The cybersecurity industry is entering a phase where the speed of attacks may soon outpace the speed of human response.
Recent discussions surrounding “Mythos-class” AI systems have sparked intense debate across the global security community. While the technical capabilities attributed to such advanced AI models remain the subject of ongoing industry scrutiny, the conversation has exposed a deeper concern: What happens when attackers gain access to AI systems capable of continuously discovering vulnerabilities, mapping attack paths, generating exploits, and adapting faster than defenders can respond?
For security leaders, the Mythos debate is less about a single AI model and more about a fundamental shift in cyber warfare.
The question is no longer whether artificial intelligence will influence cyberattacks. The question is whether enterprises are prepared for attacks that operate at machine speed.
The End of Point-in-Time Security?
For decades, cybersecurity programs have largely relied on periodic assessments—quarterly vulnerability scans, annual penetration tests, compliance reviews, and scheduled audits.
That model may no longer be sufficient.
The concern is amplified by the modern enterprise technology stack itself.
Cloud-native architectures, AI agents, APIs, DevOps pipelines, SaaS platforms, hybrid infrastructure, and third-party integrations have created an attack surface that changes continuously.
In such environments, Bharti argues that traditional “point-in-time” security assessments cannot keep pace with dynamic risks.
“The need today is continuous monitoring and continuous exposure management, where organisations can continuously identify and manage risks before attackers do.”
According to Bharti, organisations need to build security operations around continuous visibility into assets, identities, workloads, and configurations. They must also prioritize risks in real time using business context and threat intelligence, while adopting automated or semi-automated response mechanisms capable of acting within minutes rather than days.
Periodic reviews will remain important, Bharti says, but they can no longer serve as the primary defensive mechanism.
Can Financial Institutions Defend at AI Speed?
The challenge becomes even more significant in financial services.
India’s banking and financial ecosystem represents one of the most digitally interconnected environments in the world. Banks today operate across legacy core banking platforms, cloud services, mobile banking applications, digital payment networks, APIs, fintech ecosystems, and extensive third-party relationships.
The complexity creates both innovation opportunities and security challenges.
According to Bharti, Indian financial institutions have made substantial investments in cybersecurity and have successfully adopted many of the tools, frameworks, and regulatory practices needed to defend against today’s threat landscape.
However, defending against AI-powered attacks operating at Mythos-like speed presents a different challenge.
“Yes and no,” Bharti says when asked whether Indian financial institutions can defend at AI speed.
“Current controls have been effective against traditional attacks. But fully defending against attacks leveraging Mythos-class speed will require changes to architecture, tools, frameworks, and operating models.”
Bharti believes financial institutions must move toward real-time visibility across their entire technology estate, including IT systems, business applications, cloud environments, identities, data flows, and third-party ecosystems. Continuous validation through behavioral analytics, anomaly detection, breach simulations, and attack-path analysis will become essential. organisations will also need AI-driven prioritization that considers exploitability, business criticality, and operational context, coupled with autonomous or semi-autonomous response mechanisms capable of isolating systems, revoking credentials, blocking transactions, and initiating protective actions in real time.
Perhaps the greatest challenge lies in legacy technology.
“Legacy systems need to be transformed because they often do not integrate with modern security stacks,” Bharti explains. “The weakest integration point ultimately determines an organisation’s ability to respond to AI-speed threats.”
The future, he argues, will require an integrated cyber fabric where AI-powered security platforms can share intelligence and coordinate decisions across the enterprise, while retaining human oversight for critical actions.
Cybersecurity Is Now an Operational Resilience Problem
The broader implication of the Mythos debate is that cybersecurity can no longer be viewed solely as an IT security issue.
As digital services become essential to economic activity, cyber incidents increasingly carry consequences far beyond data loss.
Financial institutions now operate in highly connected environments where disruptions can cascade across organisations, partners, payment networks, and customers.
A successful attack today can trigger operational outages, liquidity disruptions, fraud events, regulatory scrutiny, reputational damage, and erosion of customer trust.
“Cyber incidents today no longer remain isolated,” says Bharti.
“With capabilities like Mythos-class AI shrinking the timeline from vulnerability discovery to exploitation, attackers can coordinate campaigns across multiple systems and institutions, run large-scale fraud operations, and target critical service providers.”
This is why many security leaders increasingly view cyber resilience as an operational resilience challenge rather than a technology challenge.
The implications extend directly to boards and executive leadership teams.
“Cyber incidents are now board-level risk events because they impact far more than system downtime,” Bharti notes.
As a result, responsibility for resilience can no longer rest solely with CIOs and CISOs.
Boards, CFOs, risk committees, operations leaders, and business executives must collectively own resilience outcomes.
The New Metrics of Cyber Resilience
Historically, cybersecurity programs have focused on prevention-oriented metrics: vulnerabilities patched, controls deployed, compliance scores achieved, and incidents detected.
The AI era demands a different lens.
organisations must increasingly evaluate how quickly they can identify emerging exposures, validate exploitability, contain attacks, maintain critical services during disruptions, and recover operations after an incident.
Bharti believes organisations must shift from protecting individual systems to protecting business outcomes. The objective is no longer simply preventing breaches. It is ensuring continuity of critical services despite increasingly sophisticated attacks.
That means defining resilience boundaries rather than system boundaries, continuously testing recovery capabilities, and simulating real-world attack scenarios on an ongoing basis.
The Bigger Lesson from Mythos
Whether Mythos ultimately proves to be a transformative AI capability or simply an early warning signal, the message for security leaders is becoming clear.
The future battle will not be fought between attackers and defenders. It will be fought between competing AI systems operating at machine speed. Organisations that continue relying on periodic reviews and manual processes may find themselves defending yesterday’s environment. Those that embrace continuous exposure management, AI-assisted defense, and operational resilience will be better positioned to withstand the next generation of cyber threats.
The Mythos debate may have started as a discussion about advanced AI. It is rapidly becoming a discussion about the future of cyber resilience itself.
Machine-speed AI could help attackers find enterprise weak spots faster than ever
AI is collapsing enterprise reaction time — And most security teams are not ready