktrace – “The State of AI Cybersecurity 2026.” Darktrace, 2026.
- ISA Cybersecurity – “AI is the New Threat Surface: Why Canadian Municipalities Must Rethink Cybersecurity in the Age of AI.” ISA Cybersecurity, March 2026.
- World Economic Forum / Accenture – “Global Cybersecurity Outlook 2026.” WEF, January 2026.
- World Economic Forum – “Global Cybersecurity Outlook 2026 – Full Report (PDF).” WEF, January 2026.
- NIST – “AI Risk Management Framework (AI RMF 1.0).” National Institute of Standards and Technology, January 2023 (updated April 2026).
- Communications Security Establishment Canada – “Canadian Centre for Cyber Security Releases NCTA 2025-2026.” Government of Canada, October 2024.
- Version 1 / Anthropic – “Project Glasswing, Claude Mythos and What ‘Secure AI’ Really Means for Organisations.” Version 1 Blog, April 2026.
- Paubox – “Claude Code Exploited in Mexican Government Cyberattack (195 million identities exposed).” Paubox, March 2026.
- Canadian Cyber Threat Exchange (CCTX) – “About CCTX – Canada’s Cross-Sector Cyber Threat Intelligence Sharing Hub.” CCTX, 2026.
- World Economic Forum – “Cyber Security Background Paper: Critical Infrastructure Protection, Systemic Risk and New Norms of Collaboration.” WEF, c. 2016–2017.