Anthropic's Mythos AI system is expected to dramatically accelerate vulnerability discovery, intensifying an already strained vulnerability management ecosystem. In response, Anthropic has explicitly endorsed the Exploit Prediction Scoring System (EPSS) — a probabilistic, machine-learning-driven model — as a triage tool to prioritize which CVEs to patch first. EPSS, developed by Empirical Security and published through FIRST, scores all CVEs daily based on likelihood of exploitation within 30 days, and has been adopted by over 120 security vendors including CrowdStrike, Cisco, and Palo Alto Networks. Security leaders are divided: some see EPSS as essential for scaling vulnerability prioritization, while others argue it relies on lagging data and is already obsolete in an era where time-to-exploit is collapsing to minutes. The challenge will grow further as AI models like Mythos uncover millions of vulnerabilities that fall outside the CVE framework entirely, requiring new probabilistic models for clouds, configurations, and application-specific flaws.
Sort: