For decades, cybersecurity strategy has revolved around a shared assumption: zero-day vulnerabilities are rare, expensive to find, and difficult to exploit at scale. That assumption is now breaking down. The emergence of Mythos, the advanced AI system developed by Anthropic, marks a turning point in how vulnerabilities are discovered, weaponized, and defended against—and it forces security leaders to rethink long-held priorities.
Collaboration tools have fueled configuration drift facilitating phishing attacks since they became widespread during the COVID pandemic. The core of the problem is, as usual, human failure, or more accurately, human procrastination.
Configuration drift happens when vendors and customers join corporate networks with supposedly temporary credentials. When those credentials are not revoked quickly after the collaboration, system settings gradually, almost imperceptibly, diverge from a secure baseline state.
Collaboration tools, beginning with email in the 1970s, were largely clunky, on premises and limited to technically sophisticated organizations. Through the 20 years following the turn of the century they became more sophisticated and allowed inclusion of users outside the networks, like vendors, consultants, and customers. Approximately 400 to 600 million people in professional contexts today use Microsoft Teams, Slack, Google Workspace, Zoom, and dozens of others collaboration tools. Gartner said 90% of Fortune 500 companies standardize on Teams. Moreover, every team that uses collaboration tools configures every collaboration tool differently with no central enforcement.
“Configuration drift is one of the most under-recognized risks in modern cybersecurity,” said Garrett Hamilton, CEO and founder of Reach Security. “Security tools are constantly changing due to updates, new features, and operational adjustments. Over time, those changes create drift that quietly weakens defenses. Organizations need a continuous way to validate that the controls they depend on are still working as intended.”
Premium Membership Required
You must be a Premium member to access this content.
A public relations firm in the United Kingdom said the quiet part out loud about cybersecurity marketing: that much of it is fiction if not outright fraudulent.
Whiteoaks International surveyed 152 senior marketing, PR and communications professionals in the country, working in cybersecurity. The results found 30% said they helped produce content that was excessive, misleading, or unsubstantiated. More than half (51%) said they had seen this type of messaging in the sector.
Many shady practices on the internet are scams, but some seem "scammy." Cyber Protection Magazine came across one such operation.
While ordering food on Grubhub recently, a pop-up appeared telling us we “earned a reward!” Clicking on the link it offered a $20 rebate on my next purchase. Sounds good, doesn’t it? Not really.
Note: All the companies involved in this transaction will be named in this article. All were contacted for comment. Only Grubhub responded with a request for additional information and then went silent.
Even though the transaction was occurring within the Grubhub mobile app, the pop-up was from an organization called Cashback-Now. The company name is relatively common for several companies, all apparently running the same type of business. In this case the URL is cashback-now.com.
The digital world is changing fast, and now AI agents are appearing as non-human users who act autonomously. They log in to systems, handle transactions, review data, and even negotiate or create things without people having to step in every time. This shift means greater overall demand for software and changes how work is done. However, this should prompt you to consider online trust and security.
Anthropic’s announcement of Mythos threw a lot of FUD into the cybersecurity market without significant third-party validation of its abilities. Is that FUD justified, another legal form of extortion designed to get security budget dollars, or just another weird marketing ploy? Maybe more to the point, is it a sheep in wolf’s clothing?
Mythos does not address encryption, identity or social engineering, representing most of the issues of cybersecurity, It just deals with vulnerabilities in code development. That might negatively impact the cloud-native application protection platform (CNAPP) sector but, at the same time, the tool is only being offered to Fortune 100 companies. Meanwhile, there are hundreds of thousands of large, medium and small enterprises that won’t get it, at least anytime soon unless they steal it.
Today’s small and growing businesses run on the cloud, from invoicing and CRM to collaboration and communication. But as cloud adoption accelerates, so does the risk. Cybercriminals increasingly target small businesses precisely because their security posture tends to lag behind their digital footprint.
In today's organizational cybersecurity initiatives, incremental change is no longer enough. Bad actors are too organized and focused on using sophisticated AI-driven attacks that shred incremental security attempts. These AI hacking tools enable even novice hackers to carry out advanced attacks across the entire network.
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.