IN Darktrace’s Mythos vs Ethos piece, Andrew Hollister explains that AI systems such as Mythos are accelerating vulnerability discovery to the point where attackers may exploit flaws before public disclosure, undermining the traditional CVE-driven model. The article notes that publicly disclosed vulnerabilities have grown at double-digit rates over the past two years, including a 32% increase in 2024 according to NIST, highlighting how AI is lifting the tempo even before Mythos.
It argues patch velocity alone cannot defend organisations, since asset sprawl and governance often slow remediation, and instead advocates a shift to continuous behavioural understanding that does not rely on known vulnerabilities. In this new defender model, a stable anchor is needed because disclosure can no longer define when defence begins; indicators come from learning what is normal within a given environment and detecting deviations at machine speed.
Darktrace cites real-world detections, including pre-disclosure observations of Ivanti, SAP NetWeaver, and Trimble Cityworks, to illustrate how behavioural signals can reveal risk ahead of public CVEs.