Viakoo & Mythos Preview: The Era of Remediation at Scale

Project Glasswing: AI Threat Intelligence meets IoT/OT Device Remediation — Viakoo provides the Action Layer

Mythos Preview & Project Glasswing

The Era of Remediation at Scale Has Begun

Anthropic’s Claude Mythos Preview has removed the last barrier to mass exploitation of OT, IoT, and CPS systems.  The intelligence layer now exists. Viakoo provides the action layer.

Join Our Webinar on Wednesday, April 29th at 10am with noted security experts Josh Chin (Net Force), Maria Sumnicht (DHS, NYC Cyber Command), and John Gallagher (Viakoo)

Register at:  https://register.gotowebinar.com/#register/3484955335721214557

 

Watch the Explainer

The Mythos Inversion: Why Remediation Must Come First

Understand how Anthropic’s Claude Mythos Preview has changed the OT security landscape — and what organizations must do now.

Thomas Friedman, New York Times:
AI-driven vulnerability discovery is “potentially as fundamental a turning point as the emergence of mutually assured destruction — a nuclear bazooka aimed at the world’s critical infrastructure.”

150,000+
Distinct operating systems in OT/IoT/CPS environments — vs. a handful in IT
5–10×
More network-connected OT/IoT/CPS devices than IT systems in most organizations
0
“Windows Updates” available for water pumps, PLCs, or industrial gateways
OS Agnostic
Mythos reasons at the logic level — not the syntax level — removing the OS diversity barrier

Why This Is Different

Mythos Preview Is a True Inflection Point

Previous AI tools accelerated known attack patterns. Mythos Preview fundamentally changes the economics of exploitation —
making it as fast and cheap to attack a water treatment PLC as a Windows server.

🌊

A Tsunami of Zero-Days

Mythos will surface newly discovered zero-day and other vulnerabilities across IT and OT/IoT/ICS/CPS at a speed and volume that existing patch management processes cannot absorb. For IT, mature automated tools exist. For OT/IoT, they largely do not.

🔓

OS Diversity No Longer Protects

The 150,000+ operating systems in OT/IoT environments were historically a barrier to mass exploitation — too expensive to target individually. Mythos reasons at the logic level and is OS agnostic, eliminating that barrier entirely.

🏭

The Edge Is the Target

The devastating impact will not land in the data center. It will land on factory floors, in water treatment plants, and across the fleets of cameras and access control devices that modern organizations depend on for physical operations.

💰

Operational Ransomware

The threat model shifts from “pay us or you lose your data” to “pay us or we collapse your energy grid.” OT ransomware targets the systems that keep physical operations running — and the consequences are measured in lives, not dollars.

🤖

Non-Human Identity Crisis

Mythos identifies architectural flaws in machine-to-machine (M2M) communication. If an AI agent can hijack a device’s identity, the fix isn’t just a code patch — it’s a total re-governance of that device’s certificates and credentials.

The Speed Gap

AI-driven threat discovery is now continuous and near-instantaneous. Manual patching cycles that take weeks or months are no longer viable. Autonomous remediation is not a future aspiration — it is an immediate operational requirement.

 

The Core Problem

The Mythos Inversion

For the first time in cybersecurity history, the speed of vulnerability discovery has permanently outpaced the speed of remediation.
This is not a gap that can be closed by hiring more security staff or buying more scanning tools.

“The era of ‘find and notify’ is over.
The era of ‘find and remediate’ has begun.”

— John Gallagher, Viakoo  |  The Mythos Inversion, April 2026

The Old Model

Find & Notify

Discover vulnerabilities, generate reports, notify teams, wait for manual remediation. Cycle time: weeks to months.

The Required Model

Find & Remediate

Discover vulnerabilities and autonomously deploy patches, rotate credentials, and update certificates — at scale, in hours.

What Is Already Broken

OT patching models are already fractured and inadequate — largely manual or constrained by device-specific requirements. FDA-regulated medical devices require validation cycles. Manufacturing systems need scheduled downtime windows. These constraints were manageable when exploits were rare. They are not manageable in the Mythos era.

Unlike IT, which benefits from mature automated patch management, the OT/IoT landscape — with over 150,000 distinct operating systems — lacks scalable automated solutions. The organizations that will survive are those that treat OT patching as a continuous, autonomous process embedded in operational workflows, not a periodic project.

What Breaks First

With 5–10× more OT/IoT/CPS devices than IT systems, the first casualty is business operations — the factory lines, the utilities, the physical security infrastructure that organizations rely on to function.

This operational breakdown will force a fundamental restructuring of security teams — incorporating line-of-business managers who operate OT systems, and expanding governance to fully encompass non-IT environments.

Critically, Mythos-driven exploits will also stress credential and configuration management — demanding the same autonomous, continuous approach that patching requires.

The Action Layer

Project Glasswing Finds the Vulnerabilities.
Viakoo Fixes Them.

Project Glasswing provides the intelligence. Viakoo provides the action. Our autonomous Action Platform is purpose-built
to remediate vulnerabilities across OT, IoT, and CPS devices at the speed and scale the Mythos era demands.

  • 🔧

    Device Firmware Manager

    Discovers all IoT/OT devices on the network, identifies devices running outdated or vulnerable firmware, and automates firmware updates across thousands of devices simultaneously — cameras, PLCs, access control, sensors, network gear, and more. No agents required.

  • 🔐

    Device Certificate Manager

    Automates the provisioning, rotation, and revocation of TLS/SSL certificates on IoT/OT devices. Eliminates expired certificates and enforces PKI hygiene across the device fleet — directly addressing the Non-Human Identity crisis Mythos creates.

  • 🗝️

    Device Password Manager

    Discovers devices using default, weak, or shared passwords and automates password rotation to enforce strong, unique credentials on every device. Closes the credential attack surface that Mythos-driven exploits will target first.

  • 📡

    IoT/OT Device Visibility

    Provides a complete, continuously updated inventory of all network-connected devices — including unmanaged and OT devices — with risk scoring. You cannot remediate what you cannot see.

Why Viakoo Is Different

The “boardroom giants” of cybersecurity — Cisco, Palo Alto Networks, and others — have DNA rooted in passive network defense and IT-centric architectures. They can generate AI-powered playbooks. They cannot execute them across 10,000 unmanaged OT devices at the edge.

Viakoo was built from the ground up to operate in the OT/IoT environment: agentless, OS-agnostic, and capable of autonomous remediation across the full diversity of device types that Mythos will target.

Generating an AI-powered playbook is a hollow victory if you lack the means to execute it. Viakoo is the execution layer.

 

A Critical Perspective

The Project Glasswing Oversight

The formation of Project Glasswing is a vital step. But its current focus has a significant blind spot.

Engaging Only the Boardroom Giants Is a Strategic Mistake

By focusing primarily on large incumbent vendors, Project Glasswing is leaning on organizations whose technology and DNA are rooted in IT and passive network defense. In the specialized world of OT and IoT security, these “majors” often lack the technology to enable automated, agentless patching of the edge devices that Mythos will target most aggressively.

To truly harden the world’s most vulnerable systems, Project Glasswing must move past the boardroom and collaborate with best-in-class innovators capable of taking action at the edge — organizations that have built purpose-specific solutions for the 150,000+ OS diversity of OT/IoT environments.

The intelligence layer is only as valuable as the action layer it enables. Without autonomous remediation partners who can operate at the edge, Project Glasswing’s playbooks remain exactly that — playbooks, not outcomes.

Mythos Preview Industry Dialogue

Viakoo’s Expert Response

John Gallagher, VP of Marketing at Viakoo, was asked to comment on the following question for the Mythos Preview industry forum.

Mythos Preview Industry Forum — April 2026

“If AI can find vulnerabilities faster than organizations can fix them, what breaks first: patching models, security teams, or business operations?”

With organizations now managing 5 to 10 times more network-connected OT, IoT, and CPS devices than traditional IT systems, the first thing to break under accelerated AI-driven vulnerability discovery will be business operations reliant on these non-IT environments. OT patching models are already fractured and inadequate. They remain largely manual or device-specific — consider FDA-regulated medical devices or manufacturing systems that require scheduled downtime for updates. Unlike IT, which benefits from mature, automated patch management, the OT/IoT landscape — with over 150,000 distinct operating systems — lacks scalable automated solutions, let alone the autonomous capabilities needed to counter rapidly emerging exploitations like those uncovered by Mythos.

Current security strategies focus heavily on vulnerability discovery and risk prioritization — the “find and notify” approach — but fall short on the operational realities of timely remediation. Without an autonomous patch deployment process, surfacing exploitable vulnerabilities will inevitably bring OT/IoT/CPS systems to a halt. This operational breakdown will force a fundamental shift in security team structures, incorporating line-of-business managers who oversee OT systems and expanding governance to fully encompass these environments. Moreover, Mythos-driven exploits will stress credential and configuration management, demanding faster, more autonomous controls.

To meet this urgent threat, organizations must reframe OT patching as a continuous, autonomous process embedded within operational workflows — not a periodic project or an afterthought. Immediate priorities include investing in precise asset visibility, integrating automated OT remediation where feasible, and aligning security, IT, and OT teams around unified risk-reduction metrics. Without addressing these practical constraints, faster vulnerability detection will only magnify exposure and exacerbate risk, rather than mitigate it.

— John Gallagher, VP Marketing, Viakoo  |  April 14, 2026

From the Viakoo Blog

Read the Full Analysis

John Gallagher’s full blog post explores the Mythos Inversion in depth — what it means for OT/IoT security, why the current defensive posture is insufficient, and what organizations must do now.

📝
Viakoo Blog  ·  April 10, 2026  ·  John Gallagher

The Mythos Inversion: Why We Need Remediation at Scale — Now.

The cybersecurity landscape has shifted beneath our feet. With the unveiling of Anthropic’s Claude Mythos Preview and the launch of Project Glasswing, we have reached a definitive inflection point. This post examines why the alarm bells are loudest at the edge — and what Viakoo is doing about it.

Read the full post →

Ready to Build the Action Layer?

See how Viakoo’s autonomous Action Platform remediates OT/IoT vulnerabilities at the speed and scale the Mythos era demands.

Request a Demo
Explore the Platform