The attack surface is not unknown. It’s in the defaults that your team inherited three years ago and never checked.
The uncomfortable truth about Mythos class AI as an attack tool is that it does not require sophisticated targeting. All you need is the default.
At Reco, we spend a lot of time within the company’s third-party boundaries. What we consistently see is that the riskiest configurations are rarely the result of negligence. These are the result of apps that have been deployed, connected, and moved in the past, using settings that were never revisited because there was no reason to revisit them until something broke.
The Mythos class AI systematically detects these defaults. Here are five of the most common problems we see in real-world enterprise environments and how to prevent them.
1. Salesforce Site with Guest User Access
Salesforce sites and Experience Cloud pages are often launched as lightweight public portals, such as partner logins and customer-facing forms. When Lightning features and search are enabled for unauthenticated users, what was a “public page” becomes a data discovery path. Guest access is one of the fastest routes from outside to inside.
What to check: Audit guest user functionality across all Salesforce sites. Disable Lightning features and search for unauthenticated profiles. Check the sharing rules for objects or fields that guest users can access.
2. Legacy authentication is still allowed on M365
Every company is investing in MFA. Many of these investments have holes. Traditional authentication protocols bypass Conditional Access completely. Password spray attacks and basic authentication attacks do not need to affect MFA policies because legacy authentication does not go through them. If your Conditional Access policy does not explicitly block legacy authentication for all users and all applications, it opens an attack path.
What to check: Review the Conditional Access policy for the classic Authentication Block rule for all users. Don’t assume complete coverage. Check which user populations and app registrations are excluded.
3. Snowflake with open network policy
Your data warehouse likely stores more sensitive information than any other system in your environment. A surprising number of Snowflake deployments have network policies that allow connections from any IP (0.0.0.0/0, or its IPv6 equivalent). Broad network access means anyone with valid credentials can connect from anywhere in the world.
What to check: Review your Snowflake network policies. Lock to your corporate IP range or VPN. Check which users have ACCOUNTADMIN set as their default role. Maximum privilege as the default means maximum scope for compromise.
4. SSO is connected but not enforced
Apps that support but don’t require an identity provider allow users (and automated agents) to log in directly with their username and password. That means no MFA. There is no conditional access. There is no session control.
“SSO Enabled” is different from “SSO Enforced”. Mythos class AI often detects these apps by examining login passes that shouldn’t work and discovers that they do.
What to check: Make sure that all apps in your environment not only have SSO enabled, but also that direct login is blocked. This is especially important for high-value apps that access sensitive data or a wide user base.
5. Unresolved secret scan alerts on GitHub
Many teams enable secret scanning on their GitHub repositories. Few teams have processes in place to reliably resolve these alerts. Credentials in code with open and unacknowledged alerts are exposed just like credentials in code that is never detected. The Mythos class AI doesn’t care whether an alert exists or not.
What to look for: Check the age and volume of open secret scan alerts across your repositories. If alerts are accumulating without being resolved, detection is working, but the response process is not.
Common points
None of these vulnerabilities are new. Rather, these are configurations that exist in most enterprise environments. These gaps must be filled before models that exploit them fall into the hands of attackers.
Reco continuously uncovers these misconfigurations across over 225 third-party apps and agents. Mythos prioritizes alerts by relevance, not volume, so your team can focus on the fixes that matter most.
Download the CISO Handbook: Myths Changed the Rules
Get your posture score — 15 minute assessment
Gal Nakash
Gal is the co-founder and CPO of Reco. Gal is a former lieutenant colonel in the Israeli Prime Minister’s Office. He is a technology enthusiast and has a background as a security researcher and hacker. Gal has expertise in human elements and has led teams in multiple cybersecurity areas.
Technical reviewer:
Gal Nakash
Technical reviewer:
Gal Nakash
Gal is the co-founder and CPO of Reco. Gal is a former lieutenant colonel in the Israeli Prime Minister’s Office. He is a technology enthusiast and has a background as a security researcher and hacker. Gal has expertise in human elements and has led teams in multiple cybersecurity areas.
Source link
