TLDR:
> yes mythos is a big chungus amazing model
> no you don't need mythos to compromise some of the worlds largest organisations with complex bug-chains
> stop worrying about who has the cyber infinity stones
> start worrying about the homeless dude using open-weight models to exfil 200gbs from your "SOC2 certified" corporate network
Nine out of ten of the most significant, most damaging, most widely covered cyber attacks of the last two years required no zero day vulnerabilities.
They required a compromised maintainer account, a credential harvested by an infostealer, a Citrix portal without MFA, a developer targeted with a convincing social engineering campaign, a known CVE that an organisation never got around to patching, a database left exposed because nobody checked.
These are not obscure attack classes. They are the same classes that have dominated breach data for a decade, and they are the classes that AI-powered attack capability - including the AI our own agents use - makes dramatically more exploitable at scale.