When the Attacker Finds the Flaws First: Why Resilience Just Became Mandatory

In April 2026, Bloomberg reported that the U.S. Treasury Secretary and the Federal Reserve Chair pulled the CEOs of the largest American banks into an unscheduled, closed-door meeting. The reported subject was not monetary policy, liquidity, or capital. It was cyber risk from a single AI model.

Anthropic had disclosed Claude Mythos Preview, describing it as a system that can autonomously identify and exploit zero-day vulnerabilities in every major operating system and every major web browser when directed by a user. Anthropic’s documented examples include a four-vulnerability browser exploit chain that escaped both renderer and OS sandboxes, chained Linux kernel exploits, and the fully autonomous exploitation of a 17-year-old remote code execution flaw in FreeBSD’s NFS server. Anthropic initially kept access tightly gated through Project Glasswing, with roughly 50 partners drawn from major technology and critical-infrastructure providers. On 2 June 2026, Anthropic expanded access to approximately 150 additional organizations across more than 15 countries, adding power, water, healthcare, communications, and hardware sectors that were underrepresented in the first cohort.

The April meeting was not about a current exploit wave. It was about the possible future risks raised by Mythos and similar models once comparable capability reaches the wider market. Anthropic now expects many other AI companies to have Mythos-class models within 6 to 12 months, and warns that some could release them without safeguards that prevent misuse.

The IMF has framed AI-enabled cyberattacks as a financial stability risk, citing the way frontier models compress the cost of finding and exploiting vulnerabilities and the correlated-failure exposure that follows when shared software, cloud, and payment infrastructure carry the same weaknesses. That framing matters. It moves AI-enabled attack capability from an IT problem to a systemic one.

Mythos changes attacker economics. DORA and the ECB’s supervisory priorities change what banks are expected to prove about operational resilience. Security and risk leaders now have to connect those two pressures.

What Mythos actually changes

Mythos does not invent a new category of attack. It removes the constraints that made the existing ones expensive.

The work of finding a zero-day, weaponizing it, and chaining it across systems used to require scarce, expensive human expertise. That scarcity was a defensive asset. It limited how many capable adversaries existed and how fast they could move. Mythos-class models compress that work into something faster, cheaper, and repeatable at scale.

The practical consequence is volume and speed. More vulnerabilities found, more exploit paths tested, more targets reached per unit of attacker effort. Anthropic’s internal OSS-Fuzz benchmark is a useful scale marker: with one run on roughly 7,000 entry points, Mythos Preview reached 595 tier 1 and tier 2 crashes, several tier 3 and tier 4 crashes, and full control-flow hijack on ten fully patched targets. The IMF makes the systemic version of the same point: advanced AI models can reduce the time and cost needed to identify and exploit vulnerabilities, raising the chance that shared software and cloud infrastructure expose many institutions at once.

The honest framing, and the one that survives a skeptical room: prevention, patching, identity controls, detection, and tested recovery still matter. The fundamentals did not change. The cost of ignoring them did.

Why prevention can no longer carry the risk alone

Prevention, patching, identity controls, software supply-chain risk management, and detection remain central. The point is not that they stop mattering. The point is that they cannot carry the full weight of the risk once exploit development gets cheap.

Most defensive layers inspect something other than the data itself.

That is not a new control category invented for Mythos. CISA’s #StopRansomware Guide tells organizations to test backup availability and integrity in disaster recovery scenarios and to avoid reintroducing unverified systems into clean recovery networks. NIST SP 800-184 gives the same operational shape: recovery planning should include a staging system to validate recovered data from backups, and its ransomware recovery scenario calls for inventorying backup systems, checking backup integrity, and restoring only from backups that pass playbook criteria.

That gap is where ransomware survives. It is where dormant malware waits. When an attacker can find and exploit flaws faster than you can patch them, the assumption that you will keep every adversary out stops being defensible. The question shifts from “can we prevent this” to “when it happens, can we recover to a known clean state, and can we prove it.”

For resilience to be measurable, recovery cannot stop at whether a backup exists or whether a restore job completes. The control has to answer a harder question: what evidence shows this recovery point is safe enough to restore. That is the difference between having backups and having recovery evidence.

A CISO is not expected to guarantee zero successful attacks. The defensible standard is whether the organization had reasonable, provable controls across prevention, detection, response, and recovery when one succeeded. Elastio frames that standard for security leaders in Active Cyber Resilience for Security Leaders. Mythos raises the pressure on the assumption that prevention will hold. That is why it raises the bar on recovery, not just defense.

For banks, the ECB has already made resilience non-negotiable

DORA and the ECB’s 2026-2028 supervisory priorities were drafted on their own logic about systemic operational risk, before Mythos was disclosed. European financial regulators reached the same conclusion through a different door, and they reached it first. Mythos does not create those obligations, but it makes the recovery-evidence problem harder to ignore.

For the 2026 to 2028 supervisory cycle, the ECB placed cyber and operational resilience at the center of its agenda. Supervisors no longer treat cybersecurity as a technical control to be checked. They expect banks to demonstrate that critical services survive severe disruption, whether the trigger is a geopolitical event, a technology failure, or the collapse of a key third-party provider.

The mechanism is the Digital Operational Resilience Act. DORA entered into force in 2023 and has applied since January 2025, demanding an end-to-end resilience program: full ICT risk governance, incident reporting, resilience testing, lifecycle oversight of third parties, and evidence that the program works in practice. Oversight of critical third-party providers under DORA launched in January 2026.

Three elements of the ECB’s posture should anchor any board conversation:

• Speed of accountability. Significant institutions across the 20 euro area countries must report a cyber incident within two hours of classifying it as material. Two hours is not a detection window. It is an obligation that assumes you already know your state.
• Adversarial testing as a requirement. Systemically important banks must perform threat-led penetration testing at least once every three years, using external testers who replicate real-world attacker tactics against live systems. This is not vulnerability scanning. It is a test of whether live systems expose intrusion paths that resemble real attacker behavior.
• Evidence over assertion. The ECB is running on-site inspection campaigns, deep dives into cloud dependency, and targeted follow-up on banks that report material shortcomings. Stating that you are resilient is not sufficient. You are expected to prove it.

The direction of travel is unambiguous. What was a recommended practice is becoming a supervised obligation. Banks that treat resilience as a strategic priority are better positioned to meet the expectation. Banks that treat it as a compliance checkbox risk surfacing findings.

The question that connects both

The regulator in Frankfurt and the AI model in the headlines are pointing at the same gap.

If that answer lives only in meeting-room confidence, it is not evidence. The gap between what a CISO is accountable for and what a CISO can measure is the real exposure. Mythos widens it by making exploit development faster, cheaper, and less dependent on scarce specialists. DORA exposes it by demanding the proof.

Specifically, resilience is the evidence trail that shows which recovery point was inspected, what was checked, and whether ransomware or malware was detected before the restore decision.

In practice, that proof is concrete. It is the last-known-clean recovery point. It is Resilience RPO, or R-RPO, which reports the gap between now and the newest recovery point that has passed the relevant validation checks, not the timestamp of the latest backup. In Elastio’s AWS Backup integration, that validation can be wired in at the backup plan: adding elastio:action=scan instructs Elastio to inspect recovery points created by that plan for ransomware and malware, so inspection follows the schedule the backup already runs on.

DORA Article 12 does not prescribe a named tool, and it does not require continuous ransomware scanning. It requires documented backup and recovery procedures, periodic testing, and restoration methods that do not jeopardize security or data integrity. The operational version of that requirement is uncomfortable. Consider a recovery that completes against a point dated weeks before the visible intrusion, when the encryptor was already staged in the environment at that point. Without inspection of the recovery point itself, the restore team has less evidence for distinguishing a clean recovery from a re-infection risk before the data comes back online.

That is the evidence gap. For teams that want Elastio-operated validation rather than a self-run integrity workflow, the Managed Provable Recovery Service continuously validates backup and recovery data, confirms the last-known-clean recovery point based on validation results, and produces evidence a board, insurer, or supervisor can review.

That is the work. Not preventing every attack, which is no longer a defensible promise. Holding provable clean recovery points, so that when an attack succeeds, recovery is a known quantity rather than a hope.

DORA raises the evidence expectation. Mythos-class capability raises the pressure on prevention. The only open question is whether you can answer the recovery question with evidence before someone with authority asks it for you.

Sources

[1] Bloomberg, Anthropic Model Scare Sparks Urgent Bessent, Powell Warning to Bank CEOs, 10 April 2026

[2] Anthropic Red Team, Assessing Claude Mythos Preview’s cybersecurity capabilities, 7 April 2026

[3] Anthropic, Expanding Project Glasswing, 2 June 2026

[4] IMF, Financial Stability Risks Mount as Artificial Intelligence Fuels Cyberattacks, 7 May 2026

[5] CISA, FBI, NSA, and MS-ISAC, #StopRansomware Guide, 2023

[6] NIST, SP 800-184: Guide for Cybersecurity Event Recovery, December 2016

[7] Elastio, RPO Is Not Enough for Ransomware Recovery, 2026

[8] Elastio, Active Cyber Resilience for Security Leaders, 2026

[9] ECB Banking Supervision, Supervisory priorities 2026-28, November 2025

[10] ECB, What is cyber resilience?, accessed 2 June 2026

[11] ECB Banking Supervision, Upgrading banks’ capacity to deal with digital risks, 24 March 2026

[12] Elastio, Data Detection and Resilience Platform, 2026

[13] Elastio Help Center, Protect AWS Backup Recovery Points, updated 4 March 2025

[14] European Union, Regulation (EU) 2022/2554, Digital Operational Resilience Act, 14 December 2022

[15] Elastio Help Center, Managed Provable Recovery Service, updated 11 November 2025