Mythos and Beyond: Cato Addresses the Generational Shift in Cyber Threats with Agentic Security Researchers 

Anthropic’s upcoming Mythos model points to something far more consequential than another leap in artificial intelligence. It signals a shift that could redefine the balance between attackers and defenders in cyberspace.

The  Rise of the Agentic Attackers 

For years, attacks relied on two types of human expertise:

• Vulnerability researchers who discover weaknesses and build their toolboxes, including finding zero-days, and
• Operators who exploit them

As AI systems become more capable, both vulnerability discovery and attack execution will be agentic. What once required elite specialists can now be performed by software agents, continuously and in parallel. The result is not just faster attacks, but a fundamentally different threat model defined by scale and speed.

The immediate consequences will be a surge in vulnerability discovery, a true tsunami of zero-day exploits and one-day CVEs. Furthermore, the availability of a large-scale army of attackers expertly exploiting these vulnerabilities in a broad range of parallel and multi-stage attacks will make the already asymmetric battle between attackers and defenders even worse.

This becomes especially acute for organizations that operate distributed environments with cloud proxies and hardware appliances such as firewalls, VPN gateways, and edge devices across branches, data centers, and remote locations. These highly distributed systems generate fragmented, partial signals that make patching new CVEs and blocking multi-stage attacks difficult at the human scale and impossible at the upcoming tsunami of agentic scale.

A New Foundation for Cybersecurity 

Operating in this new environment requires the right architecture for the AI era, one that integrates network, platform, and agentic capabilities from the ground up.

Network: Capture the Full Attack Lifecycle 

Security begins with visibility. In a distributed, AI-driven environment, partial visibility is equivalent to no visibility. Attacks no longer follow a single path. They move across users, applications, cloud services, and infrastructure in ways that are dynamic and often subtle.

The Cato Cloud, our global cloud network, provides this visibility by carrying and inspecting traffic across all users, sites, and applications. Because all traffic flows through a single, converged cloud, Cato can observe every stage of an attack as it unfolds, from initial access and lateral movement to escalation and impact, without gaps or handoffs between systems.

This is not just about seeing traffic. It is about capturing the full lifecycle of an attack. Modern attacks are sequenced, not single events. If you cannot observe the entire sequence, you cannot understand or stop it.

Platform: Contextualize Events into Actionable Intelligence 

Visibility without context creates noise. The challenge is not collecting data, but making sense of it in real time, and that can only be achieved on a true platform, not a portfolio of products stitched together.

Cato’s platform was built organically as a single, converged system, where networking, security, and AI-driven capabilities operate on the same data, in the same flow. In contrast, a portfolio approach fragments data across systems, making real-time correlation difficult and often requiring stitching signals together after the fact.

This level of contextualization is only possible because of the underlying architecture. At the core of the Cato platform is Cato SPACE, the single-pass cloud engine that processes traffic once and applies all inspection, policy, and analysis in real time. Every interaction is captured with full context and inherently correlated across domains. Signals are not aggregated after the fact; they are understood as part of a continuous flow.

In an environment where attackers chain low-signal actions into high-impact outcomes, this level of contextual understanding is essential. It is what turns fragmented data into real-time, actionable intelligence.

Agentic: Control for Instant Protections  

With full visibility from the network and deep context from the platform, the final pillar of this architecture is agentic control. As attackers adopt AI to automate both discovery and execution, defense must operate at the same level of speed and autonomy.

Enterprise cybersecurity infrastructure requires systems capable of continuously correlating activity across time, identifying patterns that appear benign in isolation, and dynamically generating protections in real time.

Cato pioneered Dynamic Threat Prevention, which continuously correlates months of security and networking activity in real time across Cato’s full range of inline sensors to identify behavior-based threats, that appear benign in isolation, applies adaptive rules, and blocks high-risk activity in real time. Historically, the content and algorithms for this capability have been developed by our industry-leading research team-human security researchers. To address the shift in the threat landscape from human to agentic attackers, Cato is introducing a new class of agentic security capabilities, built into its platform as productized offerings – Agentic Security Researchers.

Introducing Agentic Security Researchers

At the core of these capabilities are two agentic systems that mirror the roles traditionally performed by human experts: an Agentic Vulnerability Researcher and an Agentic Attack Protection Researcher. Together, they deliver protection across both known and unknown threats. 

For known vulnerabilities, Cato delivers One-Day  Agentic Vulnerability Protection, which delivers zero time from CVE to global live protection without customer intervention. This eliminates the gap between disclosure and defense. Protections are automatically generated and deployed globally with zero customer intervention, enabling zero time from CVE publication to in-line enforcement. 

For unknown threats, Cato delivers Zero-Day Agentic Attack Protection. By continuously analyzing activity across its global cloud data lake, Cato’s agentic systems identify the early “breadcrumbs” of attacks in progress and generate new in-line algorithms to stop them before they can evolve or cause harm. 

These agentic researchers operate using the same class of advanced AI models available to attackers, enabled through Cato’s close collaboration with leading foundational model providers. This direct access ensures that Cato’s defenses evolve alongside the most advanced models, allowing us to anticipate and counter new attack capabilities as they emerge. 

A Cybersecurity Platform Built for the Agentic Era 

Together, these three layers form a single system. The network captures every interaction, the platform understands it as a complete sequence, and protection mechanisms generated by human and agentic researchers act on it in real time. This is not a collection of tools, but an architecture designed to operate across the full lifecycle of an attack. In an era where threats are autonomous, security must be as well. This is how Cato enables organizations to keep pace, not by reacting faster, but by eliminating the gap between exposure and protection altogether. 

This is a fundamentally different model of security. 

AI is transforming both sides of cybersecurity. Attackers can now operate at unprecedented speed and scale. To defend against this, security must operate at the same level of intelligence and automation. 

At Cato, we believe this is the direction the industry must take. The combination of a global network, a unified platform, and agentic-generated controls is not just an architectural choice. It is a requirement for operating in an AI-driven threat landscape.