The cybersecurity landscape just got a massive reality check.
On April 7, 2026, Anthropic announced Claude Mythos – their most capable frontier model to date – and immediately chose not to release it publicly. Why? Because Mythos can autonomously discover and chain exploits for countless zero-day vulnerabilities across every major operating system, web browser, and critical software stack. Transforming “just a bug” into fully working exploits faster than all but the most elite human researchers.
Instead of handing this power to the world, Anthropic launched Project Glasswing: a defensive initiative with leading organizations such as AWS, Apple, Google, Microsoft, NVIDIA, CrowdStrike, the Linux Foundation, and others. Providing scoped access, backed by $100M in credits, to these organizations and others so they could use Mythos to harden the world’s most important codebases before the offensive capabilities proliferate.
This decision is particularly notable in light of recent events – In late 2025, Anthropic already disrupted the first reported AI-orchestrated cyber espionage campaign, in which attackers used Claude’s agentic capabilities to autonomously target dozens of global organizations with minimal human oversight.
It’s the clearest signal yet that AI models have crossed a threshold in cybersecurity. The same agentic reasoning that powers breakthrough defense can supercharge attacks. And while Mythos itself is tightly gated, the broader threat is already democratized – through open-source Small Language Models (SLMs) and LLMs that attackers can freely download, fine-tune, and weaponize.
At Entro, we’ve been preparing for this moment since day one.
Enterprise Security for AI Agents & Non-Human Identities
The Dual-Edged Sword of Agentic AI in Cybersecurity
AI models like Mythos aren’t just fancy typewriters – they’re the brains behind autonomous agents capable of multi-step reasoning, code generation, and exploit chaining. In defensive mode (e.g Glasswing), this is transformative: AI can scan millions of lines of code, spot logic bugs in crypto libraries, or uncover 27-year-old vulnerabilities in open-source projects.
But the same agentic power flips into a massive offensive advantage. Malicious AI agents – whether powered by Mythos, other frontier models, or fine-tuned open-source SLMs – don’t sleep. They operate relentlessly around the clock, probing systems, refining exploit chains, and launching attacks at machine speed and scale with zero fatigue. Traditional detection, manual patching cycles, and perimeter-focused defenses simply cannot keep pace.
This is why we believe 2026 is the pivot in the agentic-led cybersecurity era. The weakest link in this new era? Non-human identities (NHIs) – the service accounts, API keys, AI agents, and secrets that power our entire digital infrastructure. Organizations that treat AI as a passive assistant will fall behind. Those that build agentic systems for defense – while ruthlessly securing the identities those agents rely on – will thrive.
The Trivy Takeover: A Textbook NHI Compromise
If the threat feels abstract, the Trivy supply-chain compromise from March 2026 makes it concrete.
Trivy, a widely trusted open-source vulnerability scanner (used in countless CI/CD pipelines) was poisoned via a compromised non-human identity– specifically, a long-lived GitHub personal access token (PAT) and service account. Attackers force-pushed malicious tags and releases containing credential stealers that exfiltrated AWS keys, GCP tokens, SSH keys, and more from runner environments. The fallout was immediate: lateral movement, data exfiltration, and propagation across interconnected pipelines.
No sophisticated zero-day was involved. A long-lived credential, an over-permissioned account, and improperly pinned tags turned a trusted tool into a supply-chain weapon.
A compromised NHI is often the clearest and earliest sign of breach. By the time you see anomalous logins or data exfiltration, the damage is done. NHIs don’t get phished like humans – they get stolen, over-permissioned, and left dormant until attackers, or AI agents, wake them up.
Entro’s Core Thesis: Assume Breach. Guard AI Usage. Remediate at Machine Speed.
In a world where AI can find zero-days faster than humans can patch them, “prevent all breaches” is no longer a viable strategy. The operating assumption must shift: breaches will happen. “Assume breach” is the mindset. The question is how fast you detect and contain them.
Here’s what that looks like in practice:
- Guard AI Usage Yesterday
Every AI agent, LLM workflow, or autonomous tool is powered by NHIs (API keys, OAuth tokens, service principals). These identities are proliferating faster than security teams can track. At Entro, we give organizations complete visibility into the full NHI + secrets + AI agent lifecycle: discovery, ownership attribution, usage patterns, and risk scoring.
You can’t secure what you can’t see. And you definitely can’t guard AI usage if you don’t know which agents have standing access to production databases or cloud consoles. - Treat Compromised NHIs as the Primary Breach Indicator
Just like the Trivy incident, the moment an NHI starts behaving abnormally (unusual IP, sudden high-volume calls, new permission usage, or connections to typosquatted domains), it’s time to act. Entro’s NHIDR™ engine flags these anomalies in real time across your entire stack – GitHub, cloud providers, Kubernetes, CI/CD, and AI agent frameworks. - Zero-Time Remediation Is the New Must-Have Pillar
Detection alone isn’t enough. In an agentic threat landscape, attackers (or malicious AI) move at machine speed. That’s why automated, zero-time remediation – instant revocation, rotation, isolation, or blocking of compromised NHIs – must be table stakes.
No more waiting for a human in the SOC to triage a ticket. Our platform automates the response: rotate secrets, revoke tokens, quarantine the affected agent, and alert with full context. This is agentic cybersecurity in action – AI-powered agents defending against other AI-powered agents.
The Agentic Future Is Already Here
Mythos Preview and Project Glasswing prove that frontier AI has arrived in cybersecurity. At the same time, the accessibility and customizability of open-source SLMs mean offensive capabilities are already widely available. The real differentiator will be how fast organizations secure the identities that power all these new agentic systems.
At Entro, we built the first unified platform for exactly this reality: full lifecycle security for NHIs, secrets, and AI agents. We help enterprises move from reactive secrets management to proactive, agentic identity defense.
If your organization is using AI agents in production (or even experimenting), now is the time to ask:
- Do we have complete visibility into every NHI and AI agent?
- Can we detect anomalous behavior in seconds?
- Can we remediate a compromised identity before the exploit chains further?
The era of assuming breach isn’t coming – it’s here. The organizations that embrace zero-time, agentic remediation around NHIs won’t just survive the next wave of AI-powered attacks. They’ll lead it.
This post reflects Entro’s perspective as the leader in Non-Human Identity and Agentic AI security. For more on the Trivy incident and NHI trends, check our ongoing research and the 2025 State of Non-Human Identities report.
