Sweet Security Launches Agentic AI Red Teaming to Counter ‘Mythos Moment’

The Mythos Moment can be defined as the moment when industry fully realized that human security has no chance of matching the speed and volume of AI-assisted cyberattacks. The CSA responded to the Mythos Moment with advice in The ‘AI Vulnerability Storm’: Building a ‘Mythos-ready’ Security Program.  It wrote, “Introduce AI agents to the cyber workforce across the board enabling defenders to match attackers’ speed and begin closing the gap.” This is good advice if you can do it. From within the thousands of vulnerabilities being found, only some will be relevant to any one environment, and even fewer will be exploitable within that configuration. These are the vulnerabilities that need to be remediated fast – the rest can be safely ignored (at least for the time being). The difficulty is finding and fixing exploitable vulnerabilities while keeping pace with the new vulnerabilities being continuously discovered or introduced. Agentic AI Red Teaming offers a theoretical solution but would require a deep knowledge of each infrastructure concerned.  Frontier models are brilliant generalists, but they don’t know individual clouds. So, an agentic system must be designed specifically for its user’s own environment. Security teams then have the additional problem of maintaining the agents’ contextual knowledgebase. Sweet Security is offering a potential solution, simultaneously providing automated continuous agentic red teaming built on an automatic and detailed knowledge of each client’s own infrastructure – Sweet Attack.  “Since day one, Sweet has been indexing runtime data directly from inside our customers’ environments: runtime topology, unencrypted Layer 7 exposure, deployed source code, identity paths, and live application behavior,” Sweet explains. “That index is the substrate the agent reasons over. A frontier model on its own can hypothesize about an environment; Sweet Attack knows the environment.” Sweet Security automatically provides and maintains the full context necessary for Sweet Attack to operate. The agent doesn’t have to guess on attack paths through the environment to exploit the vulnerability. It can see, says Sweet, “The roads most traveled, where the water actually runs – not theoretical paths with no data behind them. There’s a heuristic guiding which options and traversals are worth exploring, and which aren’t. It only goes where there is a path worth walking.” Since this is done by a machine at machine speed continuously, there’s no waiting for the next scheduled human red team operation, nor concern over tiredness, boredom, stress or any other human condition that could result in something present being missed. “Other tools enumerate every possible path. Sweet Attack finds the ones an attacker would actually take,” Yigael Berger, chief AI officer at Sweet Security, told SecurityWeek, “because it’s reasoning over the real environment, not a model of one.” This real environment is the complete environment, including any shadow IT and shadow AI that may be unknown to the human Red Team. Sweet Attack discovers runtime assets and behaviors that might not be formally documented, including shadow AI components, AI agents, MCP servers, tools, packages, APIs, and other infrastructure elements – including itself. It does this continuously and rapidly. If DevOps introduces a new vibe coded app, or if an employee quietly downloads a SaaS app, Sweet Attack will reevaluate potential attack paths as soon as any new component appears in the runtime environment. Knowing which vulnerabilities can be exploited by understanding any and all attack paths that can reach them provides a timetable for vulnerability remediation. Inconsequential vulnerabilities can be ignored, knowing they will continuously be reevaluated if new additions to the infrastructure create new attack paths. One beta tester, the CISO at Cast & Crew, commented that his environment had employed third party red teamers annually, always resulting in clean reports. “Sweet Attack ran for three days and surfaced fully exploitable attack chains those engagements never came near. It did not end there – Sweet Attack gave us a concrete mitigation and remediation action plan that had us completely secure within two hours.” The purpose of Sweet Attack is to do what the CSA recommends: “begin closing the gap” between AI-assisted attackers and AI-assisted defenders. It is available now to Sweet Security customers. Related: ‘Claude Mythos’ – A Cybersecurity Breakthrough That Could Also Supercharge Attacks Related: The Mythos Moment: Enterprises Must Fight Agents with Agents Related: Chinese Cybersecurity Firm’s AI Hacking Claims Draw Comparisons to Claude Mythos Related: Furl Raises $10 Million for Autonomous Vulnerability Remediation WRITTEN BY Kevin Townsend Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines. More from Kevin Townsend Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware Build Application Firewalls Aim to Stop the Next Supply Chain Attack Claude Code OAuth Tokens Can Be Stolen Through Stealthy MCP Hijacking AI Coding Agents Could Fuel Next Supply Chain Crisis Hacker Conversations: Joey Melo on Hacking AI Anthropic Unveils Claude Security to Counter AI-Powered Exploit Surge AI Fuels ‘Industrial’ Cybercrime as Time-to-Exploit Shrinks to Hours Cyber Insurance Data Gives CISOs New Ammo for Budget Talks Latest News Microsoft, Palo Alto Networks Find Many Vulnerabilities by Using AI on Their Own Code Webinar Today: ROI for Cyber-Physical Security Programs Government to Scrutinize Instructure Over Canvas Disruption, Data Breach 716,000 Impacted by OpenLoop Health Data Breach Microsoft Patches Critical Zero-Click Outlook Vulnerability Threatening Enterprises Fortinet, Ivanti Patch Critical Vulnerabilities Chipmaker Patch Tuesday: Intel and AMD Patch 70 Vulnerabilities Hundreds of Malicious Packages Force RubyGems to Suspend Registrations Trending Webinar: ROSI For CPS Security Programs May 13, 2026 In cyber-physical systems (CPS), just one hour of downtime can outweigh an entire annual security budget. Learn how to master the Return on Security Investment (ROSI) to align security goals with the bottom-line priorities. Register Virtual Event: Threat Detection And Incident Response Summit May 20, 2026 Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. Register People on the Move Malwarebytes has named Chung Ip as Chief Financial Officer. Semperis has appointed John Podboy as Chief Information Security Officer. Randy Menon has become Chief Product and Marketing Officer at One Identity. More People On The Move Expert Insights Is The SOC Obsolete, And We Just Haven’t Admitted It Yet? Many AI-first enterprises have already embraced sovereign architectures for general AI initiatives; cybersecurity—and the SOC—should be next. (Danelle Au) The Mythos Moment: Enterprises Must Fight Agents With Agents Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. (Etay Maor) Why Cybersecurity Must Rethink Defense In The Age Of Autonomous Agents From autonomous code generation to decision-making systems that initiate actions without human intervention, the industry is entering a new phase. (Torsten George) Government Can’t Win The Cyber War Without The Private Sector Securing national resilience now depends on faster, deeper partnerships with the private sector. (Steve Durbin) The Hidden ROI Of Visibility: Better Decisions, Better Behavior, Better Security Beyond monitoring and compliance, visibility acts as a powerful deterrent, shaping user behavior, improving collaboration, and enabling more accurate, data-driven security decisions. (Joshua Goldfarb) Flipboard Reddit Whatsapp Email