Averlon Joins Anthropic's Cyber Verification Program

Anthropic's Cyber Verification Program grants vetted organizations access to advanced cyber capabilities for specific cyberdefense tasks, with Mythos-class capabilities on the horizon.

Vulnerability discovery and exploitation have never been faster. AI-led tools are finding critical flaws faster than most security teams can absorb them. Mandiant's M-Trends 2026 data puts mean time to exploit at -7 days (that’s negative), meaning exploits now arrive before patches exist. The 2026 Verizon DBIR shows 184 million assets with open KEV exposure at day 28. These numbers are not a detection failure. They present an operational gap in vulnerability management.

That distinction is the foundation of everything Averlon does. It’s the discipline of Remediation Operations, or RemOps: the operational layer between a finding and a completed fix. Today Averlon has joined Anthropic's Cyber Verification Program.

Detection Wasn't the Bottleneck. Mythos Made It Automatic.

Security teams have always struggled with vulnerability management. The security industry kept pace with an expanding attack surface. Finding vulnerabilities, at scale, is no longer the hard part. But everything downstream has been hard. Triaging what actually matters in a specific environment. Prioritizing the right issues. Getting tickets filed, followed up on, and resolved without introducing new problems. It was  hard when the top of the funnel was narrow, when vulnerabilities were discovered and exploited by humans with expertise.

Claude Mythos blew past that constraint when Anthropic announced Project Glasswing. Mythos has clocked over 20,000 new findings within 2 months of launch. And it’s being joined by other frontier models in automating vulnerability discovery and exploitation. The volume of high-severity findings entering security operations is about to increase by an order of magnitude. The operational infrastructure that receives those findings was not built for this.  

We laid this out in our whitepaper, After Mythos: Building Vulnerability Resilience. Average time to remediation in 2025 was 252 days, up from 171 days in 2020, even as mean time to exploit collapsed. The detection-to-remediation gap is not a scanning problem. It is a remediation operations problem.

Where Mythos-Class Discovery Meets RemOps

Anthropic has described the bottleneck in cybersecurity as verifying, disclosing, and patching the large numbers of vulnerabilities that Mythos-class models can surface. The Cyber Verification Program reflects that direction: extending advanced cyber capabilities to organizations doing specific cyberdefense work, with Mythos-class capabilities as the stated next step. Remediation operations is the domain that brings the power of AI to accelerate findings to fixes, driving resilience in the face of a vulnerability onslaught.

Vulnerability resilience is the operating model that replaces patch-first thinking. It starts from the assumption that not everything can be fixed immediately, and that managing exposure across the no-patch window requires runtime controls, environment-specific triage, and a continuous remediation pipeline. That is the model the post-Mythos environment demands.

Context Is Everything

Modern infrastructure compounds every dimension of this problem. Infrastructure evolves frequently. Blast radius is not static. Attack chains traverse Kubernetes nodes, container registries, CI/CD pipelines, and cloud identities in sequence. A vulnerability that looks low-severity in isolation may sit on a trusted pathway to a critical workload. Context determines whether a finding is urgent, and context changes constantly as environments evolve.

Averlon’s RemOps platform maps the real attack surface of customer environments, calculates the blast radius of each finding by computing the potential attack chains that can be constructed from a finding, and produces remediation steps that are breaking-change-aware and environment-specific to break the attack chains. Not a generic patch suggestion, but a fix that can move from finding to ticket to merged PR. 

Averlon applies CVP's advanced cyber capabilities to sharpen what matters most at the front of the pipeline: earlier identification of high-blast-radius exposure, more precise triage against real attack chains, and proactive risk assessment before changes reach production through Precog, Averlon's shift-left CI capability. As Mythos-class capabilities become available through CVP, that advantage deepens further.

Fixing Is the New Finding

Mythos-class discovery at scale changes the equation. The volume of findings is no longer the constraint. The capability to verify, triage, and close them is. As that discovery capability spreads across the industry, the organizations that can close the gap between a finding and a completed, verified remediation are the ones operating from a position of resilience. Closing that gap is what Averlon does.