If you thought you could still use pre-Mythos cybersecurity approaches, you are deluding yourself and your board. The post-Mythos world has significantly changed how we must approach becoming breach ready.
The stark reality is that adversaries will be faster, far more adaptive, and able to combine multiple data points to construct attack scenarios in ways we humans have not yet thought of.
I met many cybersecurity leaders, practitioners, and industry experts at the BSides event, and almost all of them had a doomsday view of the impact Project Glasswing and its successors will have on digital survivability.
Is the world ending? Maybe not.
But the Mythos moment has certainly changed digital innovation.
Is there something we need to change?
Absolutely.
Certainly.
And immediately.
The AI-powered future is not just about using AI for automation. It is about changing the game by architecting cybersecurity with a focus on survivability.
My LinkedIn and other social posts show an alarming divide among industry leaders. It seems a part of the world is either unaware of the gravity of this development or has chosen to ignore the possible consequences, as they gallop toward the benefits of adopting AI, AGI, and all fancy toys on the horizon to innovate and grow. And then there are those who are scared.
And on the other side are POVs from different cybersecurity organizations who see this development as alarming and are quickly trying to reassure their customers about how to address the situation and its cascading effects.
I have a suggestion for both sides. And yes, if you confuse urgency with haste, it probably sounds contradictory.
Change. But start slowly, because direction is more important than speed.
Paulo Coelho’s comment on change seems the most relevant to enterprises considering the next wave of digital and AI innovation.
At the time of writing this blog in May 2026, the time required for attackers to develop an exploit for a known vulnerability has shrunk from 125 days in 2025 to just 0.5 days, or 12 hours, as of April 2026. Experts warn that as Mythos-class capabilities become widely available over the next 6 to 12 months, this 12-hour window will likely become the baseline rather than the exception. Once an attack identifies a vulnerability, it can quickly map networks, compromise identities, and move laterally across cloud infrastructure within minutes, outpacing traditional, human-dependent detection tools.
The Reference Architecture to Survive the Next Breach and Possibly Thrive
Here’s what I feel are the crucial, critical, and urgent steps the world needs to undertake if we have to survive and thrive in a post-2026 world that will see further development of AI-powered tools that can be misused to disrupt digital innovation.
Yes, some of these will take serious architecting, akin to Paulo Coelho’s call to “start slowly.” Some others may be disruptive, so direction is important, but this is the time to reinvent your ability to become breach ready.
In the end, all of them together will help enterprises, communities, and nations become breach ready.
Step 1: Gain Panoptic Visibility About Your Digital Enterprise
Assuming you already know your digital landscape, roll up your sleeves and get busy redefining how different systems will ensure that all business-essential communications are maintained at all times. To do this, you need a foundational microsegmentation technology that provides you with ready visibility into how different systems communicate.
Will it take a long time? It depends on how you go about it.
As Rajesh Khazanchi says, most “Zero Trust” programs are stuck at the same step.
Not policy.
Not identity.
Not the architecture.
The key missing element is enforcement.
The challenge is how you perceive the deployment.
Microsegmentation technology in 2026 can integrate with the most widely available EDR technologies, such as CrowdStrike, Microsoft Defender, and SentinelOne, as well as many others.
Most of these tools already possess the intelligence necessary to establish panoptic visibility into how different systems communicate in minutes.
Yes, not days or weeks. Because the intelligence exchange happens at machine speeds.
A bidirectional integration ensures that the microsegmentation core learns about the security patterns in your digital landscape and can enforce least-privilege rules.
These rules will ensure only business-essential communications will prevail.
Everything else will suddenly become malicious.
That is your signal. And an indicator of a possible attack.
Step 2: Determine the Maximum Acceptable Material Risk and the Related Minimum Viable Digital Enterprise
In my experience working with breach-ready enterprises, I have found one common trait. They knew how much material impact they were unwilling to accept and, therefore, which parts of the enterprise needed to remain unaffected to protect business outcomes.
Investment in breach readiness is directly related to the acceptable level of material impact an organization can accept from cyberattacks. This is the first information that CISOs must seek, and boards must provide. Let us call this MAMI, or Maximum Acceptable Material Impact.
The second input for CISOs is more operational, but it is connected to the acceptable material impact. That is the portion of the digital enterprise that should remain intact and operational even during cyberattacks, the Minimum Viable Digital Enterprise, or MVDE. MVDE serves as both a starting point for entrepreneurial ventures and a cyber-resilient operational framework for mature enterprises in the modern digital economy.
These inputs are clear directives to the CISO to invest in a resilient digital enterprise that ensures critical digital operations remain operational, even during unprecedented cyberattacks. In a post-Mythos world, this is the most important guiding principle for building a breach-ready digital enterprise.
For a long time, leaders have said, “We have a BCP,” and yet they have still faced uncomfortable material impact.
Yes, a BCP is essential. But it is no longer enough. Because the math does not add up. If your Maximum Acceptable Material Impact is 1% of the overall business, recovering 15–20% of critical business will not make the business 99% operational.
Thus, when the attacker is AI-powered or is a rogue AI, an MVDE-focused digital operation is essential. The recovery-focused BCP is invoked only for areas affected by the breach.
Step 3: Redefine Your Zones, Microsegments, and Conduits
Zoning is not a new concept. It has appeared in multiple standards, such as ISO 27001 and ISA 62441.
But it is seldom implemented from a breach-ready perspective.
Zones are groups of digital assets that share the same cybersecurity requirements. Zones may be further subdivided into microsegments that deny lateral movement. All microsegments and hence all zones must be interconnected using controlled conduits. Controlled conduits may be disconnected during cyberattacks, when necessary, to disrupt an attack and isolate affected areas.
What Is Breach Ready Zoning?
For a long time, we have defined zones based on business functions, such as prod/non-prod, operational functions, such as supervisory/control/physical, geography, such as country/state/city, department, such as sales/finance/research/quality, or even organizational hierarchy, such as senior management/secretarial/engineers, but never based on MVDE.
The breach ready zoning strategy is based on the Maximum Acceptable Material Impact, or MAMI, and the Minimum Viable Digital Enterprise, or MVDE.
Zones 1 and 2 should be the bulk of the MVDE the organization expects to remain unaffected, because they empower key components of the business. Zone 1 would include systems that operate 24/7, most of which might be in OT or other critical areas, while Zone 2 would include those that are critical but can be taken offline if push comes to shove.
Zones 3 and 4 would contain users whose EDR tools, when integrated with the microsegmentation platform, can discern behavioral anomalies because someone tried privileged access in a zone where such access is denied. And everything else would belong to Zone 5. The most important aspect of the zoning is to determine microsegments based on material impact and related cybersecurity investments.
Modern microsegmentation is pervasive across data centers, offices, endpoints, industrial systems, OT, and the cloud. And because modern microsegmentation can integrate with EDR, the zoning strategy can be deployed within a few days through progressive implementation.
Should an attack impact your MVDE, that is your second signal, and the next indicator of material impact.
Step 4: Prepare to Build Immunity by Deceiving and Denying the AI Attacker
The breach ready zoning strategy establishes a significantly reduced attack surface. Denied lateral movement within zones and within microsegments will result in an extremely hardened digital enterprise. While valid users roam unobstructed, all stolen identities exhibiting anomalous behavior need to be lured, trapped, and evicted.
The focus of AI-powered cyberattacks is speed, complexity, and scale. Not direction, or fine-grained verified focus. And this is where AI-powered deception steps in. Today’s sophisticated deception technology engages with attackers in real time, providing them with apparently vulnerable digital replicas of the enterprise.
The focus of the deception tool is to learn the attacker’s tactics, techniques, behavior, and procedures and communicate that to the microsegmentation core, the EDR, the SASE engine, the VPN, the edge devices, and the firewalls, which can deny the attacker access to the enterprise. This means that the enterprise remains unaffected even when attacks happen.
Should future AI agents begin to get trained to sense deception, the hardened enterprise will not provide enough elbow room to navigate.
Step 5: Exercise, Practice, and Evolve to Become Breach Ready
Once the breach-ready digital enterprise is established, with clear accountability for breach visibility, monitor the MVDE and document everything. Policies, procedures, operational playbooks, and configuration runbooks that can be triggered at every indicator of an attack.
The main objective of the breach ready zoning strategy is to deny AI-powered attackers the ability to find attackable targets. Once the reduced attack surface begins to get monitored by your AI-powered security operations centers, you now have the ability to model cyber defenses, build crisis management playbooks, and run attack simulations.
This is especially important for nontechnical teams. Legal, HR, communications, executive leadership, research, quality, manufacturing, and fraud management. Everyone needs to know their role in a breach, what signals the start of that role and what marks an end.
And then you have external stakeholders. These may be regulators, customers, partners, suppliers, outsourced staff, and even those who do not have digital duties.
Every role needs to be documented.
Every person needs to be trained.
Breach readiness needs to be practiced.
And if there are gaps, the practices need to evolve.
Call to Action
Every CISO must prepare to revamp how we prepare for the next breach today.
Every cybersecurity architect and consultant needs to go back to the drawing board and transform our cybersecurity postures to be breach ready by default.
Rather than a destination to be reached, breach readiness is an ongoing discipline. Much like physical exercise, sustaining it calls for disciplined practice, continuous review, especially after every business change, and a commitment to ensure that the MVDE evolves with time.
In summary, if you are still designing your cybersecurity to withstand the next cyberattack using the design principles of the pre-Mythos moment, you are setting your organization up for failure.
Begin with a breach readiness impact assessment. Find out whether you can really be attacked by the next AI-powered attacker, and the baby steps you can take immediately if that unfortunate situation occurs.
Connect with us to start building a breach ready architecture that can withstand what comes next.
