Early Indicators of the AI Accelerated Threat Environment

Anthropic's announcement of Claude Mythos Preview is drawing attention and for good reason. The company says the model is its most capable yet for coding and agentic tasks. It claims that it has already identified thousands of zero-day vulnerabilities. That matters.

This is now the new normal, as new models with increasing capabilities are being released at an accelerated pace. However, the acceleration many associate with a Mythos-class system is already visible in our day-to-day security work. AI-assisted assessments are growing. We find evidence of this in our responsible disclosure program and our internal penetration testing program. These AI-assisted assessments are discovering higher-impact vulnerabilities, and we are making changes at Comcast to prepare for this new normal.

Early Indicators in Our Responsible Disclosure Program

Prior to December 2025, AI mostly helped researchers write code or scripts. It improved parts of the workflow, but the full process still depended heavily on human persistence. AI tools can now plan, execute, self-correct, stay on task for longer periods, work through common blockers such as authentication friction or web application firewalls, and produce a usable report at the end. We have seen recognizable signs of AI-assisted responsible disclosure report submissions - consistent step-by-step reproduction, structured markdown code blocks, formalized section headers, and repeated verification commands with expected outputs. Comcast has also developed methods to identify patterns of AI-enabled activity in logs.

At Comcast, recent data from our responsible disclosure program shows that from September 2025 to March 2026, AI-derived security reports grew from 3.1 percent to 18.9 percent of all reports (see Figure 1). And AI is not just increasing activity. It is changing the mix of what reaches defenders and raising the operational weight of each finding (see Figure 2). The new trend is fewer reported vulnerabilities but with higher severity.

Data from Q1 2026 shows that during the quarter, 13.7 percent of researchers associated with AI-assisted submissions were driving 31.1 percent of rewarded submissions. Those AI-assisted submissions also accounted for 55.5 percent of our total bug bounty spend. In other words, a relatively small share of researchers leveraging AI is already driving a disproportionate share of rewarded output.

^{Figure 1: The Rise of Ai-Assisted Responsible Disclosure Reports}

^{Figure 2: Fewer Accepted Submissions, Higher Severity}

A simple stress test shows the new economics of responsible disclosure programs. Purely as an illustration, if the next frontier models merely doubled current AI-assisted researcher productivity while non-AI volume stayed flat, AI-assisted work would rise from 31.1 percent of rewarded submissions (as noted above) to 47.4 percent, and from 55.5 percent of payout dollars (as noted above) to 71.3 percent. If that productivity increased by 10x, AI-assisted work would represent 81.9 percent of rewarded submissions and 92.5 percent of payout dollars.

The new economies of responsible disclosure payouts mean that we must re-negotiate our responsible disclosure contracts with our vendors to shift from proof-of-vulnerability to proof-of-exploitation, raising the bar for what counts as a real finding. For our own program, we must start assuming that most submissions are AI-assisted and must require proof-of-exploitation artifacts (working PoC, payloads, session capture) before payout.

Related Stories

Early Indicators in our Pen Testing Program

We have started to use AI-assisted penetration testing in our internal pen test program. This has resulted in more effective testing of not just first-party code, but of third-party sub-systems. As a result, our pen testers are now finding more zero-day vulnerabilities in third-party subsystems, and we are now responsibly disclosing vulnerabilities to third parties. The rate of zero-day discoveries has grown, with two being found in March 2026, the highest discovery rate in our history, as described in a recent vulnerability finding our teams made.

Both early indicators - our own pen tests and our responsible disclosure program - show that the use of AI-assisted security testing is increasing and finding more high impact vulnerabilities. This in turn impacts our defensive approach.

A New Approach to Defensive Workflow

The defensive workflow must change with this new normal. The answer is not simply adding more analysts to the existing workflow. It requires redesigning the workflow itself in three distinct ways.

1. Defenders need continuous visibility into the attack surface, especially in environments where new assets can appear quickly, and simple mistakes can create severe exposure.

2. Teams need automated validation so they can move from suspicion to evidence-backed action faster, rather than spending valuable time reproducing straightforward findings.

3. Defenders need better intelligence fusion so ownership, application context, and historical data can be pulled together quickly enough to support real decision-making.

That is the logic behind the capabilities we are building at Comcast. One internal effort is focused on proactive attack surface monitoring, near-real-time subdomain discovery, automated secret detection, and fast alerting. Another automates the path from reconnaissance through scanning, exploitation, and verification so findings arrive with evidence, not just suspicion. A third acts as a vulnerability intelligence assistant, helping teams pull fragmented data together in plain language so they can move faster from intake to triage to remediation. This recently released assistant has already scaled to 50+ active users and saved 1000+ engineering hours in less than a month.

There are encouraging signs that this approach is working. In Q1 2026, we triaged more critical findings than in any previous quarter with the same workforce. That is an important signal. In a faster threat environment, success will not come from "doing things the old way but just a little harder." It will come from building a defensive operating model that is designed for continuous discovery, automated validation, unified intelligence, and faster decision cycles from the start.