Everyone’s building AI agents. Almost nobody’s ready for what they do to identity

A Glimpse into an Unsettling Future

In a move that sent quiet ripples through the security community, AI safety and research company Anthropic recently confirmed it would not publicly release its most advanced model, internally codenamed "Mythos." The reason was both simple and profound: the model was too dangerous. During testing, Mythos independently discovered thousands of previously unknown software vulnerabilities. These weren't trivial bugs; they were deep-seated flaws in major operating systems and web browsers, some of which had lain dormant and undetected for nearly three decades.

While the immediate headline is about an AI that can find zero-days faster than any human team, the true story is more unnerving. Anthropic's decision is a critical warning flare, illuminating a near-future where autonomous AI agents don't just find bugs in code, but systematically dismantle the very concept of digital identity. The age of AI agents is here, and our foundational security concepts are not prepared for the coming assault.

Technical Breakdown: From Vulnerability Scanner to Identity Assassin

An AI agent is more than a simple chatbot or a code generator. It is an autonomous system designed to perceive its environment, make decisions, and take actions to achieve a specific goal. Anthropic's Mythos was likely tasked with the goal of "find security flaws in this code," and it succeeded beyond expectations. While the company has not disclosed the specific techniques, models like Mythos likely employ a combination of advanced methods:

• AI-Guided Fuzzing: Instead of randomly throwing data at a program to see if it crashes, an AI can intelligently craft inputs designed to probe specific, potentially weak areas of the code, learning and adapting its attack with each attempt.
• Semantic Code Analysis: The AI doesn't just read code as text; it understands the logic, the context, and the relationships between different functions. This allows it to spot logical flaws that traditional static analysis tools, which look for known bad patterns, would miss entirely.
• Automated Exploit Generation: The most advanced capability is not just finding a flaw, but automatically writing the code to exploit it. This collapses the timeline from vulnerability discovery to a usable weapon from months or weeks to mere minutes.

Now, redirect that capability. Instead of a codebase, aim an AI agent at an organization's identity infrastructure. Its goal is no longer "find bugs," but "gain access as a privileged user." The agent wouldn't bother with traditional social engineering or clumsy phishing emails. As J.R. Smith, CEO of Beyond Identity, noted in a discussion on the topic, an AI agent doesn't care about tricking a human; it cares about the token, the credential, and the session. It operates at machine speed, targeting the technical underpinnings of trust.

It could probe for subtle implementation errors in Single Sign-On (SSO) protocols like OAuth or OpenID Connect. It could analyze network traffic to find weaknesses in how session tokens are generated and transmitted. It could discover a logic flaw in an API that allows it to create a valid user credential out of thin air. These are not attacks on people; they are attacks on the protocols that digitally represent people.

Impact Assessment: The Automation of Distrust

The implications of AI-driven identity attacks are systemic. The threat moves beyond individual account takeovers to the potential for mass compromise and an erosion of the digital trust we depend on for commerce, communication, and critical infrastructure.

Who is Affected? Everyone. Individuals face the risk of financial fraud and reputational ruin from hyper-realistic deepfake-driven impersonations or silent account takeovers. Organizations face catastrophic data breaches, supply chain attacks originating from a compromised partner identity, and the complete compromise of their cloud infrastructure through stolen administrator credentials. The very notion that a digital credential accurately represents a specific person or entity comes under fire.

Severity: The severity is critical because of two factors: scale and speed. A human attacker might compromise dozens of accounts. An AI agent could compromise millions in the same amount of time. This heralds an "AI arms race" where defenders must deploy their own AI-powered systems just to keep pace with AI-driven attacks. The window between the discovery of a flaw in an identity system and its widespread exploitation could shrink to nothing.

Anthropic's responsible decision to withhold Mythos buys us time, but the clock is ticking. Malicious state actors and sophisticated cybercrime syndicates are undoubtedly developing similar capabilities. The defensive strategies that have served us for the past decade are insufficient for this new reality.

How to Protect Yourself

Preparing for this future requires a fundamental shift in how we approach identity security, moving from perimeter-based and password-centric models to a more resilient, identity-focused architecture.

For Organizations

• Mandate Phishing-Resistant MFA: This is the single most important step. Move away from easily intercepted methods like SMS and even push notifications, which are vulnerable to prompt bombing. Standardize on FIDO2/WebAuthn-compliant authenticators like hardware security keys (e.g., YubiKey) or platform biometrics (e.g., Windows Hello, Face ID). These methods are cryptographically bound to the origin, making them immune to traditional phishing and credential theft.
• Adopt Zero Trust Principles: The core tenet of Zero Trust is "never trust, always verify." Assume that any identity could be compromised. This means enforcing least-privilege access, micro-segmenting networks to limit lateral movement, and continuously verifying every access request, regardless of its origin.
• Invest in AI-Powered Defense: Fight fire with fire. Deploy security tools that use machine learning to detect anomalous behavior in real-time. An AI defender can spot the subtle signals of an AI attacker—such as impossibly fast sequences of actions or access patterns that deviate from a user's baseline—that a human analyst would miss.

For Individuals

• Use a Password Manager: While passwords are a weak link, they are not gone yet. Ensure every single online account has a long, unique, and randomly generated password stored in a reputable password manager. This prevents a breach at one service from compromising your other accounts.
• Enable the Strongest MFA Available: Go into the security settings of your critical accounts (email, banking, social media) and enable the strongest form of multi-factor authentication offered. Prioritize hardware keys or authenticator apps over SMS.
• Protect Your Digital Footprint: AI-powered attacks will leverage publicly available data to craft convincing social engineering lures. Be mindful of the information you share online. Using a trusted VPN service can help mask your IP address and encrypt your traffic, providing a layer of privacy against network-level snooping.
• Be Skeptical of Everything: In a world with convincing deepfakes and AI-generated text, a healthy dose of skepticism is a survival skill. Verify unexpected or urgent requests through a separate, trusted communication channel before taking action.

The revelation about Anthropic's Mythos is not a story about a single AI model. It is a preview of a new class of threat. The race is on, not just to build more powerful AI, but to build the defenses and frameworks necessary to ensure that autonomous agents serve us, rather than subverting the digital identities we rely on every day.