Zero Trust in Practice: What Actually Breaks in Real Environments
Most Zero Trust discussions sound great on paper—but implementation tells a different story. From recent hybrid deployments, here’s what actually breaks: Identity gaps Service accounts without MFA Legacy apps bypassing Conditional Access Device trust issues -Non-compliant endpoints still accessing critical apps -BYOD without proper posture checks Network assumptions Internal traffic still implicitly trusted Flat VLANs enabling lateral movement What worked well: Enforcing Conditional Access (device + user risk) ZTNA replacing VPN for application-level access -Micro-segmentation (Fortinet / host-based controls) Key takeaway: Zero Trust is not a product—it’s a continuous enforcement model across identity, device, and network layers.
MFA Downgrade Attacks: Good to know.
Short article on MFA downgrade attacks; provides the basics on what it is and how to defend. Good to know for considering your own policies and processes when folks lose devices. https://www.scworld.com/perspective/why-mfa-downgrade-attacks-could-be-the-next-ai-security-crisisClaude Mythos: The Next Frontier of Autonomous Cyber Intelligence
Model Performance and Capabilities Claude Mythos represents a significant performance leap for Anthropic, reportedly beating their current best Opus model by a large margin. This kind of improvement hasn't been seen since OpenAI released their reasoning model O1 in September 2024. Key performance metrics include: Coding ability: 77% on SWE-Bench Pro (compared to Opus at 53%) Terminal usage: Substantial improvements in the model's ability to use terminal commands General purpose: Despite the cybersecurity focus in marketing, Mythos is a general-purpose LLM like other Claude models Cybersecurity Focus and Access Restrictions Anthropic has positioned Mythos around cybersecurity concerns, emphasizing AI as a potential national security risk - similar to OpenAI's approach with GPT-2 in 2019. However, the model is not cybersecurity-specific but rather a general-purpose AI. Limited Release Strategy: Anthropic has restricted access to select partners, most of whom are investors in the company: Microsoft (Series C and G investor) NVIDIA (Series G) JP Morgan (conventional loan, May 2025) Google (Series C and E, plus convertible debt) Amazon (Series D and E) Cisco (Series E) Market Implications and Competitive Advantages This restricted access creates what the video calls "privatization of tokens," giving certain companies advantages in: Cybersecurity: Finding vulnerabilities (benefiting companies like Cisco, Palo Alto) Legal services: Discovering legal loopholes and litigation strategies Finance and software development: Enhanced capabilities across various domains The core issue isn't cybersecurity itself, but rather the rapid improvement in AI capabilities outpacing society's ability to adapt. Infrastructure and Pricing Infrastructure Dependencies: Despite committing $50 billion to data centers in Texas and New York, Anthropic still relies on partners (Amazon, Google, Microsoft) for training and inference. Pricing Structure: Mythos will cost $125 per million output tokens Available through cloud APIs (Amazon Bedrock, Google Cloud Vertex, Microsoft Foundry) Unlikely to be included in subsidized Pro and Max plans Comparable to OpenAI's GPT-4 Pro at $180 per million tokens Business Strategy and Market Position IPO Positioning: The Mythos release strategically positions Anthropic for a potential IPO, with the company recently surpassing OpenAI by achieving $30 billion in annualized run rate (ARR) - though this is run rate rather than the more conservative annual recurring revenue metric. Adoption Challenges: The rapid advancement creates both excitement and concern, highlighting the growing divide between companies that adopt AI quickly and those that don't. The key is matching the right level of AI intelligence to appropriate tasks rather than using premium models for basic workflows. Future Outlook Based on historical patterns (like DeepSeek R1 catching up to OpenAI's O1 within 5 months), the performance gap created by Mythos will likely be bridged by competitors relatively quickly. The real competitive advantage lies in how quickly companies can adopt and properly allocate AI intelligence to solve complex problems.Have you encountered any instances where QR codes were used as part of a phishing attempt targeting your organization?
What steps did you take to immediately secure your organization and to improve education of the staff? Check out this article, Navigating the Threat of QR Codes as a Gateway to Data Theft.A simple way to visualize the need for Cyber Resilience
The need for cyber resilience is persistent. I use these sites to help me show folks that attacks and malicious activity are non-stop!!! Real-time and graphical, a good reminder to keep Cyber Reliance as a top priority: Checkpoint: https://threatmap.checkpoint.com/ BitDefender: https://threatmap.bitdefender.com/ Radware: https://livethreatmap.radware.com/maintenance/maintenance.html And for a summary on Ransomware, Ransomware Live: https://www.ransomware.live/Modernizing Mainframe backups for Comprehensive Cyber Resilience Strategy
I've been talking to our Healthcare Payer customers, as well as almost all of the Fortune 500, about how Pure can help to incorporate Mainframe backup and recovery into their overall Cyber Resilience strategy. It is best practice to protect your data across the enterprise and with our Luminex + Pure solution, all your data can be protected under one plan. I'm interested to hear if anyone else is finding challenges with this process.
