Anthropic released the Claude Mythos Preview to a small set of partners and briefed the U.S. government ahead of the launch. The model can identify previously unknown vulnerabilities across every major operating system and web browser and produce working exploit code on demand. Public disclosures cite thousands of zero-day vulnerabilities surfaced and a 72.4% exploit development success rate, including flaws hiding in plain sight for decades.

The reaction was equally unusual. U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell convened the CEOs of the largest U.S. banks. Days later, reports surfaced that an unauthorized group had gained access to Mythos through a third-party vendor environment. The capability is out. The containment is uncertain.

This is not a hypothetical for Sophos. Our X-Ops team recently turned a current-generation AI agent loose on one of our internal networks as a red-team exercise. Using pre-Mythos frontier models with custom in-house skills, the agent compressed Active Directory reconnaissance from three days to three hours and produced 23 actionable findings, including critical escalation paths to Domain Admin, all from a single unprivileged account. As Sophos CISO Ross McKerchar wrote, “If that’s what current models can do, with careful orchestration, consider what happens when the next generation of AI is pointed at your perimeter by someone who isn’t on your side."

Mark Loman’s “AI finds the vulnerabilities, but exploiting them is a different problem” companion post explains why discovery and exploitation are different problems, and the architectural reasons Sophos Endpoint sits where it does in your security stack. 

The attack surface just changed overnight. Sophos Endpoint was built for exactly this.

Software vulnerabilities are not new. The arms race between researchers, vendors, and adversaries has been running as long as software has existed. 

What is new is how fast that race can be run, and by whom. The 2026 Sophos Active Adversary Report (661 incident response and MDR cases handled by X-Ops) found that exploitation of vulnerabilities accounted for 16% of initial access, with median attacker dwell time compressed to three days.

AI didn’t just increase attack volume; it collapsed the time window to react. When a model produces a working exploit from a newly discovered vulnerability before most organizations have begun change-control, traditional patch cycles become a liability rather than a defense.

Three things shift in the AI era: velocity, scale, and access. The discovery and weaponization that took weeks are compressed into hours or minutes. The same model can be pointed at hundreds of targets in parallel. Capabilities that once required in-depth expertise are now wrapped behind a prompt.

There are some things it doesn’t change. To turn a vulnerability into a compromise, an adversary still must corrupt memory in a particular way, redirect execution, escalate privileges, evade behavioral monitoring, or call into the operating system through a carefully crafted sequence. There are millions of vulnerabilities, though the techniques used to exploit them number in the dozens. That is the asymmetry Sophos Endpoint was designed to use on the defender’s side.

Sophos Endpoint: stopping the technique, not chasing the signature

Sophos Endpoint takes a different approach than signature-based or behavioral-only tools. Instead of trying to recognize every new threat after it appears, it watches for the underlying techniques an attacker must use to make any exploit work.

The capability has roots in HitmanPro.Alert, the anti-exploit technology Sophos acquired in 2015 and integrated into the endpoint agent. It was built on a simple, durable insight: there is a finite set of exploit techniques and constraining them makes exploiting a vulnerability substantially more difficult, whether the underlying vulnerability is known, unknown, or generated by an AI five minutes ago.

Today, more than 60 proprietary mitigations are enabled by default on every protected process. They run in real time on the endpoint, with no dependence on cloud lookups or signature updates, and no per-application configuration to start protecting your estate.

If a brand-new zero-day surfaces tomorrow, generated by Mythos or any successor model, the question is not whether Sophos has seen it before. The question is whether the exploit can complete its work without using any of the techniques Sophos Endpoint constrains. The answer in nearly every realistic case is no.

What exploit prevention does

Sophos Endpoint covers more than 60 distinct mitigations across every stage of an exploit chain. Let’s walk through a quick description of those capabilities, and remember this represents a subset of the capabilities:

Memory corruption mitigations

Most modern exploits, including those a model like Mythos would generate against a browser or operating system, depend on corrupting memory in a specific way. Sophos Endpoint enforces protections against stack pivoting, heap spraying, return-oriented programming chains, and similar techniques an exploit must use to achieve code execution. The vulnerability can be one no one has ever named: these mitigations still fire.

Code flow and execution mitigations

Once memory is corrupted, an exploit must redirect execution to attacker-controlled code. Sophos Endpoint enforces dynamic heap protection, import address filtering, and load library validation. These checks are invisible to the application but break the exploit chain at the moment of takeover.

Browser and document hardening

Browsers and document readers are the largest software attack surface for most organizations and the precise targets named in the Mythos disclosures. Sophos Endpoint applies specific hardening to browsers, plug-ins, Office, and PDF readers, including against silent-install techniques common in modern exploit kits.

Credential and post-exploitation defense

If an attacker does land code on a system, the exploit chain is not finished. They still must escalate privileges, harvest credentials, or move laterally. Sophos Endpoint disrupts those behaviors with credential theft protection, code cave detection, APC violation protection, and active adversary mitigations. The 2026 Active Adversary Report shows attackers now reach Active Directory in three hours and 24 minutes on average. AI can find the vulnerability faster but the attacker still must move the same way once inside.

Ransomware-specific protection

CryptoGuard detects unauthorized encryption behavior and rolls back affected files. As AI accelerates the path from initial access to monetization, the last line of defense against the business-disrupting outcome becomes more important, not less.

Why other endpoint tools struggle with this problem

Most endpoint products were not designed to stop exploits the way Sophos Endpoint was. 

Detection-first, not prevention-first

Many endpoint tools were built around a detection-first philosophy: log everything, correlate later, alert when something looks wrong. For an AI-generated zero-day, by the time the alert fires, the exploit has already executed and the analyst is investigating an active intrusion rather than preventing one. Sophos Endpoint runs exploit mitigation at the moment of attack, so fewer threats reach a security analyst at all.

Coverage that depends on configuration

Several competing products include exploit mitigations but ship them disabled, partially enabled, or in higher-tier SKUs. What is included often must be turned on application by application. Customers without a dedicated security team rarely complete that configuration, and the protections that should have stopped an exploit never engage. Sophos Endpoint enables 60+ mitigations by default, with no tier gating, no per-application setup, and no tuning required.

Tuning burden that pushes customers to disable protections

Exploit mitigation that generates frequent false positives gets switched off. Protections are technically present but turned off across the estate because they interfered with legitimate applications. Sophos Endpoint addresses this through granular exclusions, allowing administrators (or the Sophos X-Ops team) to exempt a single mitigation for a single piece of code in a single application, rather than disabling exploit prevention wholesale.

Three questions to ask your current vendor

When AI can generate a working exploit in minutes, any endpoint product that requires manual configuration to activate its own defenses is not a security investment but a gap waiting to be found. Ask your current vendor these questions: 

1. Is exploit prevention on by default for every process, across every tier, with no tuning required? 
2. How long have those exploit preventions been deployed at scale, and what is the compatibility track record?
3. Does the mitigation layer cover post-exploitation behaviors (credential theft, privilege escalation, persistence, ransomware payload), not just the initial exploit?
4. When a compatibility issue occurs, is the fix surgical, or does it require weakening protection across the estate?

If the answer to any of these is no, partial, or "it depends on your configuration," you are not protected against what is already in the wild.

Defense in depth: where Sophos Endpoint fits in the larger system

Exploit prevention is the strongest first line, but not the only one. Sophos Endpoint shares real-time threat and health telemetry with the Sophos ecosystem, so a detection at any control triggers a coordinated response that contains attacks faster.

• Deep learning malware detection catches known and never-seen binaries before they execute. 
• Adaptive Attack Protection raises the security posture automatically when an endpoint is under attack. 
• Synchronized Security links the endpoint to firewall, identity, and email, so a detection in one place triggers a coordinated response everywhere. 
• Sophos MDR adds 24/7 expert oversight, with AI handling volume and human analysts owning judgment.

What to do now

Ross McKerchar's call to action on the perimeter is exactly right: turbocharge patching, confront end-of-life infrastructure, demand more from your vendors. Three additional steps for the endpoint side of the same problem:

1. Confirm exploit prevention is enabled and unrestricted on every endpoint. In Sophos Central, verify that exploit mitigation policies are applied across the estate and that exclusions are limited to applications that genuinely require them. Details can be found in the Sophos documentation. 
2. Patch faster, but do not depend on patching alone. The 2026 Sophos Active Adversary Report found a median 322-day window between vendor advisory and observed exploitation, and AI-generated zero-days will compress that further.
3. Layer human expertise on top. If you do not have a 24/7 SOC, Sophos MDR provides the expert oversight that turns endpoint telemetry into investigated, owned outcomes. AI handles the volume. Humans own the judgment.

The bottom line

The Mythos disclosure is not a preview. It is the new baseline. AI will find vulnerabilities faster than any patch cycle can close them, and AI-generated exploits will reach environments that have never encountered anything like them.

Sophos Endpoint was built for this moment — not adapted to it, not updated for it. The architecture that stops a known exploit chain stops an AI-generated one, because the techniques don’t change even when the vulnerability does. That is not a feature. It is a design principle, and it is the reason 60+ mitigations are enabled by default on every protected process from the moment the agent deploys.

Your attackers are upgrading. Your endpoint protection should already be ahead of them.

Learn more about Sophos Endpoint at sophos.com/endpoint.