Cloudflare has spent the last few months testing security-focused AI models against its own infrastructure, and its latest findings suggest the cybersecurity industry may be entering one of its most important shifts in years.
The company says it was invited to use Anthropic’s Mythos Preview as part of Project Glasswing, giving its security teams access to one of the most closely watched AI cyber models in the industry. Cloudflare then pointed the system at more than 50 of its own repositories to see what it could find — and just as importantly, how it would work.
The result was not simply another AI scanner producing long lists of suspicious code.
According to Cloudflare, Mythos represents a genuine step forward from previous general-purpose frontier models because it is able to do something much closer to the work of a senior security researcher: identify smaller attack primitives, reason about how they fit together, and construct exploit chains that turn low-severity bugs into more serious vulnerabilities.
Traditional vulnerability scanners are good at finding patterns. They flag unsafe functions, suspicious inputs, exposed endpoints, or known bug classes. But real attackers rarely rely on one obvious flaw. They chain weaknesses together a memory bug here, a trust boundary mistake there, a control-flow issue somewhere else until the combined result becomes exploitable.
Cloudflare says Mythos was able to reason through that process in a way that earlier models often could not. Instead of stopping after identifying a possible issue, the model could generate proof-of-concept code, compile it in a scratch environment, run it, observe failure, adjust its hypothesis, and try again. In security terms, that is a big jump because it closes the gap between “this might be a bug” and “this is a working exploit.”
That is also what makes the technology so sensitive.
The same capability that helps defenders validate vulnerabilities faster could also help attackers move faster. A model that can independently test exploitability does not just reduce noise for a security team; in the wrong hands, it could compress the timeline between discovery and exploitation across the internet.
Cloudflare is careful about that tension. The company notes that its testing took place in a controlled environment against its own code, with every finding triaged, validated, and remediated through its formal vulnerability management process. But the broader message is clear: cyber-focused frontier models are no longer theoretical. They are becoming operational tools.
One of the most interesting findings from Cloudflare’s write-up is that even a model as advanced as Mythos is not enough on its own.
The company says simply pointing a generic coding agent at a large repository and asking it to “find vulnerabilities” does not work well at scale. The model may produce findings, but it does not meaningfully cover a real codebase. Large repositories require many narrow investigations happening in parallel, each focused on specific components, trust boundaries, and attack classes.
That led Cloudflare to build what it describes as a vulnerability discovery harness around the model.
Instead of using Mythos like a chatbot, Cloudflare structured the work into stages: reconnaissance, hunting, validation, gap-filling, deduplication, tracing, feedback, and reporting. In one stage, agents map the architecture and attack surface. In another, dozens of narrower “hunter” agents run concurrently against specific bug classes. A separate validation agent then tries to disprove findings before anything enters the triage queue.
That architecture may end up being just as important as the model itself.
The lesson is that AI cybersecurity is not simply about having a powerful model. It is about building systems around that model that can scope tasks properly, reduce false positives, validate findings independently, and turn outputs into structured, queryable security data.
Cloudflare says this approach produced better results because narrow tasks beat broad prompts. Asking a model to find vulnerabilities in an entire repository makes it wander. Asking it to look for a specific vulnerability class in a specific function, with context about the trust boundary and prior coverage, makes it behave more like a real researcher.
That insight is likely to shape how security teams adopt AI over the next year.
It also challenges a lot of the current hype around “AI agents.” The future may not be one all-knowing agent scanning an entire company’s codebase. It may be hundreds of tightly scoped agents working in parallel, with other agents validating, deduplicating, and tracing whether the bugs are actually reachable from outside the system.
Cloudflare also highlights a major safety issue: model refusals are not reliable enough to serve as a full security boundary.
Even though the version of Mythos provided under Project Glasswing did not have the same safeguards as generally available models like Opus 4.7 or GPT-5.5, Cloudflare found that it still sometimes pushed back on legitimate vulnerability research tasks. But those refusals were inconsistent. The same task could be rejected in one framing and accepted in another, or produce different outcomes across runs because of the model’s probabilistic nature.
That matters because it shows why access control and external safeguards will be critical for powerful cyber models. A model’s “organic” guardrails may exist, but Cloudflare argues they are not consistent enough to serve as the only safety mechanism if such systems are ever made more broadly available.
The signal-to-noise problem remains another major challenge.
Cloudflare notes that AI vulnerability scanners can create a flood of speculative findings, especially in memory-unsafe languages like C and C++. Models tend to hedge, saying a bug “could” exist or “may” be exploitable, which can overwhelm triage teams. Mythos improved on that by producing clearer reproduction steps and more proof-backed findings, but Cloudflare still had to design post-validation stages to manage noise at scale.
That may be the most practical takeaway for enterprises.
AI can find more bugs, faster. But if companies are not prepared to validate, prioritize, and patch those findings, the technology can create as much operational burden as benefit.
Cloudflare warns that many security teams are now thinking mainly in terms of speed, scan faster, patch faster, compress the response cycle. Some teams are reportedly working toward two-hour service-level agreements from CVE release to production patch. Cloudflare’s view is that faster alone will not be enough because regression testing, architecture, and deployment processes still create bottlenecks.
That is an important point.
If AI shortens the attacker timeline, defenders cannot simply respond by rushing patches into production. Rushed fixes can break systems or introduce new vulnerabilities. The more durable answer is architectural: making systems harder to exploit even when bugs exist, limiting blast radius, blocking vulnerable paths before code is patched, and ensuring fixes can be deployed everywhere at once.
In other words, AI is not just changing vulnerability discovery.
It is forcing companies to rethink how they build, defend, and operate software.
For Cloudflare, this is both a warning and an opportunity. The company sits in front of millions of internet applications, meaning it has a direct interest in understanding how AI will change both offensive and defensive security. If models like Mythos can help defenders find bugs before attackers do, they could become one of the most important security tools of the decade. But if similar capabilities become widely available to malicious actors, the internet could face a much faster and more automated exploitation cycle.
That is the uncomfortable reality at the centre of Cloudflare’s report.
Mythos shows that frontier AI models are beginning to behave less like scanners and more like security researchers. They can investigate, test, revise, and prove. That makes them powerful defensive tools and potentially dangerous offensive ones.
The cybersecurity industry has always been a race between attackers and defenders.
Cloudflare’s findings suggest that race is about to get much faster.
Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
