What is Mythos in the context of AI cybersecurity?

Mythos is an AI-powered cybersecurity platform that uses large language models, graph-based reasoning, and probabilistic attack graph construction to automate threat hunting and incident response. It maps observed security telemetry to the MITRE ATT&CK framework, enabling SOC teams to detect advanced persistent threats and lateral movement techniques that traditional signature-based systems miss.

How does AI improve threat detection over traditional methods?

Traditional security tools rely on known signatures and predefined rules, making them blind to novel attack techniques. AI models learn behavioural baselines from historical telemetry, detect statistical anomalies without prior definitions, and correlate weak signals across multiple data sources that would be invisible to human analysts. This shifts detection from 'what we know is bad' to 'what looks unusual in context.'

Can AI cybersecurity systems be attacked themselves?

Yes. Adversarial machine learning research has demonstrated that AI-based intrusion detection systems can be evaded through carefully crafted inputs — adversarial packets, model poisoning via training data manipulation, and model extraction attacks that steal proprietary detection logic. Hardening security AI against these threats is an active research area, with techniques including adversarial training, ensemble diversification, and differential privacy.

What are the ethical concerns with AI in cybersecurity?

Key concerns include the potential for mass surveillance when behavioural baselines profile employee activity, biased detection models that disproportionately flag certain user groups, false positives that trigger automated containment disrupting legitimate business operations, and the offensive use of AI for automated vulnerability discovery and exploit generation. Regulatory frameworks are beginning to address AI governance in security, but the field largely operates without binding standards.

Home › Research › Cybersecurity

AI in Cybersecurity Research

AI-driven threat detection, autonomous incident response, adversarial robustness, and the Mythos platform

Overview

The cybersecurity landscape has undergone a structural shift. Attack surfaces have expanded with cloud migration, remote work infrastructure, and the proliferation of IoT devices, while the volume and sophistication of threats have outpaced the capacity of human-led security operations. Artificial intelligence is now central to how organisations detect, respond to, and recover from cyber incidents — from automated threat hunting and anomaly detection to autonomous containment and digital forensics.

This research domain tracks peer-reviewed publications, industry evaluations, and real-world deployments of AI in cybersecurity. Coverage includes the Mythos platform — an AI-powered threat hunting system that applies graph-based reasoning and large language models to enterprise security telemetry — alongside the broader field of adversarial machine learning, LLM-assisted vulnerability discovery, deepfake forensics, and zero-trust architecture integration.

Each curated entry links to primary sources, discloses funding and evaluation methodology, and distinguishes between controlled benchmark results and production deployment outcomes.

Key Breakthroughs

Mythos: AI-Powered Threat Hunting at Scale

Mythos is an AI-driven cybersecurity platform that applies large language models and graph-based reasoning to automate threat hunting across enterprise networks. Developed by security researchers to address the growing gap between alert volume and analyst capacity, Mythos ingests telemetry from SIEMs, EDR agents, and network flow logs, then constructs probabilistic attack graphs that map observed indicators to known adversary tactics in the MITRE ATT&CK framework. Early deployments across financial sector SOC teams reported a 62 percent reduction in mean time-to-detection for lateral movement techniques and a 40 percent decrease in false-positive escalation rates compared with signature-based rule engines.

Adversarial Machine Learning and Evasion Attacks

Research published in IEEE Symposium on Security and Privacy demonstrated that adversarially crafted network packets can evade AI-based intrusion detection systems with a 97 percent success rate when the underlying model has not been hardened against gradient-based perturbation attacks. The study evaluated seven commercial NDR (Network Detection and Response) platforms and found that only two incorporated adversarial training in their model pipelines. This work has catalysed a new subfield — adversarial robustness for security ML — with subsequent papers proposing detection-agnostic defences including feature squeezing, ensemble diversification, and certified defences via randomized smoothing.

LLM-Assisted Vulnerability Discovery in Source Code

A team at UC Berkeley demonstrated that fine-tuned code language models can identify previously unknown vulnerabilities in open-source C and C++ projects with a 23 percent higher true-positive rate than commercial static analysis tools like Coverity and CodeQL. The model, trained on the CVE database and annotated commit histories, flags suspicious patterns — unchecked buffer operations, integer overflow paths, and use-after-free chains — with contextual explanations that reference specific CWE categories. Three zero-day vulnerabilities identified by the system were subsequently confirmed and patched in the Linux kernel and OpenSSL.

Autonomous Incident Response with Reinforcement Learning

Researchers at MIT Lincoln Labs developed an autonomous incident response agent trained via deep reinforcement learning in simulated enterprise environments. The agent learns containment policies — network segmentation, host isolation, credential rotation — that minimise blast radius while preserving business-critical connectivity. In red-team exercises against 200-node simulated networks, the RL agent contained lateral movement within an average of 4.2 minutes compared with 38 minutes for human-led response, while maintaining 96 percent service availability.

Deepfake Detection and Synthetic Media Forensics

The EU-funded Mythos Media Integrity project produced a multi-modal deepfake detection ensemble achieving 94.7 percent accuracy on the FaceForensics++ benchmark and 88.3 percent on in-the-wild social media samples. The system combines spatial artefact analysis (frequency-domain inconsistencies in GAN-generated faces), temporal coherence modelling (lip-sync drift across video frames), and audio-visual consistency checks. The model has been deployed by two national election commissions to screen political advertising for synthetic manipulation during the 2025 election cycle.

Featured Articles: Mythos Platform

2025-06-18

Mythos Architecture: How Graph-Based Reasoning Transforms Threat Intelligence

A technical deep-dive into Mythos's core inference engine, which constructs real-time attack graphs from heterogeneous security telemetry and correlates them with threat intelligence feeds. The paper details the probabilistic scoring model, the MITRE ATT&CK mapping algorithm, and benchmark results against legacy correlation engines across 14 enterprise deployments.

2025-04-22

Evaluating Mythos in Financial Sector SOCs: A Longitudinal Study

A 12-month study tracking Mythos deployment across three Tier-1 banks, measuring changes in alert triage accuracy, analyst workload, and dwell time. Mean time-to-respond improved by 55 percent and analyst fatigue scores dropped by 34 percent, while false-positive rates declined from 78 percent to 31 percent of total alerts.

2025-03-10

Adversarial Robustness in Mythos: Defending Against Model Evasion

This paper addresses the vulnerability of AI-based threat detectors to adversarial manipulation. The Mythos team proposes a multi-model ensemble with adversarial training, achieving 89 percent detection retention even under gradient-based evasion attacks that defeat single-model systems with 97 percent success.

2025-02-05

Mythos and Zero Trust: AI-Driven Continuous Verification for Enterprise Networks

How Mythos integrates with Zero Trust Network Architecture to provide continuous behavioural verification of users, devices, and workloads. The system builds baseline behavioural profiles and flags anomalous lateral movement, credential misuse, and data exfiltration patterns in real time.