Netskope outlines how Mythos and Project Glasswing differ from agent risk

Anthropic’s Mythos and Project Glasswing aim to harden upstream software, but the blog argues that enterprise risk increasingly comes from agent-driven data and identity flows that patches to code cannot address. For IT and security leaders, this reframes governance from static control points to real-time policy enforcement.

Research Overview

The post ties Anthropic’s Mythos and Project Glasswing to upstream software hardening, including operating systems, browsers, and critical open-source libraries. It also grounds its enterprise observations in Netskope Threat Labs analysis of generative AI application usage and governance practices.

It states that the enterprise security focus extends beyond vulnerabilities in software code. The blog describes governance as a real-time problem connected to agent behavior, user identity, and where AI requests send and receive data.

Key Findings

Netskope Threat Labs analysis in the post reports that roughly one in four enterprises have no zero policies restricting AI data flow, and that the median organization runs 60 distinct AI apps. It also says power users run more than 500 AI applications.

The blog claims that for each gigabyte uploaded to AI tools, users download 4.3 gigabytes back. It further states that 80% of generative AI apps it scores rate poorly for enterprise security on its Cloud Confidence Index.

Technical Breakdown

The post describes a scenario where an employee installs an AI-powered assistant that summarizes email, prioritizes calendars, and drafts CRM updates. It says the assistant connects to enterprise systems through the Model Context Protocol (MCP), with authorization by the user.

According to the blog, each request authenticates as the user and API calls land in sanctioned destinations, which it presents as a reason endpoint, OS, or browser patching may not stop the issue. It characterizes the exposure as an identity-and-data problem carried over authenticated traffic to approved destinations.

Operational Impact

The blog argues that the practical defense problem grows as agentic AI executes multi-step tasks via APIs without direct human intervention per action. It states that it flagged MCP directly as an emerging concern and frames agent deployment inside the enterprise as an operational governance issue.

For CIOs, the post counters a “block AI outright” approach, describing an alternative of using guardrails for adoption. It also asserts that security and networking architectures are moving toward setting policy once and governing identity, data, and traffic as one fabric.

Conclusion

The blog concludes that upstream software hardening is part of the response but says there is no patch for agent execution inside the enterprise using employee identity and data. It emphasizes real-time control in the network and transaction layer before models or agents operate, and states that this “Blog Signals brief” is a fact-based summary of the vendor blog.