What just happened
On 7 April, Anthropic announced Project Glasswing and a new frontier model called Claude Mythos Preview. Twelve launch partners (AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks, Broadcom, and Anthropic itself) got access. Over forty additional vetted organisations followed. The model isn’t being made publicly available. Anthropic considers the capability too dangerous to make publicly available.
In the weeks before the announcement, Mythos found thousands of zero-day vulnerabilities (previously unknown flaws in software that attackers can exploit before any patch exists). A 27-year-old bug in OpenBSD, one of the most security-hardened operating systems in the world, the one a lot of firewalls run on. A 16-year-old flaw in FFmpeg sitting in a line of code that automated testing tools had hit five million times without ever catching it. A privilege-escalation chain in the Linux kernel (a way for a low-level user to get full system control). A 17-year-old remote-code-execution flaw in FreeBSD’s NFS server that the model both found and fully exploited, root access, no human steering after the initial prompt. Mozilla shipped a Firefox release patching 271 vulnerabilities found by the model in a single evaluation pass.
Separately, the UK’s National Cyber Security Centre and AI Security Institute ran a 32-step simulated network attack (estimated at around 14 hours for a human expert) against the seven frontier models released before March 2026. The best one averaged just under sixteen of those thirty-two steps. The generation before that averaged fewer than two. The cost of a single full attempt? Roughly £65.
What does it mean for a 30-person business in South London running Microsoft 365, UniFi, a couple of SaaS tools, and a partner accountant?
What’s actually new for an SME
As an SME you’re a consumer of software rather than a writer of it, and the platforms you sit on top of (your operating systems, your browsers, your tenancy, your network kit, your line-of-business SaaS) are the ones with the bugs that just got easier to find.
That’s the first thing that’s changed. The rate at which vulnerabilities get discovered in widely-used software has accelerated. Some of those will be discovered by defenders working with vetted access to models like Mythos and patched through coordinated disclosure before they ever go public. Some will be discovered by attackers using cheaper, less safeguarded models (there are plenty of those) and weaponised before any patch ships. The NCSC’s blunt summary is worth quoting: “Defenders should assume that at least some attackers already have access to capable AI tools.”
The second thing that’s changed is the window. CrowdStrike’s CTO described it on the day of the Glasswing announcement: “The window between a vulnerability being discovered and being exploited by an adversary has collapsed, what once took months now happens in minutes with AI.” The slack that used to sit inside an SME patch cadence has gone, and what was a quarterly rhythm is now the weekly one.
The third thing, and this is the one the headlines won’t tell you, is the size of the coming patch wave. NCSC has a follow-on blog flagging it explicitly. Decades of accumulated technical debt across operating systems, browsers, and infrastructure software is about to come out in patches in a sustained wave that NCSC are urging organisations to prepare for now. If your patching is monthly with no measured time-to-deploy, you’re already behind, and the gap won’t close this quarter because the new baseline is permanent.
Three things to be sceptical of
Now the bit that needs scepticism. Within weeks of any frontier capability story, the marketing follows it out the door. Three things you’ll hear in the coming months that we’d push back on.
First: “AI-resistant” product SKUs are mostly marketing. There’s no defensive product you can buy that immunises you against AI-augmented attackers. The strong defences are still the boring ones.
Second: most breaches in 2026 are still going to look like 2024 breaches. Business email compromise (an attacker impersonating you or one of your team to redirect a payment or extract information), credential theft, phishing leading to ransomware via lateral movement (the attacker landing on one machine and then moving across your network to bigger targets). AI is a quality multiplier and a cost reducer on those attacks, with better-written phishing, faster reconnaissance, and cheaper attempts, rather than a wholesale transformation of the threat model. The Mythos-class threat is upstream, in the supply chain you depend on. Your day-to-day exposure looks the same as last year, but with phishing emails that read like the real sender wrote them.
Third: panic-buying tools doesn’t help. The firms selling “AI-powered” defensive products are largely the same firms whose products you already have, rebadged. Tools matter less than posture.
What an SME should be doing, now and going forward
There’s a one-off audit, and there’s a permanent posture shift. Both matter.
The one-off audit, this month. Do you have an accurate, current inventory of what you actually run? Operating systems, browsers, network kit, SaaS, line-of-business apps, anything internet-facing. Most SMEs don’t. If you can’t list it, you can’t patch it. Second: what’s your real time-to-patch, not “we apply updates monthly” but the measured median number of days between vendor release and your fleet being updated? Most teams that haven’t measured this are surprised. Third: which of your suppliers have given you a clear answer on their own AI-era security posture? Cyber-insurance underwriters and CE+ (Cyber Essentials Plus, the UK government-backed certification) assessors are starting to ask.
The permanent posture shifts. Patching velocity becomes a KPI, not an event. Identity hygiene (MFA, multi-factor authentication, on everything; no shared credentials; clean offboarding) matters more, not less; credential theft is what AI-augmented attackers are best at scaling. Defence in depth (multiple overlapping layers so no single failure is fatal) assumes the upstream gets popped eventually; you want logs, alerts, segmentation, and a tested recovery plan so a single bad day doesn’t become a six-month business event. Staff awareness training has to be updated for the era of phishing that doesn’t have spelling mistakes. And vendor due diligence becomes a continuous question, not a one-off at procurement.
The NCSC’s framing is the right one to internalise: AI won’t compensate for weak security foundations, but it will amplify both strengths and weaknesses. The work to do is mostly the work you already knew to do, done more rigorously, measured more honestly, and treated as posture rather than project.
The defender’s structural advantage
There’s a reason for optimism in NCSC’s analysis that often gets lost in the scary headlines. Defenders have a structural advantage attackers don’t: they shape the environment. They know what’s installed, who should be logged in, what normal traffic looks like, where the data lives. AI used defensively exploits that advantage at scale. The same capabilities that make Mythos-class models dangerous in the wrong hands make them invaluable for finding flaws in your stack before someone else does. The firms that come out of the next two years well are the ones who treated the fundamentals as continuous discipline rather than tick-box compliance, and used the new tooling, defensively, to extend their reach. The cost of waiting for the next NCSC bulletin to start the work is a year of compounding exposure you don’t get back.
If you’re working through what your stack actually looks like and where the soft edges are, that’s our Security Solutions and Consulting Services practices. We’ll either do the work or sit alongside whoever does. Drop us a note at info@jmopartners.co.uk and we’ll set up a conversation.
JMO|Partners · Enterprise IT, sized for SMEs.