AI in Cybersecurity: Mythos Capabilities Matched by Open Source

Jaya Baloo, Chief Information Security Officer at Cisco, discussed the evolving role of artificial intelligence in cybersecurity during a recent Bloomberg Tech segment. Baloo highlighted a critical shift: the capabilities of advanced AI models, like Anthropic's Mythos, are increasingly being matched by smaller, more accessible open-source alternatives. This development has significant implications for how organizations approach cybersecurity, particularly in the discovery and mitigation of vulnerabilities.

The full discussion can be found on Bloomberg Technology's YouTube channel.

Jaya Baloo's Perspective

Jaya Baloo is a prominent figure in the cybersecurity world, known for her leadership roles and insights into emerging threats and defensive strategies. As CISO at Cisco, she is at the forefront of protecting global networks and data from sophisticated cyberattacks. Her perspective is shaped by years of experience in the trenches of cybersecurity, making her insights particularly valuable for understanding the practical implications of AI in the field.

The Democratization of AI in Cybersecurity

Baloo emphasized that the idea of proprietary AI models holding a unique advantage in cybersecurity is becoming outdated. She explained that smaller, open-source models are rapidly closing the gap, offering comparable performance at a fraction of the cost and with greater accessibility. This democratization of AI capabilities means that more organizations, regardless of their size or budget, can now leverage advanced AI for tasks such as identifying software vulnerabilities.

"One of the things that we're seeing is that Mythos capabilities are matched by cheaper models," Baloo stated, referring to the findings from her team's research. She elaborated on the challenges of isolating specific AI capabilities within complex models, noting that while Mythos excels at identifying vulnerabilities, its power is not exclusive. "We are only talking about Mythos's ability to identify vulnerabilities quicker, at greater expense, but that's the very narrow use case."

Open Source AI for Vulnerability Discovery

The core of Baloo's argument centers on the power of open-source AI for vulnerability discovery. She pointed out that the findings from Mythos, which has been used by partners for several weeks, are being replicated by more accessible, open-source models. This is a significant development for the cybersecurity industry.

"What I think is interesting about Mythos is that it's supposed to be the most powerful model yet," Baloo said. "I have to say, like, there is a contention here. I disagree with that because I think one of the things you see is that the vulnerabilities that they disclose are not impossible to find, not with a closer source model like Mythos, but also with small, open-source models."

She further elaborated on the implications: "Using AI to find vulnerabilities is not a unique capability. What I think is interesting about Mythos is that it's supposed to be the most powerful model yet. At Aisle, we've been doing that since August 2025. We found all the vulnerabilities and at Aisle, we've been finding those vulnerabilities in something that's been a very hard code base, like open SSL. We've been finding those vulnerabilities."

Baloo stressed that the ability to find vulnerabilities with AI is not exclusive to large, proprietary models. "The reason to make it open source is that it is something that I believe that we should always do because defenders, globally, are now worried about who else can build this."

The Importance of Open Access for AI Cyber Tools

Baloo advocated for open-source access to AI tools for cybersecurity. She argued that as attackers increasingly leverage AI, defenders need similar access to stay ahead. "If we've already proven previously, you can do this with open source, that is something that we need to democratize because defenders need to be able to find their own issues to fix them proactively versus having someone else figure out how to do it."

She contrasted the approach of proprietary model developers with the broader need for accessibility: "So without making it open source, we're actually giving the defenders at a disadvantage. The real issue is, how can you get defenders up to scale globally? And level playing field in order to defend their stuff? So, open-source maintainers need to be able to find their own vulnerabilities in order to fix them."

Baloo cited the example of a recent incident involving the Mexican government, where AI was reportedly used to compromise government systems. "We've seen the consequences of cyberattacks for important corporate networks, healthcare systems, energy infrastructure, transport hubs, and the information security of government agencies across the world. On the global stage, state-sponsored attacks from actors like China, Iran, North Korea, and Russia have threatened to compromise the infrastructure that underpins both civilian life and military readiness. Even smaller-scale attacks, such as those where individual hospitals or schools are targeted, can inflict substantial economic damage, expose sensitive data, and even put lives at risk."

She concluded by emphasizing the critical need for widespread access to AI-driven cybersecurity tools: "The building blocks of the internet are democratized. They are in the hands of everyone. So, it's not about the model. It's about the system and everything you build around it. Because what we see is that this capability is quite jagged. So it's not good at everything equally. It's good at some things, like you pointed out, but it's not good at everything. But given enough open-source model, you can highly paralyze all of this stuff. So instead of relying on one exceptionally intelligent model, you can take this kind of raw intelligence capability and farm it across many models and then actually find bugs that Mythos has missed."

The Future of AI in Cybersecurity

Baloo's insights point to a future where AI in cybersecurity is more about accessibility and broad application rather than exclusive access to the most powerful models. The trend towards open-source AI solutions promises to level the playing field, empowering more defenders to proactively identify and address security vulnerabilities, ultimately enhancing global cybersecurity resilience.

"We can actually find bugs that Mythos has missed," Baloo stated. "And, you know, doing this for free means that there is a degree of asymmetry right now that is being held by Anthropic, but an open-source model, like GPT-5.4, or any of these other models, they can actually find the same things. So it's not about the model, it's about the system and everything you build around it."