Mythos · Glasswing · PIArena
Patent GB2603013.0
Gate: ACTIVE
CSA · SANS · OWASP · 250 CISOs · April 2026 · IBA Intent Bound Authorization Response
Building a Mythos-Ready Security Program.
Building a Mythos-Ready Security Program.
The pre-execution gate the briefing didn’t name.
Gadi Evron, Rob T. Lee, Jim Reavis, Jen Easterly, Bruce Schneier, Chris Inglis, Phil Venables.
30 pages. 250 CISOs. Priority Actions for the agentic vulnerability storm.
One architectural layer still missing: the gate before the agent acts.
01 — The Briefing’s Priority Actions · The IBA Gap in Each
PA 1 · Immediate
Point Agents at Your Code
Mythos-class agents scan entire codebases autonomously. Find zero-days across every major OS and browser. Chain vulnerabilities. Build working exploits.
⚠ What is the agent authorized to scan? To extract? To report externally? No cert = no declared scope.
PA 6 · 45 Days
Update Risk Models
The risk register has a row about outdated models but no Priority Action for the authorization gap. The agent that finds the vulnerability is the new risk surface.
⚠ Finding is read. Patching is write. Deploying is production. Three authorization events. One gate covers all.
PA 11 · Ongoing
Build VulnOps Permanently
Permanent vulnerability operations function. Staffed and automated for continuous AI-driven discovery. Agents running continuously across your entire software estate.
⚠ Continuous agents need permanent authorization boundaries. Not quarterly policy reviews. Cryptographic certs before every scan cycle.
02 — The Complete Mythos-Ready Stack · Where IBA Sits
Mythos
Glasswing
Glasswing
The Threat — Autonomous Vulnerability Discovery
Anthropic Mythos autonomously finds and exploits zero-days across every major OS and browser. 181 working Firefox exploits vs 2 from prior models. 72% exploit success rate. Glasswing puts this in the hands of defenders — and eventually attackers.
181x
Exploit uplift
IBA
GATE
GATE
PRE-EXECUTION · IBA Intent Bound Authorization · The Missing Layer
Signed intent certificate before any VulnOps agent connects to any codebase. Declared scope — what repos, what actions, what endpoints. Forbidden — production deploy, secret access, external reporting. Kill threshold — any exploit execution. Sub-1ms gate. Outside the model’s reasoning loop — cannot be injected.
<1ms
Gate latency
Tenet
Security
Security
Runtime Defense · Agent-Side Simulation · Sub-30ms Kill Switch
Sandboxes tool calls and execution paths before they happen. Intercepts every tool call, simulates outcome in parallel reality, kills hijacked logic. Operates at runtime — after the agent connects. Complementary to IBA: IBA gates before connection, Tenet defends during execution.
<30ms
Runtime kill
Silmaril
YC P26
YC P26
Application-Layer · Self-Healing Prompt Injection Defense
Multihead classifier inspects user intent, application context, and execution states together. Catches 2x more attacks at 10x lower latency than guardrails. Self-retrains on new exploits automatically. Application layer — after the agent is running. Complementary: IBA upstream, Silmaril inline.
2x
Detection rate
Verified
Output
Output
Authorized · Scoped · Audited · WitnessBound
VulnOps agent completes authorized scan within declared scope. Every action logged to immutable audit chain. Every finding traceable to signed human intent. Patch window opened for authorized targets only. Glasswing patch wave managed inside declared boundaries.
100%
Audit chain
“Every defense PIArena tested failed — because they all operated inside the model’s reasoning loop.
The malicious instruction and the safety instruction are both text. The model interprets both.
IBA operates outside the loop entirely. You cannot inject a cryptographic boundary.”
03 — Live IBA Gate · VulnOps Agent Scenario
VulnOps Intent Certificate
intent: “Scan auth-service for CVEs”
principal: “[email protected]”
scope:
· repo_read
· vuln_scan
· report_write
forbidden:
· exploit_execute
· production_deploy
· secret_access
· external_report
kill_threshold:
“exploit | production | secret”
repository: “auth-service only”
expires: “session only”
STATUS: VALID · SIGNED · ENFORCED
0Allowed
0Blocked
0Terminated
0Total
<1msLatency
IBA Audit Chain — vulnops-audit.jsonl
0 entries
Audit chain empty — run an action to begin recording