The Exploitation Era
Why EMEA organisations cannot out-patch frontier AI alone – and what to do about it
Alex Martin, Cyber Services Director
01
A year of focused transition
Mandiant’s M-Trends 2026 report – drawn from more than 500,000 hours of incident response in 2025 – confirms a pattern that has been building for half a decade. For the sixth consecutive year, exploitation of a vulnerability is the most frequently observed initial infection vector, accounting for 32% of intrusions where Mandiant could attribute a root cause. Voice phishing (11%), prior compromise (10%) and stolen credentials (9%) follow, but exploitation remains structurally dominant.
Exploits accounted for 51% of initial infections in Mandiant’s 2025 EMEA investigations, up from 39% in 2024 and well ahead of the global figure. Email phishing (12%) and prior compromise (9%) trail by a wide margin. EMEA organisations now face an intrusion economy in which more than half of confirmed breaches begin with an attacker exploiting a known or zero-day flaw in an internet-facing system.
32%
Global exploitation rate
51%
EMEA exploitation rate
20d
Median dwell time (EMEA)
60%
Internal discovery rate
The vulnerabilities being weaponised are not obscure. The three most frequently exploited CVEs in Mandiant’s 2025 caseload – CVE-2025-31324 (SAP NetWeaver Visual Composer), CVE-2025-61882 (Oracle E-Business Suite) and CVE-2025-53770 (Microsoft SharePoint ‘ToolShell’) – are all unauthenticated, internet-exposed enterprise platforms. Each was exploited as a zero-day before vendor patches were available, then weaponised at scale as an n-day by multiple separately tracked clusters, including PRC-nexus espionage groups and the FIN11 / CL0P extortion ecosystem.
Google Threat Intelligence Group’s mean Time-to-Exploit (TTE) figure tells the same story in a single number: 63 days in 2018, -1 day in 2024, and an estimated -7 days in 2025. A negative number means the average vulnerability is now exploited before a patch is publicly available. Edge and core network devices – firewalls, VPN concentrators, mail gateways – are disproportionately targeted because they sit outside endpoint telemetry. Run Google Threat Intelligence Group’s mean Time-to-Exploit (TTE) figure tells the same story in a single number: 63 days in 2018, -1 day in 2024, and an estimated -7 days in 2025. A negative number means the average vulnerability is now exploited before a patch is publicly available. Edge and core network devices – firewalls, VPN concentrators, mail gateways – are disproportionately targeted because they sit outside endpoint telemetry, run minimal operating systems that cannot host EDR, and are routinely excluded from vulnerability management altogether.
Time-to-Exploit: the collapse of the patching window
63 Days
2018
-1 Day
2024
-7 Days
2025 (EST.)
EMEA detection has improved – internal discovery rose from 41% to 60% of cases year-on-year and median dwell time fell to 20 days – but those gains are still measured in weeks, against an exploitation timeline measured in hours. The maths does not balance.
02
Frontier AI is about to make this worse, not better
Mandiant’s frontline data describes the world as it already is. The Cloud Security Alliance’s “AI Vulnerability Storm” briefing (May 2026), authored with SANS, OWASP and a roster of former national-security CISOs, describes the world that is arriving in months, not years.
The trigger event is Anthropic’s Claude Mythos preview, released to a vetted partner programme called Project Glasswing in April 2026. In controlled testing, Mythos generated 181 working exploits against Firefox where Claude Opus 4.6 — the previous generation — succeeded only twice under identical conditions. Across all participating projects it identified thousands of zero-day vulnerabilities at a 72% exploit success rate, including a 27-year-old flaw in OpenBSD. (Kudos to companies like Mozilla and CloudFlare who have been so open about their results with Mythos.)
181
Working exploits vs Firefox
72%
Exploit success rate
271
Firefox bugs found (Mozilla)
The downstream evidence is consistent. Mozilla disclosed in May 2026 that the Mythos-powered pipeline found 271 latent security bugs in Firefox 150 (180 HIGH, 80 MODERATE, 11 LOW), including a 15-year-old element bug and a 20-year-old XSLT use-after-free. Cloudflare, applying Mythos to more than fifty of its own repositories, reported that the model does two things earlier generations could not: it constructs full exploit chains from low-severity primitives, and it generates a working proof-of-concept that compiles, runs and confirms exploitability without human guidance.
CSA’s timeline of capability releases is also instructive. XBOW topped the HackerOne US leaderboard as an autonomous agent in June 2025; Google’s Big Sleep found 20 real-world zero-days in open-source projects in August 2025; DARPA’s AIxCC finals identified 54 vulnerabilities across 54 million lines of code in four hours of compute. In November 2025 Anthropic disclosed the first AI-orchestrated espionage campaign — a state-sponsored group running full reconnaissance-to-exfiltration chains across roughly thirty global targets using Claude Code. In February 2026 Sysdig documented an AI-driven attack that reached administrator-level access in eight minutes.
Mythos reaches critical infrastructure
On 2 June 2026 Anthropic announced it was extending Project Glasswing to a further 150 organisations across more than fifteen countries, including power, water, telecommunications and healthcare providers — sectors where, by Anthropic’s own estimate, a successful breach “could affect more than 100 million people.” Mythos-class capability is not a research artefact; it is being deliberately diffused into the global software supply chain, and competing frontier and open-weight models are expected to follow within months.
The asymmetry the CSA report identifies is structural. AI lowers the cost and skill floor for discovering and exploiting vulnerabilities faster than organisations can patch them. The window between vulnerability existence and weaponisation has collapsed to hours. Each new patch is itself an exploit blueprint, because AI accelerates patch-diffing and reverse engineering of fixes. The CVE/NVD infrastructure, built for dozens of critical CVEs per month, is on track to receive hundreds. Quarterly penetration testing and reactive patching cycles, the operating cadence of most enterprise security programmes, were not designed for this environment.
03
The starting position: most organisations were already behind
In the work Reliance Cyber undertakes across UK and EMEA mid-market and enterprise clients, the consistent finding is that the fundamentals were already strained before Mythos appeared. Three weaknesses recur.
Asset and exposure discovery is incomplete
CSA’s risk register places “incomplete asset and exposure inventory” in the HIGH category for one reason: AI-accelerated attackers can now enumerate an organisation’s external footprint faster than the organisation can manually inventory it. Mandiant’s own observation on edge devices is blunter – “sub-standard telemetry” and missing inventories make compromise assessment difficult after the fact, and impossible to prevent in advance. SAP NetWeaver, Oracle EBS and SharePoint were not exotic targets; they were enterprise platforms that many organisations did not know they had exposed.
Vulnerability management is reactive and quarterly
The traditional model – scheduled scans, monthly patch windows, change advisory boards – was built around the assumption that patches would be available before exploitation began. With TTE at -7 days, that assumption no longer holds. Mandiant observed at least four threat clusters exploiting CVE-2025-31324 as a zero-day in early 2025, with six further clusters joining in after the April patch. Defenders who patched within thirty days were exploited; defenders who patched within seven were still exploited. Speed of remediation, not presence of a process, is now the variable that matters
Network architecture assumes a perimeter that no longer exists
CSA’s eighth risk – “network architecture insufficient for lateral movement containment” – is the one most often deprioritised in budget cycles, and the one that will hurt most when an exploitation chain succeeds. A flat or shallowly segmented network turns every single exploit into 1:N leverage. UNC5221’s 2025 campaign against edge VPN appliances – two zero-days in the same product over three months, followed by lateral movement into virtualisation and backup management planes – is the template attackers are now generalising.
The regulatory and commercial baseline is rising in parallel
DORA, NIS2, the EU AI Act and updated insurer expectations are tightening the evidentiary bar for asset inventories, patch SLAs, segmentation, identity controls and incident response timelines, just as the technical bar moves out of reach for in-house teams operating at human speed. CSA’s observation is unsentimental: “we cannot outwork machine-speed threats.” The conclusion is not that internal teams are inadequate – it is that the workload has decoupled from human capacity. Skilled security engineers are a scarce, multi-year resource; the threat is on a months-to-weeks proliferation curve.
Waiting for internal capability to catch up is therefore not a strategy
The organisations that maintain pace will be those that combine automation, continuous discovery and a small number of high-leverage architectural controls – and that recognise these are best delivered, at least in the near term, through partners who already operate the platforms at scale.
Waiting for internal capability to catch up is therefore not a strategy. The organisations that maintain pace will be those that combine automation, continuous discovery and a small number of high-leverage architectural controls — and that recognise these are best delivered, at least in the near term, through partners who already operate the platforms at scale.
04
The operating model: automate discovery, automate remediation, contain by design
The Mandiant remediation guidance and the CSA “Mythos-ready security programme” converge on the same four-part pattern: discover continuously, prioritise by exploitability, remediate at machine speed, and contain through architecture. Reliance Cyber’s service portfolio is built around exactly this pattern.
Discover what attackers see — EASM powered by Google Threat Intelligence
External Attack Surface Management, delivered on the Google Threat Intelligence platform, provides continuously refreshed visibility of an organisation’s internet-facing estate — known and unknown assets, exposed services, certificate hygiene, and live correlation against Mandiant’s observed exploitation activity. Where in-house inventories rely on point-in-time CMDB extracts, EASM matches the cadence at which Mythos-class capabilities will be enumerating the same surface from the outside. This is the precondition for everything that follows.
Identify and triage in cloud — Cloud Security Posture Assessments powered by Wiz
Reliance Cyber’s Cloud Security Posture Assessments are built on Wiz’s agentless, graph-based cloud-native scanning to identify and triage vulnerabilities, misconfigurations, exposed identities and toxic combinations across AWS, Azure and GCP estates. The output is not a list of findings; it is a prioritised, exploitability-weighted view of the cloud paths an attacker would actually take. This is precisely the model CrowdStrike’s “Mythos Is a Wake-Up Call” briefing argues for: prioritise by exploitability, not volume.
Automate the patching pain on premises/EUC — Qualys VMDR with integrated Patch Management
Qualys VMDR + Patch Management, delivered as a managed service, closes the loop between detection and remediation. Continuous discovery, risk-based prioritisation using TruRisk scoring, and integrated zero-touch patch orchestration allow an organisation to move from a quarterly cycle to a continuous one. When CSA’s recommended action item — “Prepare for Continuous Patching” — lands as a 45-day deadline rather than a 12-month roadmap, the only realistic answer is to automate the discovery, prioritisation and deployment of patches end-to-end. That is what the platform exists to do, and what most internal teams are not currently staffed to operate at the required tempo.
Contain by design — Zero Trust and ZTNA, delivered with Cato Networks
Reliance Cyber’s engineering practice advises on Zero Trust architecture and, in partnership with Cato Networks, delivers Zero Trust Network Access (ZTNA) on a single converged SASE fabric: deep segmentation, identity-based application access, micro-perimeters around the trusted service infrastructure (identity providers, backup planes, virtualisation management) that Mandiant identifies as the new ransomware target surface, egress filtering (which, per CSA, “blocked every public log4j exploit”), and phishing-resistant MFA on every privileged path. These are the controls that decide whether a successful exploit becomes a single-system incident or a business-disrupting breach. They are also the controls that, once architected correctly, do not need to be rebuilt for every new CVE.
In Conclusion
Mythos is not the last frontier model. The CSA authors are explicit: it is the first wave. Open-weight models with comparable capability are expected within six to twelve months. The defensive posture that works is the one that assumes a continuous flow of high-severity disclosures, an exploitation window measured in hours, and a regulatory environment that will hold boards accountable for both. Building that posture in-house, from a standing start, is a multi-year programme. Operating it through partners who already run the platforms, the threat intelligence feeds and the engineering practices — EASM on Google Threat Intelligence, Qualys VMDR + Patch Management, Wiz, and a Zero Trust / ZTNA architecture delivered with Cato Networks — is the credible path to keeping pace.
Companies cannot wait for their internal resources to catch up with the threat. By the time they have, the threat will have moved on. The organisations that hold the line will be the ones that automate the work that can be automated, harden the architecture that contains the work that cannot, and let specialist partners carry the platforms in between.
SOURCES
- Mandiant M-Trends 2026 (Google Cloud / GTIG, April 2026) – global and EMEA initial infection vectors, dwell time, most exploited vulnerabilities, edge device targeting.
- Cloud Security Alliance, SANS, [un]prompted, OWASP Gen AI Security Project – The “AI Vulnerability Storm”: Building a “Mythos-ready” Security Program (v1.0, 12 April / 1 May 2026).
- Mozilla Hacks – Behind the Scenes Hardening Firefox with Claude Mythos Preview (Grinstead, Holler, Braun; 7 May 2026).
- Cloudflare Blog – Project Glasswing: what Mythos showed us (Grant Bourzikas; 18 May 2026).
- Engadget – Anthropic expands its Claude Mythos preview to more partners (Igor Bonifacic; 2 June 2026).
- CrowdStrike CrowdCast – Mythos Is a Wake-Up Call: Five Steps to Prepare for Frontier AI (Zaitsev, Munchbach).