I work at a threat intelligence company and my default view is that Mythos is likely under-hyped for SWE and overhyped for cyber.
People VASTLY underestimate how easy it is to break into the vast majority of organizations. There is no need to design custom 0-Days because you can simply log-in (or run a session replay attack) using credentials/​sessions freely available on the dark web. I would put forward that if Mythos was released tomorrow with standard API guardrails you would not see an explosion in cyberattacks.
However, the one exception is that organizations that already heavily invest in security (think Google) would have a new major attack surface to cover, and you may see an increase in sophisticated actors attacking other sophisticated actors because it changes offense-defense balance in favor of offense.
I work at a threat intelligence company and my default view is that Mythos is likely under-hyped for SWE and overhyped for cyber.
People VASTLY underestimate how easy it is to break into the vast majority of organizations. There is no need to design custom 0-Days because you can simply log-in (or run a session replay attack) using credentials/​sessions freely available on the dark web. I would put forward that if Mythos was released tomorrow with standard API guardrails you would not see an explosion in cyberattacks.
However, the one exception is that organizations that already heavily invest in security (think Google) would have a new major attack surface to cover, and you may see an increase in sophisticated actors attacking other sophisticated actors because it changes offense-defense balance in favor of offense.