The Conversation we are having, and the one we are not: Mythos, governance, and the silent shopfloor

By Rémi Goget
SVP Technical Sales & Customer Success, Intelecy | Founder & CEO, TnL Exergy | Executive Advisor, Transforming Textiles AB | Sustainability Advocate, The Yarn Lens

On Sunday night, on Fareed Zakaria GPS, a senior foreign-policy thinker called Anthropic's Mythos gatekeeping arrangement "not a tenable position for a private company." He may be right. But he was asking a question about who governs frontier models. There is a second question, asked by almost no one, about where the consequences of those models will actually land. This article is about that second question.

The Sunday night question

On April 26, 2026, Fareed Zakaria opened a segment of GPS on CNN with a question that has, until now, mostly been asked behind closed doors: should a five-year-old San Francisco startup be the entity that decides who gets protective access to a frontier AI system that can find and exploit software vulnerabilities at scale ^[17]?

His guest was Sebastian Mallaby, senior fellow at the Council on Foreign Relations and author of The Infinity Machine, a recent biography of Demis Hassabis. Mallaby's response was unambiguous. The arrangement — Anthropic deciding which forty-odd companies are admitted to Project Glasswing while the rest of the world is left outside — is not, in his words, a tenable position for a private company ^[17].

It is a serious question. It is also the question the conversation is largely organized around. Treasury Secretary Scott Bessent and Federal Reserve Chairman Jay Powell convened with major banks within days of the Mythos announcement ^[11]. The IMF debated systemic AI risk at its Spring Meetings. The IAPP framed Mythos as the moment when AI joins aviation and nuclear in the category of technologies requiring prior governance, not post-hoc correction. These are the conversations that shape policy.

And almost none of them are about where the damage actually lands.

The rift made visible

Look at who is publicly talking about Mythos.

Every major IT vendor — Microsoft, Apple, Google, AWS, Cisco, CrowdStrike, Palo Alto Networks — is on the Project Glasswing partner list or has issued a direct public statement. Every one of them is named. Every one of them has a position.

Across the aisle, the major automation vendors have said nothing. Siemens, Schneider Electric, Rockwell Automation, AVEVA, ABB, Honeywell — the companies whose programmable logic controllers, distributed control systems, SCADA platforms, and industrial historians actually run the world's water plants, food production lines, refineries, and power grids — have published no direct public statements on Mythos. Their existing security advisory pages continue normal operations ^{[8] [9] [10]}. Their cybersecurity blogs continue to discuss patch management and segmentation in the abstract. None of them has acknowledged what an OS-agnostic vulnerability discovery model means specifically for the equipment they sell.

That silence is conspicuous. It is also where this article begins.

April 7: two stories that are the same story

Start with what happened on a single day.

At 9:00 AM Pacific time on April 7, 2026, Anthropic published its disclosure on Claude Mythos Preview. The model had autonomously identified thousands of zero-day vulnerabilities across every major operating system and web browser, including a 27-year-old bug in OpenBSD, an operating system widely considered the most secure in the world ^[1]. The UK's AI Security Institute independently confirmed Mythos solved expert-level capture-the-flag challenges at a 73% success rate and was the first AI model to complete a 32-step corporate network attack simulation end-to-end ^[2].

The same day, at 8:00 AM Eastern time, the FBI, CISA, NSA, EPA, Department of Energy, and US Cyber Command issued joint advisory AA26-097A. The subject was active exploitation of Rockwell Automation Allen-Bradley programmable logic controllers across US water, energy, and government facilities. The group conducting the attacks, known as CyberAv3ngers, had pivoted in March to exploiting CVE-2021-22681 — a critical authentication bypass vulnerability with a CVSS score of 9.8 ^[3].

The detail buried in the advisory: Rockwell Automation has stated that this vulnerability cannot be fully addressed with a patch. There is no software update to deploy. There is no patch cycle to wait for. Rockwell directs customers to defense-in-depth mitigations — segmentation, engineering workstation isolation, CIP Security enablement, physical mode switch hardening ^[3].

A US-made industrial controller, deployed across critical infrastructure, with a 9.8-severity vulnerability that the manufacturer has formally stated cannot be patched, currently being actively exploited. This is the ground truth of OT security before Mythos-class AI capability proliferates. The two events on April 7 — one a press release from Anthropic, the other a six-agency federal advisory — were not coincidence and they are not separate stories. They are the same story.

What the data actually shows

The Dragos 2026 OT/ICS Cybersecurity Year in Review, published in February from analysis of 2025 incident data, establishes the current state of OT defensive capacity in a way no consulting deck has.

Read that again. Over a quarter of disclosed industrial vulnerabilities in 2025 came with no vendor fix. Not a slow fix, not a complicated fix — no fix. The CyberAv3ngers / Rockwell case above is not an outlier. It is the modal experience for a non-trivial fraction of all OT CVEs.

The threat environment that exploits this gap is escalating sharply:

Dragos also reports that adversaries have moved beyond reconnaissance. KAMACITE systematically mapped control loops across US infrastructure throughout 2025. ELECTRUM, the group responsible for the 2015 and 2016 Ukrainian power outages, carried out the first major coordinated attack against Distributed Energy Resources anywhere in the world, in Poland, in December 2025. VOLTZITE compromised Sierra Wireless Airlink gateways to access US midstream pipeline operations ^[4]. These are not theoretical.

Why the OS-diversity moat mattered

For two decades, operational technology survived despite famously poor security posture for one structural reason: exploitation was expensive. A skilled attacker targeting an enterprise IT estate faces perhaps half a dozen operating systems. An attacker targeting industrial equipment faces something closer to 150,000 — bespoke firmware from Siemens, Schneider Electric, Rockwell, ABB, Honeywell, and thousands of smaller vendors running proprietary real-time operating systems on proprietary silicon ^[5].

This diversity has been the OT security moat. It was not a policy, not a design choice, not a posture the industry earned. It was an accident of industrial history that made OT too expensive to attack at scale.

Claude Mythos is operating-system-agnostic. It reads source code or binaries and reasons about vulnerabilities without caring what the target runs on. As one industrial-security expert put it in a survey published by Security Magazine within days of the Mythos announcement:

There are a handful of operating systems used in IT and data processing, and over 150,000 in OT/IoT/CPS systems; the diversity of operating systems has been a significant barrier to exploitation … the true devastating impact of Mythos will land — not in the data center but on the factory floors, in the water treatment plants, and across the fleets of cameras and access control devices that organizations rely on.^[5]

Here is how the resulting asymmetry now looks:

The moat is draining. It will not refill.

Why the OT vendor silence is the story

The Cloud Security Alliance briefing from April 16, co-authored with SANS, OWASP, and contributions from Easterly, Inglis, Joyce, Schneier, Adkins, Venables, and Moussouris, is authoritative ^[11]. It assumes the reader has a CISO.

A Chief Information Security Officer is the executive responsible for an organisation's information security strategy. Most SMEs do not have one. In a typical mid-sized industrial operator, security responsibility is distributed across an IT manager, an operations lead, and an external managed-service provider.

The CSA briefing recommends standing up a dedicated VulnOps function staffed like DevOps, deploying coding agents to accelerate security teams, running tabletop exercises for multiple simultaneous high-severity incidents, and investing in deception capabilities. For a 150-person manufacturer in the Rhône-Alpes or a mid-market packager in Saxony, these recommendations are not wrong — they are simply impossible to implement. The CSA document acknowledges this gap once, referencing Wendy Nather's concept of the Cyber Poverty Line ^[12], and then moves on.

What the automation vendors have said in their own standing publications, read carefully, tells a story. Rockwell's 10th annual State of Smart Manufacturing Report, published in 2025, found that only 34% of industrial security leaders have effective OT patch management in place ^[7]. That is Rockwell, describing its own customer base, stating explicitly that two-thirds of them cannot effectively patch. The same company now tells customers of its most widely deployed controller platform that patching is unavailable and they must rely on segmentation.

Schneider Electric's January 2026 disclosure of the Foxboro DCS vulnerability had to be republished by CISA a week later because operators had not applied it ^[8]. Siemens ProductCERT introduced a Supplier-ADP extension in April 2026 — the same month as the Mythos announcement — to handle the case where vulnerabilities originate in upstream dependencies ^[9]. AVEVA published three security bulletins in Q1 2026 alone, all with CVSS scores in the 7-9 range ^[10].

None of this is alarmist. All of it is public. The vendors are saying, in cautious institutional language, what the Dragos data says louder: the OT security baseline is weaker than industry assumes, and the vendors are not positioned to fix it at the pace attackers will now operate.

The five-item SME/OT playbook that actually fits

First, inventory. You cannot protect equipment you do not know you own. Dragos reports that 45% of its 2025 service engagements found a lack of visibility across OT networks ^[13]. Passive network-discovery tools from Claroty, Nozomi Networks, or Dragos can be deployed at mid-market price points. Even a Wireshark capture from a SPAN port on the OT side gives a usable first pass.

Second, segmentation. Because a quarter of OT CVEs have no patch, segmentation is not one defense among many — it is the primary defense. It is what the Rockwell / CyberAv3ngers advisory tells you to do because there is nothing else. Follow the Purdue Reference Model ^[14]. Ensure that compromise of the office network cannot directly pivot to production. Most SMEs still run flat networks.

Third, remote-access discipline. Your equipment vendors almost certainly have remote access into your plant. Find every one of those paths. Require multi-factor authentication. Log sessions. Revoke access when engineers leave the vendor. This is the single most common initial-access vector in OT ransomware cases reported by CISA and ANSSI.

Fourth, vendor pressure. Ask every equipment supplier two questions in writing. Do you have a published vulnerability disclosure process? What is your realistic patch cadence for the equipment we bought? Under the EU's NIS2 directive ^[15] and the incoming Cyber Resilience Act ^[16], suppliers now face legal obligations they did not have two years ago. Use that leverage.

Fifth, test recovery. Detection is hard. Recovery is harder. Can you actually restore your SCADA historian from backup? Can you run a line from paper if the MES is down? Ransomware crews target OT precisely because the downtime cost forces payment. If your recovery works, you remove their leverage.

None of this is a 24-month transformation program. It is six to twelve months of focused work, executable by an existing IT manager with modest consulting support.

The regulatory leverage SMEs under-use

European SME industrial operators have more leverage today than they did 18 months ago. NIS2, transposed by October 17, 2024, applies to mid-sized industrial operators across a wide range of sectors ^[15]. The Cyber Resilience Act, in force since December 10, 2024, with core obligations applying from December 11, 2027, places legal cybersecurity obligations on equipment manufacturers for the first time ^[16].

This shifts the conversation. When a PLC vendor says "there's no patch for that" — as Rockwell has now formally said about CVE-2021-22681 — the legally correct response is increasingly "then you have a compliance problem, not me." Many SMEs have not yet realised this.

Two questions

Mythos is two stories happening at once.

The first story is about governance. Mallaby is right that a private company gatekeeping access to a frontier capability with civilization-scale implications is not a stable arrangement. Whether the answer is a monitoring body, treaty, regulatory regime, or something else not yet invented, that conversation will and should continue — and the people leading it have institutional weight, public platforms, and access to policymakers.

The second story is about consequence. Mythos-class capability does not land evenly. It lands hardest where defenses are weakest, where patches do not exist, where vendors are silent, and where the people responsible for security have other jobs as well. That is the shopfloor of every mid-sized industrial operator on the planet. And nobody is convening a White House meeting about them.

Both questions are real. Most observers are only asking one. Two worth sitting with this week:

• Are you concerned about how new frontier models are being released? Should there be a monitoring or governing body?
• And do we talk enough about vulnerability on the shopfloor?

If you have a strong answer to the first, you are part of a large, well-resourced public conversation. If you have a strong answer to the second, you are part of a much smaller one. Both groups need each other. Right now they are not in the same room.

The factory floor was the last place in cyberspace where obscurity was a viable defence. That era ended on April 7, 2026.

Rémi Goget is a seasoned industry expert with multiple M.Sc. degrees in Chemical Engineering, Polymer Design, and Innovation Leadership, and over 15 years of experience in the specialty chemicals sector. He developed and industrialized his own proprietary technology, leading to the establishment of a production plant in India based on his innovation.

His career spans both EPC and manufacturing environments, where he has combined deep technical expertise with cutting-edge advancements in industrial AI and DataOps. Formerly Tech Lead at Cognite, Rémi now leads Technical Sales and Customer Success at Intelecy, helping industrial companies harness the power of a no-code AI platform to deliver measurable, real-world impact.