Alexander Gostev, chief technology expert at Kaspersky, explains that Mythos doesn’t eliminate cybersecurity vendors — it amplifies the value of proprietary data, telemetry, and expert human judgment that frontier AI models can’t replicate.
Mythos doesn’t end the vendor business — it moves where the margin lives. No serious vendor is going to build a frontier LLM of Mythos caliber, and they don’t need to. The two assets that matter in a post-Mythos market are the two things frontier labs do not have: proprietary data accumulated over years of real deployments, and the people who know where to look inside specific environments. Telemetry from tens of thousands of agents across diverse infrastructures, incident history, codebase-specific context, maintainer-behavior signals, supply-chain intelligence — none of this can be bought, scraped, or reconstructed by a general-purpose model trained on public data. A vendor with 100,000 agents in production builds detection models a vendor with 50 clients cannot match, and the gap widens with every month of accumulated signal.
The indispensable layer is the one frontier models cannot bootstrap themselves into. Binary analysis without source code. Supply-chain risk — maintainer behavior, intentional backdoors, dependency hygiene. Real-time darknet monitoring and fresh indicators of compromise. Threat-actor attribution. Certified tooling with audit trails for regulated environments. All of it runs on proprietary intelligence no public model has ever seen, and none of it gets solved by a better general-purpose LLM. Mythos makes this layer more valuable, not less: the cheaper vulnerability discovery becomes, the more the defensive premium shifts to the work that still requires specialized data and human judgment. That is the ground the cybersecurity industry keeps. It is narrower than the ground it held a year ago, and it is more defensible.
What Mythos Actually Changes for Cybersecurity Researchers
Using AI fluently is now table stakes — but the real skill is one level up: knowing how to tune available models against a specific codebase, a specific customer environment, a specific threat surface. Fine-tuning an open or mid-tier frontier model on proprietary data is where defense gets substantive, and it is the one move competitors cannot copy. Human expertise compounds in exactly this layer. The researcher who knows which questions to pose, which outputs are real findings versus confident hallucinations, and which parts of a client’s infrastructure the model shouldn’t be trusted with alone — that researcher becomes more valuable, not less.
The cadence of new model releases is now part of the job. What sits behind restricted access in the cloud today runs on a workstation within a year, so the durable advantage is not access to the model but the method and data a team brings to it. For vendors whose customers require on-premise deployment — banks, telcos, critical infrastructure, the public sector — this is the operative timeline. The cutting edge arrives inside the perimeter on a predictable delay, and the teams that track releases closely, evaluate them against their own data, and move quickly to integrate will absorb that capability as it becomes locally deployable. Those who wait will find their customers running local AI loops that look suspiciously like a competitor’s product.