As AI driven threat capabilities evolve, the Mythos Readiness Program highlights growing risks in how software vulnerabilities are disclosed and exploited across the cybertech ecosystem.
Seal Security has introduced the Mythos Readiness Program, a limited availability initiative aimed at enterprises not included in Anthropic’s private Project Glasswing review of Claude Mythos Preview. The launch follows new internal research that questions the long standing coordinated disclosure model, suggesting it may now unintentionally expose exploit opportunities before official advisories are released.
Seal Security’s analysis examined public commit activity across more than 100,000 JavaScript repositories since January 2026, alongside historical vulnerability data across programming ecosystems. The findings indicate that 94 percent of common vulnerabilities and exposures have a publicly available fix commit before the official advisory is published. The median time gap between a fix commit and its corresponding advisory stands at 11 days, extending to 30 days for critical severity issues.
The study also revealed significant disparities between software ecosystems. While npm based projects tend to release fixes within a median of eight days, Maven ecosystems can take as long as 167 days, creating a wide exposure window for attackers. This delay, often referred to as the silent patch gap, is becoming increasingly exploitable as automation and AI accelerate vulnerability discovery.
Seal Security further demonstrated the impact of AI on exploit development by testing an autonomous agent based on Sonnet 4.6. When provided only with code differences between vulnerable and fixed versions, without any CVE identifiers or advisory context, the agent generated 97 working proof of concept exploits within minutes per vulnerability. The company also noted that 99 percent of security fixes could be applied surgically without disrupting broader code functionality, underscoring the feasibility of rapid remediation.
“Coordinated disclosure assumed the fix commit was a harmless implementation detail and the advisory was the signal attackers followed,” said Itamar Sher, CEO at Seal Security. “That assumption held when turning a diff into a working exploit took a skilled human hours to days per bug, and the whole process was like finding a needle in a haystack. It does not hold anymore. Even before Mythos, every company is now on the wrong side of a clock that’s already running.”
The Mythos Readiness Program is designed to address this timing gap by offering participating organizations early visibility into security relevant code changes. Selected companies will receive full access to Seal Security’s platform, which monitors open source repositories for potential vulnerabilities and delivers standalone patches ahead of official advisories. The program also includes dedicated implementation support and custom integrations to align with enterprise workflows.
Importantly, Seal emphasized that its approach avoids the need for system upgrades and reduces exposure to supply chain risks, such as malicious repository takeovers, while also preventing long term vendor lock in.
The Mythos Readiness Program reflects a broader shift in cybersecurity strategy, where speed and automation are becoming critical to defense. As attackers increasingly leverage AI to exploit vulnerabilities faster than ever, closing the silent patch gap may become essential for enterprises seeking to secure modern software supply chains.
Recommended Cyber Technology News:
- Proofpoint Detects Surge in Microsoft 365 Mailbox Rule Abuse
- PlugX USB Worm Expands Globally Through DLL Sideloading
- Splashtop Rolls Out Comprehensive Endpoint Operations Platform
To participate in our interviews, please write to our CyberTech Media Room at info@intentamplify.com
