Look, I’ve been writing about AI infrastructure for a while now, and I thought I’d seen it all. GPU shortages, hyperscaler wars, the great “open vs. closed” model debate that everyone pretends to have a take on at dinner parties. But the Mythos incident? This one made me put down my coffee.
So let’s talk about it. Because if you’re investing in AI and you’re not paying attention to what just happened, you’re basically building a mansion on a foundation made of OAuth tokens and good vibes.
The Mythos Hack: When the Guard Dog Gets Stolen
On April 21, 2026, Bloomberg dropped the kind of story that makes CISOs reach for the Tums. Anthropic’s newest cybersecurity-focused AI model, Mythos, had been accessed by unauthorized users.
Here’s the punchline that isn’t funny: Anthropic itself had described Mythos as “powerful enough to enable dangerous cyberattacks.” It was the AI equivalent of a loaded gun in a locked safe — except apparently the safe had a side door nobody told us about.
Mythos was part of Project Glasswing, an initiative limited to a tight inner circle: Amazon, Apple, Cisco, JPMorgan, Nvidia. The whole point of Glasswing was to use Claude Mythos to autonomously hunt down zero-day vulnerabilities before bad actors could exploit them.
You can see where this is going. The tool built to find security holes got pulled through one.
The Supply Chain Domino Effect (Or: How Everyone Got Owned)
Here’s where it gets juicy. The breach didn’t start at Anthropic. It started at a vendor of a vendor of a vendor. Let me trace the breadcrumbs:
Anthropic → breached via Mercor (a hiring platform) → which was breached via LiteLLM → which was breached via Delvi, a third-party supplier whose forged security credentials kicked the whole thing off.
Four companies. One forged credential. Game over.
This wasn’t a single-company security incident. This was the entire AI supply chain showing its underwear in public. And the timing couldn’t have been more poetic, because just two days earlier…
Vercel Got Hit Too. Same Playbook, Different Victim.
On April 19, Vercel disclosed its own breach. The entry point? A third-party AI tool called Context.ai that one of their employees was using.
Attackers planted infostealer malware on Context.ai, harvested credentials, and waltzed into a Vercel employee’s Google Workspace account. Multi-factor authentication? Bypassed. How? Because Google’s OAuth tokens, once issued, don’t ask for re-authentication. From there, the attacker used Google SSO to move laterally through Vercel’s internal systems.
Translation for non-security folks: they didn’t break in. They logged in. With keys we handed them ourselves.
Mark Zuckerberg once argued that closed models would inevitably get exfiltrated by state-sponsored hackers or industrial spies, and that open-source ecosystems were structurally safer. I’m not saying he was right. I’m just saying… receipts.
The Uncomfortable Math of Modern Cyber Defense
Here’s the asymmetry nobody wants to put on a slide:
Cost to attack: approaching zero. Cost to defend: approaching infinity.
Defenders need to be perfect 100% of the time. Attackers need one crack. AI has industrialized this asymmetry. CrowdStrike’s 2025 Global Threat Report clocked a 300% increase in deepfake-based social engineering attacks. AI didn’t just boost enterprise productivity — it gave hackers a productivity multiplier too. Cute.
And here’s the kicker: the attack surface isn’t the perimeter anymore. The firewall isn’t the game. The game is now the chain of trust — every SaaS tool, every OAuth scope, every “Sign in with Google” button your employee clicks at 2 AM while finishing a deck.
OAuth gives third-party apps sweeping access: full email read, calendar management, even Google Cloud scopes. Most users have no idea what they’re agreeing to. They just click “Allow” because they want the productivity hack to work.
For the past three years, Big Tech threw astronomical money at GPUs, clouds, and model performance. Security? An afterthought. That accumulated gap has a name now: security debt. Mythos and Vercel just sent us the invoice.
Regulation Just Woke Up (And It’s Cranky)
Governments noticed. Loudly. Federal officials, security experts, and even IMF leadership have raised alarms about what happens if Mythos-class models land in the wrong hands.
The shift here is huge: AI models are no longer being treated as ordinary software assets. They’re being reclassified as variables that affect financial stability and critical infrastructure.
Two consequences:
- Frontier AI is moving from “fully open” to “Trusted Access.” OpenAI is already running a program that delivers cybersecurity-specific variants of GPT 5.5 only to pre-vetted defensive organizations. This is starting to look less like SaaS and more like export-controlled weapons.
- Security CapEx is no longer optional. Zero Trust architecture adoption jumped from 24% in 2023 to 41% in 2025. Flip that number: 59% of enterprises still haven’t adopted it. That’s a multi-year runway for Zscaler (ZS), Palo Alto Networks (PANW), and friends.
Morgan Stanley’s September CIO survey predicts cybersecurity spending will grow 50% faster than overall software spending. Read that twice.
Where the Money Is Actually Flowing
Markets caught on fast. The CIBR ETF (First Trust NASDAQ Cybersecurity) is up 12% in just two weeks since April 20. Palo Alto and CrowdStrike each ripped more than 21%.
Some of that is macro tailwind — post-Iran-conflict negotiations have stabilized sentiment. But the bigger driver is structural. Cybersecurity spending is showing absurd resilience even with IT budgets under pressure. CIOs surveyed broadly expect Anthropic’s Mythos saga to positively impact their cyber budgets over the next year. Nothing motivates a CFO like watching a peer get publicly breached.
The valuation honesty check, though: CrowdStrike was trading north of 100x forward earnings late last year, Palo Alto around 70x, Zscaler above 80x. Even after the Q1 reset, CrowdStrike is at ~90x and Palo Alto at ~55x — still a galaxy away from the S&P 500’s ~21x. The market knows. The market has known. The question is whether it’s priced too much of the future already.
Don’t Forget the Elephant: Microsoft
Microsoft has built a $37 billion cybersecurity business. That’s bigger than CrowdStrike, Palo Alto, and Zscaler combined. And Microsoft bundles security into enterprise contracts the way Costco bundles toilet paper — at volumes pure-play vendors can’t match on price alone.
This means the cyber sector is bifurcating: platform integrators vs. point solutions. Guess which category gets the multiple compression first when the music slows.
Emerging Markets: The Next Battlefield
Here’s an angle most US-centric analysis is missing. While Silicon Valley debates trusted access, India and China are racing to build sovereign AI security stacks. India’s DPDP Act enforcement ramped up dramatically in early 2026, and Indian enterprises are now legally on the hook for third-party AI tool breaches. Chinese regulators have gone further, mandating domestic security audits for any foreign AI model deployed in regulated sectors.
For investors, this matters because emerging-market enterprise cyber spend is growing at roughly 2x the rate of developed markets, off a much smaller base. The next decade’s cyber winners may not all be NASDAQ tickers.
My Take: The Paradigm Just Shifted from “Performance” to “Control”
Here’s how I think about it now. The AI infrastructure investment thesis used to be a two-legged stool: GPUs + Cloud. Mythos just bolted on a third leg: Security.
AI-armed hackers can now find software vulnerabilities faster than humans ever could. Which means enterprises have to spend more on defense, whether they want to or not. Cyber budgets over the next 12–24 months won’t grow — they’ll compound.
Within the sector, differentiation is sharpening:
- CrowdStrike has a 97% gross retention rate in cloud endpoint security. Once customers land, they don’t leave.
- Palo Alto is winning the platform game — the broadest portfolio, the highest switching costs.
- Zscaler owns the Zero Trust narrative.
- Cloudflare is the dark horse that quietly became infrastructure.
- Okta is rapidly turning identity into the new perimeter.
Here’s the question I keep coming back to: In the AI era, is the real moat the ability to build the most powerful model — or the ability to control it most safely?
The market is starting to vote. And it’s voting for control.
See more insightful blogs!
- “Google vs NVIDIA: Which AI Powerhouse Offers the Better Investment Now?”
- “Oracle’s AI Revolution: The 36% Surge That Changed Everything”
- “China’s Global AI Ambition: The Shocking Strategy Behind Its New Action Plan”
- “Decoding the Fed’s Warning: How $1.1 Trillion in Margin Debt Threatens Your Portfolio”
- “Exclusive: Google Pixel 10’s Hyper-Personalized AI Stuns Jimmy Fallon”
