Threat Intelligence · June 2026

The Mythos
Field Report

We saw how Anthropic's Mythos worked its way through real enterprise environments. This is what we found—and what actually stopped AI-powered attacks.

Scroll for our findings or grab the Mythos Readiness Kit and take it straight to your C-suite.

~2hrs

From first access to full cross-domain compromise

AI-powered attack playbooks execute at a speed that leaves no realistic window for human response.

What we found: Mythos Field Report Key Findings

Six findings every security and identity leader needs to see

These six insights aren't theoretical. They come from running Mythos against enterprise environments and seeing which controls finally stopped it.

AI-powered attacks run through identity

Mythos doesn't always need a CVE. In some cases, it discovered, planned, and chained existing trusted accounts, crossing domains, using misconfigurations (like reused credentials, over-privileged accounts, and weak auth flows) into full domain compromise in under two hours.

Active Directory and on-prem infrastructure is a primary target

Mythos targets on-prem infrastructure and Active Directory specifically. We saw it exploit RC4 weaknesses, weak certificates, and misconfigured domain controls. It understands that taking over Active Directory is how you win, and it works methodically toward that goal.

The math of vulnerability management doesn't hold

When organizations scan with Mythos, they find thousands of vulnerabilities, making a patching race unrealistic. Even if you could patch, AI models still need to move, access resources, and traverse networks. When they do, they use identities and access.

Static IGA breaks down entirely

AI-powered attacks move faster and adapt in ways that pre-configured rules simply can't anticipate. AI agents are ephemeral, multi-identity, and non-deterministic. Governance matters, but periodic reviews can no longer be a primary control.

Detection had no realistic human-based response window

With breakout times measured in minutes, detection comes too late. Mythos runs multiple attack vectors simultaneously, making noise in one area while moving laterally in another. By the time you respond, it's already dumped credentials and moved on. You're responding to where it was, not where it is.

Service accounts and machine identities are frequently the #1 target

Non-human identities carry privileged access, often with no behavioral baseline or compensating controls. In one example, a service account was regularly abused for privilege escalation—until virtual fencing on that single account prevented full domain compromise.

What actually stopped it

Inline, runtime identity controls stop attacks cold

Four controls stopped Mythos: aggressive identity segmentation, virtual fencing on high-risk accounts, Just-In-Time (JIT) access, and adaptive MFA. The common thread is that they all operate inline, before access is granted. If you want to close the lateral movement paths Mythos depends on, define expected authentication patterns for your Tier 0/Tier 1 accounts and enforce them at runtime.

"Oh s#$t! We need to shut down Silverfort because we can't run the drill."

Red teamer

On Silverfort preventing a Mythos-based red team exercise

The fix

Three controls that actually stop AI-powered attacks

All three share a defining characteristic: they operate inline, at the moment of authentication, before access is granted. Because runtime beats reactive every time.

Most effective

Virtually "fence" service accounts & machine identities

Non-human identities are the priority target for any adversary. They sit everywhere, carry privileged access, and most have no compensating controls. Virtual fencing prevents unauthorized usage of valid credentials in contexts outside their defined scope.

"Virtual fencing actually stops me from escalating privileges." — Red teamer

Strong identity segmentation and smart inline policies

Define expected authentication patterns for the most sensitive accounts and set aggressive identity segmentation policies to close the lateral movement paths. Just-in-Time access and adaptive MFA policies for Tier 0 and Tier 1 accounts are critical.

Inline enforcement at runtime is the replacement for governance as a primary control.

Controls on identity infrastructure, where attackers actually move

AI-powered attackers do not care whether a system is modern or legacy—they follow the paths available to them. Move away from NTLM, RC4 and other legacy protocols, and force more secure authentication protocols. This reduces the attack surface AI-powered attacks can operate against, which will harden posture and improve runtime visibility at the same time.

Reduces attack surface and strengthens the control plane simultaneously.

"Silverfort is phenomenal. It blocked Mythos' attempts to spread in the network. At some point, we had to disable Silverfort's defenses to allow further testing."

— Security operations leader

Are you ready for ai-powered attacks?

What this means for your role

The attack chains haven't changed. The speed has. What that means for you depends on where you sit.

The board is asking if you're prepared for AI-powered attacks. The honest answer: you need an additional control point that works at AI-speed.

Your identity infrastructure is the main target

Attackers always go for the path of least resistance, and AI-powered attackers are no different. Identity is the vehicle Mythos used to navigate through environments and own systems. Active Directory, domain controllers, service accounts were all primary targets. Identity resilience is now just as critical as any other security control in your stack.

"Assume breach" is now standard operating mode

Your credentials will be compromised, and vulnerabilities will always exist. The question isn't whether attackers can get in—it's how quickly you can stop them. Runtime controls to stop attackers in the act is how you compress the blast radius.

Your controls were built for a world where there's time between compromise and breach

Detection, vulnerability management, and governance all work on the basis that there's time between attack and response. AI-powered attacks eliminated that window. Mythos doesn't need CVEs. It chains misconfigured accounts, forgotten credentials, and over-privileged service accounts that already live in your environment. You need a control that operates inline, before access is granted.

The answer

Identity can be a credible control point

Every step where ordinary access becomes material business impact—lateral movement, privilege escalation, data exfiltration—has to cross the identity layer. Controlling that crossing at runtime is the architecture that actually holds against AI-speed attacks.

Mythos transformed your known gaps from a theoretical risk into a real one. Use it to move identity from an ops function to a security control.

Service accounts and machine identities are a top target

Offensive AI agents authenticate with over-privileged accounts—their actions are unattributed and their behavior is baselined against nothing. In one example where Mythos was used, virtual fencing on a single service account prevented full domain compromise. That account had been abused in every prior red team engagement.

Mythos will exploit your AD posture

A single misconfiguration creates an average of 109 shadow admin accounts. 67% of organizations sync Active Directory passwords to cloud. Nearly 1 in 3 accounts is highly privileged. Mythos doesn't need a zero-day, because it can find identity weaknesses and chain them together.

MFA gaps on legacy and homegrown systems are no longer acceptable

Every system without MFA is an open credential path. NTLM deprecation combined with inline blocking reduced the attack surface significantly and improved Silverfort's ability to manage auth flow—a double win.

The answer

Inline, runtime access controls stop attacks cold

Aggressive identity segmentation, virtual fencing to prevent privilege escalation, and adaptive MFA policies proved capable of stopping Mythos-powered attacks. Define expected authentication patterns for Tier 0/Tier 1 accounts, enforcing controls inline to close the lateral movement paths Mythos was chaining.

Your environment by the numbers

109

Shadow admin accounts from a single AD misconfiguration

67%

Of orgs sync AD passwords to cloud, turning on-prem compromise to cloud compromise

90%

Run hybrid identity infrastructure.
AD exposures = cloud risk

1 in 3

Accounts are highly privileged service accounts—and most are unmonitored

Source: Silverfort Identity Threat Exposures Report

Inside Anthropic's Mythos

Mythos in the wild: how a full domain compromise unfolds without runtime controls

This is a composite of red team engagements with no novel techniques and very few zero-days. It's mostly identity posture issues that exist in virtually every enterprise, chained at machine speed.

Step 01

Initial low level access

The model and derivative agents gained a workable path through a combination of posture gaps and over-permissioned identities to get to domain access.

Step 02

Gain elevated permissions

Over-privileged service accounts and reused credentials were identified and exploited. First elevated permissions obtained. Still inside the lab environment.

Step 03

Escape testing and make it into production

Lab boundary crossed. Mythos chained misconfigured trust relationships to move laterally into the production environment.

Step 04

Escalate privilege

Two additional privilege escalation hops, chaining ESC1 misconfigurations and shadow admin accounts. Domain Administrator access obtained.

Step 05

Move laterally using service accounts

Service accounts and identity infrastructure targeted to complete attack.

Step 06

Gain domain access to infrastructure

Pull production password hashes through a directory replication attack.

The case for runtime identity security

Three things that are now true

Traditional security controls are collapsing

CVEs will keep being issued. Patches will keep shipping. Detection tools will keep firing alerts. But none of that is fast enough to stop an AI-powered attack from achieving full domain compromise using misconfigurations and credentials that already exist in your environment. The assumptions these controls were built on no longer hold.

Identity is now the control point

In fact, identity isn't just a control point—it's the control point. Every step where ordinary compromise becomes material business impact—lateral movement, privilege escalation, data exfiltration—has to cross the identity layer. Vulnerability management addresses independent silos, but identity runtime control addresses the much smaller set of crossings between those silos.

AI-powered attacks require runtime controls because nothing else is fast enough

Runtime is the only way to manage the speed and decision-making required in the age of agentic offensive operations. Inline enforcement before authentication completes is the only control that operates at the same speed as the attacker. That is what Silverfort was built to deliver, everywhere—from AD to AI.

The next step

Get ahead of Mythos.

Transform your identity layer into a control point. Learn how organizations are hardening their identity infrastructure against AI-powered attacks with runtime Identity Security.

The MythosField Report