There is a pattern in how the tech industry handles new risk categories. Something new appears. Analysts write think pieces. A few startups pitch it as an add-on feature. Then, eventually, someone builds the actual infrastructure — and you realize how long you were operating without it.

That is where we are with AI security. The threat has been visible for years. The dedicated tooling is only now catching up.

Mythos is one of the companies trying to close that gap. And the fact that Glasswing — a firm that has spent years betting early on AI infrastructure — is in their corner says something about where this category is headed.

The Problem with How We Have Been Thinking About This

Traditional cybersecurity operates on a fairly clean mental model: there are systems, there are actors trying to breach those systems, and there are defenders trying to stop them. Roles are defined. Boundaries are mapped. The attack surface, however large, is at least conceptually finite.

AI breaks that model in ways that feel obvious in retrospect. An AI system is not just infrastructure — it is also a decision-maker, a communicator, and sometimes a gatekeeper. When it gets compromised, the damage does not look like a data breach. It looks like an organization slowly making decisions based on corrupted inputs, or a chatbot quietly steering customers somewhere harmful, or an autonomous agent acting on instructions nobody authorized.

That kind of failure is not a security incident. It is also a governance failure. And depending on who is affected, it is a crisis.

Organizations have been treating these as separate problems because they always were separate problems. They no longer are.

"The attack surface is no longer just your network perimeter. It is every model, every prompt, every automated decision — and the humans trusting those outputs without knowing they've been tampered with." — Mythos Security Brief, 2026

What Mythos Actually Gets Right

A lot of companies are adding "AI security" to their pitch deck. Most of them mean one of two things: either they are using AI to detect threats faster, or they are slapping some compliance language onto a product that was already protecting endpoints.

Mythos is doing something different. The premise is that AI systems themselves are the attack surface — not just the tools defending it. That means the threat model has to account for things traditional security does not really track: adversarial inputs that manipulate model behavior, prompt injection through seemingly harmless data, model outputs that bypass downstream safety checks, and agents that can be redirected mid-task.

None of that fits neatly into a SIEM dashboard.

Glasswing's Bet Is Not Just a Check

Venture firms back companies for all kinds of reasons. Sometimes it is the team. Sometimes it is the market timing. Sometimes it is just pattern-matching off a thesis that has paid off before.

Glasswing is not a generalist fund placing broadly. They have spent years making targeted early bets on companies building AI infrastructure with security implications. When they back something in this space, they are usually ahead of the curve — not reacting to it.

What their involvement signals is that the AI security category has reached a threshold. Not mainstream adoption, but institutional conviction. The money is starting to move into dedicated tooling rather than waiting for incumbents to bolt new features onto old architectures.

That is usually the moment a category tips.

Three Disciplines That Are Now One Problem

Here is what I keep coming back to. Every serious AI security incident I can point to in the last two years involved a failure across all three domains simultaneously — and each domain handled it as if the other two did not exist.

Cybersecurity Without AI Literacy Is Flying Blind

Classic security teams are trained to look for known indicators of compromise. Malicious processes. Unusual network traffic. Unauthorized access. AI threats often leave none of those fingerprints. A model being manipulated through adversarial prompts looks, from the outside, like normal API calls. There is nothing to alert on — unless you are specifically watching for it.

AI Governance Without Security Context Is Just Policy Theater

Governance teams write policies about fairness, transparency, and acceptable use. That is necessary work. It is also completely useless if the model was compromised three months before anyone ran an audit. You cannot govern outputs you do not know have been tampered with. Security has to come before governance — not alongside it.

Crisis Management Without AI-Specific Playbooks Is Guesswork

Crisis communications and incident response were built for human-speed failures. A server goes down. A breach is discovered. You execute a playbook: contain, assess, communicate, remediate. AI failures can cascade faster than that, and they often do not have a clean moment of discovery. By the time something looks like a crisis, the underlying problem may have been active for weeks. The old playbooks do not account for that.

"You cannot govern what you cannot see, and you cannot secure what you do not understand is being targeted. That gap — between governance teams and security teams — is exactly where adversaries are operating." — AI Incident Response Forum, 2025

What "No System Is Safe" Actually Means in Practice

This is not an argument for fatalism or for paralysis. "No system is safe" is a design constraint, not a death sentence. Engineers build under that assumption every day — they design for failure, build in redundancy, and treat compromise as inevitable rather than preventable.

The same mental shift needs to happen in how organizations think about AI. Stop asking whether your AI system can be exploited. It can. Ask instead what the blast radius looks like when it is, and whether you will know it happened.

The Epoch Framing Is Deserved

It is easy to roll your eyes at "new epoch" language. The tech industry overuses it. But occasionally it is accurate. The introduction of the internet was a new epoch for communications. Mobile was a new epoch for software distribution. AI-as-infrastructure is a new epoch for risk.

That does not mean everything changes overnight. It means the assumptions that underpinned a decade of security and governance thinking — that systems have clean perimeters, that decisions are traceable, that failures are detectable — are no longer reliable. You can keep operating on those assumptions. A lot of organizations will. Some of them will have a very bad few years as a result.

What Mythos and Glasswing are betting on is that enough organizations will figure this out fast enough to build a real market. They are probably right.

---

---

Frequently Asked Questions

What is Mythos in the context of AI and cybersecurity? +

Mythos is a cybersecurity platform designed to address threats that emerge specifically from AI systems — including adversarial manipulation, autonomous agent abuse, and AI-assisted social engineering. It treats AI infrastructure as a distinct attack surface, not an extension of traditional IT security. Where legacy tools look for known malware signatures and network anomalies, Mythos monitors for behavioral drift in models, unauthorized agent actions, and prompt-level manipulation that traditional SIEM tools cannot detect.

What role does Glasswing play alongside Mythos? +

Glasswing is an AI-focused venture firm that has backed Mythos. Their partnership signals industry-level conviction that AI security is its own category — not a sub-feature of existing cybersecurity products. Glasswing has a track record of early investment in AI infrastructure companies, and their involvement suggests this category has crossed from "interesting thesis" into "real market" territory in the eyes of investors who have seen the space from the inside.

Why are cybersecurity, AI governance, and crisis management converging? +

Because AI systems operate across all three domains simultaneously. An AI model can be exploited as a security vulnerability, fail as a governance gap, and trigger a public crisis — sometimes all at once. Handling each function in a separate silo no longer makes sense when the underlying risk is the same technology behaving in unintended ways. A prompt injection attack is simultaneously a security incident, a governance failure, and a potential PR crisis.

Is any system truly safe from AI-era threats? +

No — and that is not pessimism, it is the realistic operating condition. AI threats do not follow conventional attack patterns. They adapt, exploit gaps in human judgment, and can move faster than any security team can manually respond. The goal is resilience and detection speed, not the illusion of total safety. Organizations that design under the assumption of eventual compromise are far better positioned than those still chasing the idea of an impenetrable system.

What should organizations do to prepare for AI-era cyber threats? +

Organizations should audit their AI systems as distinct attack surfaces — starting with prompt injection and output validation risks. Cross-functional response teams that include legal, communications, and security should be established before an incident, not during one. Incident response plans need AI-specific scenarios, and AI governance needs to be treated as a security function, not a compliance checkbox carried out in isolation from the engineering and security teams.

How is AI used offensively in cyberattacks today? +

Attackers use AI to automate reconnaissance at scale, craft hyper-personalized phishing messages that defeat traditional email filtering, generate convincing deepfakes for voice and video social engineering, find zero-day vulnerabilities faster than defenders can patch them, and manipulate AI models through prompt injection or adversarial inputs. The speed and personalization advantages that AI provides to defenders apply equally — and in some cases more easily — to attackers who operate without ethical constraints.