In my last piece on this topic, I described the agent economy as a cryptographic debt crisis — a widening gap between the adoption curve for autonomous AI and the control plane being built around it. The specific place where that gap is widest: the trust fabric underneath every credential, every token, every API call an agent makes on someone's behalf.
That was six weeks ago. The gap just got a lot more visible.
What Mythos Changed
On April 7, 2026, Anthropic announced Claude Mythos Preview — and made a decision that tells you everything about where AI capability actually is right now. They did not release it. Not because it wasn't ready. Because it was too capable to release safely.
Mythos can autonomously find zero-day vulnerabilities and create working exploits for them — across every major operating system, every major web browser, and the open-source libraries that underpin most of the world's critical software infrastructure.
Instead of a general release, Anthropic launched Project Glasswing: a controlled-access consortium of roughly 50 vetted organizations — AWS, Apple, Cisco, Google, JPMorganChase, Microsoft, NVIDIA, CrowdStrike, Cloudflare, Mozilla, and others — with $100 million in model usage credits committed to a single purpose: find the vulnerabilities before the adversaries do.
On May 22, Anthropic published the first month of results. Mythos scanned over 1,000 open-source projects and flagged 23,019 vulnerabilities — 6,202 estimated high or critical severity. An independent firm validated a sample and confirmed 90.6% were real. Mozilla patched 271 in a single Firefox release. Cloudflare found 2,000 across its critical infrastructure. One wolfSSL vulnerability — CVE-2026-5194 — would have allowed attackers to forge TLS certificates across billions of IoT and industrial devices.
Less than 1% of the vulnerabilities Mythos found have been patched.
That's not a criticism of patch teams. It's a description of the scale of the problem relative to the speed of the fix cycle. Mythos found vulnerabilities faster than the entire industry's patching infrastructure can process them.
And this week, Anthropic announced that a Mythos-class model will be available to all customers "in the coming weeks" — once stronger safeguards are developed. The capability that found 23,019 vulnerabilities in a month will shortly be accessible to anyone with an API key. That cuts both ways. The same model that gives defenders an extraordinary tool gives adversaries their own version of it through capability proliferation across the broader frontier ecosystem.
The question every security leader should be asking is not "when will AI threaten our infrastructure?" It's "how much of our infrastructure was already compromised — and how much more exposure opens the moment Mythos-class capability reaches general availability?"
The Convergence That Changes the Math
The harvest-now-decrypt-later (HNDL) threat has been publicly acknowledged as active by the NSA, CISA, and NIST for years. Adversaries intercept and archive encrypted data today, against the assumption that future computational capability will render it readable. Three papers published between May 2025 and March 2026 reduced the estimated quantum resources needed to break RSA-2048 from 20 million qubits to fewer than 100,000 — compressing a timeline most enterprise security roadmaps hadn't planned for.
But the quantum timeline is only one vector. The other — the one Mythos just made visible — is AI-accelerated exploitation of the vulnerabilities already present in today's infrastructure. Palo Alto Networks put it plainly: the HNDL timeline has been dramatically accelerated by AI. The silent, invisible data heist of the future is already underway, at machine speed, against infrastructure that was never hardened for this threat profile.
CVE-2026-5194 is the clearest illustration: a flaw that would have allowed forged TLS certificates across billions of devices. TLS is not incidental to the HNDL threat model — it is the layer being harvested. A vulnerability in certificate validation is a vulnerability in the integrity of everything above it.
The Compounding Problem
What makes this moment genuinely different from prior security inflection points is not any single threat vector. It is the compounding interaction between all of them.
AI capability compounds — Mythos is not the ceiling, it is the current floor. Every model release from every frontier lab pushes the capability available to both defenders and adversaries upward, on a curve that is accelerating, not flattening.
The vulnerability surface compounds — every new autonomous agent deployed adds credential exposure. Every new integration adds attack surface. The agent economy I described in February is growing faster than the control plane being built around it, and the gap widens with every deployment.
The harvest window compounds — every quarter that passes without PQC migration is another quarter of encrypted traffic archived by adversaries at machine scale. That data doesn't expire. The exposure accumulates silently, invisibly, until the decryption capability arrives.
And the organizational readiness gap compounds — each quarter of inaction makes the eventual migration more complex, more expensive, and more constrained by vendor capacity and regulatory deadline pressure.
Four compounding curves, all moving in the wrong direction simultaneously. This is not a problem that gets easier with time. It is one of the few technology risks where waiting is itself the decision — and where the cost of waiting is not linear.
The Gap Is Organizational
Bain & Company found that 71% of business executives expect quantum-enabled cyberattacks within five years. Only 9% have a roadmap to address it. That delta — 71% aware, 9% prepared — is the organizational gap. It is being widened not by lack of information, but by governance committees and procurement cycles that cause security teams to evaluate while adversaries iterate.
The 2026 WEF Global Cybersecurity Outlook found that 94% of respondents identify AI as the dominant driver of change in cybersecurity this year — yet leaders' concerns have shifted toward internal data leaks (34%) over adversarial AI capabilities (29%). They are worried about the wrong thing. 2025 was the last year defenders had AI parity with attackers. 2026 is the year that parity is eroding — not because the tools don't exist, but because organizations cannot govern fast enough to deploy them.
What "Prepare Now" Actually Means
I wrote in February about the compounding growth AI makes possible — compressed timelines in medicine, education, and business that represent the most extraordinary opportunity in modern economic history. AI is a gift. But gifts have to be received responsibly. The specific responsibility this moment demands is preparation for the HNDL window, before it closes on terms that are not yours to set.
Understand your cryptographic inventory. Most organizations do not have a complete picture of where RSA and elliptic curve cryptography are deployed. Before you can migrate, you have to map. This is not glamorous work. It is the prerequisite for everything else.
Treat your highest-sensitivity data as already harvested. If the financial records, M&A communications, healthcare data, and intellectual property your organization transmitted over the last three years were intercepted and archived — and there is no good reason to assume they weren't — the question is not whether to protect that data. It is what decisions you make differently knowing it may eventually be readable.
Begin PQC migration on your highest-value systems now. NIST finalized post-quantum standards in August 2024 — FIPS 203, 204, and 205. The NSA's CNSA 2.0 requires quantum-safe algorithms on all new national security system acquisitions from January 2027. The EU's roadmap sets 2030 as the migration deadline for critical infrastructure. Organizations that begin now will complete migration before the mandates land. Those that wait will migrate under deadline pressure with constrained vendor capacity and elevated implementation risk.
Demand agent credential governance. Every autonomous agent your organization deploys is a credential holder — API keys, OAuth tokens, active sessions into your most sensitive systems. The standard to demand now is forward compatibility with PQC: agent identity infrastructure that can be migrated without full re-architecture when the transition arrives.
Watch Project Glasswing findings actively. Anthropic has committed to sharing vulnerability findings with the broader industry. Mozilla's Firefox 150 patch is the template — a Glasswing finding surfaces, a patch ships, organizations that are watching apply it. This is free infrastructure intelligence. Use it.
The Clock Was Already Running
Mythos didn't create the threat. It made it impossible to discount.
The harvest-now-decrypt-later window is not a future problem. It opened the moment your last encrypted packet left the building. The question is how long the window stays open — and whether you use the time available to close it on your terms or wait until the terms are set for you.
The tools exist. The standards are finalized. The regulatory timelines are set. The Glasswing findings will be published. There is no information gap that justifies inaction.
There is only the decision — made now, or made later under worse conditions — about which side of this transition your organization will be on.
The clock was already running. It just became visible.
Mark Anderson is Founder & President of A3C Growth Partners and CRO of CyberProtonics, a post-quantum cryptographic trust layer company. He works with founders, executives, and investors navigating high-stakes growth and security transformation. a3c.one