{"id":108259,"date":"2026-04-13T22:52:30","date_gmt":"2026-04-13T20:52:30","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=108259"},"modified":"2026-04-19T08:26:34","modified_gmt":"2026-04-19T06:26:34","slug":"checkmarx-application-security-guide-to-mythos","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","title":{"rendered":"Checkmarx Application Security Guide to Claude Mythos"},"content":{"rendered":"<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-1\"><strong>Introduction<\/strong><\/h2>\n\n\n\n<p>On April&nbsp;7, 2026,&nbsp;Anthropic revealed its new AI Model named \u201cMythos\u201d&nbsp;(currently&nbsp;in private mode)&nbsp;that aims to secure software in the AI&nbsp;era.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Anthropic claims that&nbsp;AI has reached a turning point in cybersecurity. With the&nbsp;expected&nbsp;release of Mythos,&nbsp;AI models are&nbsp;poised to be&nbsp;capable of&nbsp;identifying&nbsp;and exploiting software vulnerabilities at a level that rivals and, in many cases, surpasses top human experts. Mythos has already uncovered thousands&nbsp;of&nbsp;high-severity vulnerabilities across major operating systems and browsers,&nbsp;signaling&nbsp;rapid&nbsp;acceleration in both capability and risk.&nbsp;&nbsp;<\/p>\n\n\n\n<p>Quickly in the wake of the Mythos announcement,&nbsp;Anthropic&nbsp;launched a&nbsp;coalition,&nbsp;named&nbsp;Project<strong>&nbsp;<\/strong>\u201c<a href=\"https:\/\/www.anthropic.com\/glasswing\" target=\"_blank\" rel=\"noreferrer noopener\">Glasswing<\/a>\u201d&nbsp;after&nbsp;the clear-winged,&nbsp;tropical&nbsp;butterfly. The project, which includes over 40 major technology organizations such as Apple, Google, Microsoft, and Nvidia, is critical to redirecting this&nbsp;vast new LLM&nbsp;power toward defense rather than exploitation.&nbsp;<\/p>\n\n\n\n<p>A recent&nbsp;<a href=\"https:\/\/red.anthropic.com\/2026\/mythos-preview\/\" target=\"_blank\" rel=\"noreferrer noopener\">example<\/a>&nbsp;shared by Anthropic highlights the leap in capability: while the Opus 4.6 model was able to generate a working JavaScript shell exploit for a Firefox 147 vulnerability only&nbsp;two&nbsp;times out of hundreds of attempts, Mythos achieved a dramatically higher success rate, producing a working exploit in 181&nbsp;cases.&nbsp;That\u2019s&nbsp;not a marginal&nbsp;gain;&nbsp;it\u2019s&nbsp;a fundamentally different level of capability.&nbsp;<\/p>\n\n\n\n<style>\n  .cx-wrap{font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;background:#FCF9FE;border-radius:12px;border:2px solid #6B34FD;padding:clamp(18px,4vw,40px) clamp(14px,4vw,44px) clamp(16px,3vw,32px);max-width:860px;margin:0 auto;box-sizing:border-box;width:100%}\n  .cx-title{font-size:clamp(16px,3.5vw,26px);font-weight:900;color:#140921;text-align:center;letter-spacing:-0.4px;line-height:1.2;margin-bottom:16px}\n  .cx-legend{display:flex;flex-wrap:wrap;gap:6px 14px;justify-content:center;margin-bottom:18px}\n  .cx-legend-item{display:flex;align-items:flex-start;gap:6px;font-size:clamp(10px,2.2vw,12px);color:#444;line-height:1.4;max-width:100%}\n  .cx-legend-dot{width:10px;height:10px;min-width:10px;border-radius:2px;margin-top:2px;flex-shrink:0}\n  .cx-chart-wrap{position:relative;width:100%;height:clamp(200px,45vw,340px);box-sizing:border-box}\n  .cx-footer-note{margin-top:14px;font-size:clamp(10px,2.2vw,11px);color:#777;line-height:1.55;text-align:left}\n<\/style>\n \n<div class=\"cx-wrap\" id=\"cx-exploit-wrap\">\n  <h2 class=\"cx-title article-anchor\" id=\"article-anchor-2\">Firefox JS shell exploitation<\/h2>\n  <div class=\"cx-legend\">\n    <div class=\"cx-legend-item\">\n<div class=\"cx-legend-dot\" style=\"background:#F25929\"><\/div>\n<span>Percentage of trials model generated a successful exploit<\/span>\n<\/div>\n    <div class=\"cx-legend-item\">\n<div class=\"cx-legend-dot\" style=\"background:#A822BF\"><\/div>\n<span>Percentage of trials model achieved register control (but could not exploit)<\/span>\n<\/div>\n    <div class=\"cx-legend-item\">\n<div class=\"cx-legend-dot\" style=\"background:#6B34FD\"><\/div>\n<span>Did not succeed<\/span>\n<\/div>\n  <\/div>\n  <div class=\"cx-chart-wrap\" id=\"cx-exploit-canvas-wrap\">\n    <canvas id=\"cxExploitCanvas\"><\/canvas>\n  <\/div>\n  <div class=\"cx-footer-note\">In a previous blog, we noted that Opus 4.6 was able to successfully generate exploits for crashes it found in Firefox in two separate trials out of many, which was a success rate of less than 1%. We plot this success rate next to Claude Mythos Preview, which succeeds at creating a working exploit nearly 100 times more often.<\/div>\n<\/div>\n\n\n\n<p><\/p>\n\n\n\n<p>In this article, we will provide a useful guide to allow you to better understand the&nbsp;announcement, what it means for&nbsp;application security leaders as well as&nbsp;some recommendations&nbsp;that&nbsp;you can learn from&nbsp;as you are moving forward&nbsp;with&nbsp;your AI journey.<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-2\"><strong>Why did Anthropic Make&nbsp;this Announcement?&nbsp;And,&nbsp;Why Now?<\/strong><\/h2>\n\n\n\n<p>For years, many software vulnerabilities have gone undetected because&nbsp;identifying&nbsp;and exploiting them requires highly specialized&nbsp;expertise. With the rise of advanced AI models, the&nbsp;barriers due to&nbsp;cost, effort, and skill have dropped&nbsp;dramatically,&nbsp;making both discovery and exploitation&nbsp;accessible,&nbsp;fast,&nbsp;and&nbsp;scalable. As you can see in&nbsp;Checkmarx\u2019s&nbsp;own research&nbsp;below, the time to exploit a security vulnerability decreases&nbsp;dramatically&nbsp;with the power and adoption of AI.&nbsp;<\/p>\n\n\n\n<p>Vulnerabilities that took weeks, months,&nbsp;or&nbsp;even years to exploit&nbsp;until&nbsp;recently, can now be weaponized in a matter of minutes.&nbsp;This&nbsp;defines&nbsp;an entirely&nbsp;new&nbsp;reality&nbsp;for application security,&nbsp;and it&nbsp;needs to be top&nbsp;priority&nbsp;for any head of&nbsp;security,&nbsp;head of&nbsp;engineering, and the entire executive team.&nbsp;&nbsp;<\/p>\n\n\n\n<style>\n  .cx-wrap2{font-family:'Helvetica Neue',Helvetica,Arial,sans-serif;background:#FCF9FE;border-radius:12px;border:2px solid #6B34FD;padding:clamp(18px,4vw,40px) clamp(14px,4vw,44px) clamp(16px,3vw,32px);max-width:860px;margin:0 auto;box-sizing:border-box;width:100%}\n  .cx-title2{font-size:clamp(16px,3.5vw,28px);font-weight:900;color:#140921;text-align:center;letter-spacing:-0.5px;line-height:1.15;margin-bottom:8px}\n  .cx-sub2{font-size:clamp(12px,2.8vw,15px);font-weight:600;color:#6B34FD;text-align:center;margin-bottom:24px}\n  .cx-body2{display:grid;grid-template-columns:minmax(0,3fr) minmax(0,2fr);gap:20px;align-items:start}\n  .cx-body2.stacked{grid-template-columns:1fr}\n  .cx-chart-wrap2{position:relative;width:100%;height:clamp(180px,40vw,268px);box-sizing:border-box}\n  .cx-body2.stacked .cx-chart-wrap2{height:clamp(180px,55vw,240px)}\n  .cx-chart-label2{font-size:clamp(9px,2vw,11px);font-weight:700;color:#140921;letter-spacing:0.8px;text-transform:uppercase;margin-bottom:8px}\n  .cx-panel2{background:#140921;border-radius:10px;padding:clamp(14px,3vw,22px);color:#FCF9FE}\n  .cx-panel-header2{display:flex;align-items:center;gap:10px;margin-bottom:12px}\n  .cx-panel-icon2{width:32px;height:32px;min-width:32px;background:#6B34FD;border-radius:7px;display:flex;align-items:center;justify-content:center}\n  .cx-panel-title2{font-size:clamp(13px,2.8vw,15px);font-weight:900;color:#FCF9FE;letter-spacing:-0.2px;line-height:1.2}\n  .cx-bullets2{list-style:none!important;padding:0!important;margin:0!important;display:flex;flex-direction:column;gap:10px}\n  .cx-bullets2 li{font-size:clamp(11px,2.5vw,13px);color:rgba(252,249,254,0.8);line-height:1.55;padding-left:14px!important;position:relative}\n  .cx-bullets2 li::before{content:''!important;position:absolute!important;left:0!important;top:6px!important;width:5px!important;height:5px!important;border-radius:50%!important;background:#F25929!important;border:none!important;box-shadow:none!important;display:block!important}\n  .cx-bullets2 li::after{display:none!important;content:none!important}\n  .cx-bullets2 strong{color:#FCF9FE;font-weight:700}\n  .cx-footer2{margin-top:20px;background:#140921;border-radius:10px;padding:clamp(12px,3vw,15px) clamp(14px,3vw,22px);text-align:center}\n  .cx-footer-text2{font-size:clamp(12px,2.8vw,14px);color:#FCF9FE;line-height:1.5}\n  .cx-footer-text2 strong{color:#F25929;font-size:clamp(15px,3.5vw,18px);font-weight:900}\n  .cx-footer-cite2{font-size:clamp(10px,2vw,11px);color:rgba(252,249,254,0.45);margin-top:5px;font-style:italic}\n<\/style>\n \n<div class=\"cx-wrap2\" id=\"cx-vuln-wrap\">\n  <h2 class=\"cx-title2 article-anchor\" id=\"article-anchor-4\">AI Speeds Weaponization of Vulnerabilities<\/h2>\n  <p class=\"cx-sub2\">Teams must now rush to investigate and determine which threats are most critical.<\/p>\n  <div class=\"cx-body2\" id=\"cx-vuln-body\">\n    <div>\n      <div class=\"cx-chart-label2\">From Vulnerability to Exploitation<\/div>\n      <div class=\"cx-chart-wrap2\" id=\"cx-vuln-canvas-wrap\">\n        <canvas id=\"cxVulnCanvas\"><\/canvas>\n      <\/div>\n    <\/div>\n    <div>\n      <div class=\"cx-panel2\">\n        <div class=\"cx-panel-header2\">\n          <div class=\"cx-panel-icon2\">\n            <svg width=\"18\" height=\"18\" viewbox=\"0 0 20 20\" fill=\"none\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n              <circle cx=\"10\" cy=\"10\" r=\"8\" stroke=\"#FCF9FE\" stroke-width=\"1.7\"><\/circle>\n              <path d=\"M10 6v5M10 14v.5\" stroke=\"#FCF9FE\" stroke-width=\"1.9\" stroke-linecap=\"round\"><\/path>\n            <\/svg>\n          <\/div>\n          <div class=\"cx-panel-title2\">No More Grace Period<\/div>\n        <\/div>\n        <ul class=\"cx-bullets2\">\n          <li>The time between vulnerability disclosure and weaponization has essentially been <strong>eliminated<\/strong>.<\/li>\n          <li>LLMs have been observed generating working CVE exploits in just <strong>10\u201315 minutes<\/strong> at approximately $1 per exploit.<\/li>\n          <li>By 2028 it&#8217;s projected to drop within <strong>1 minute<\/strong>.<\/li>\n        <\/ul>\n      <\/div>\n    <\/div>\n  <\/div>\n  <div class=\"cx-footer2\">\n    <div class=\"cx-footer-text2\">\n<strong>81%<\/strong> of organizations admit to knowingly release software with code they know is vulnerable<\/div>\n    <div class=\"cx-footer-cite2\">\u2014 Checkmarx, &#8220;Future of Application Security&#8221; Report<\/div>\n  <\/div>\n<\/div>\n \n<script src=\"https:\/\/cdnjs.cloudflare.com\/ajax\/libs\/Chart.js\/4.4.1\/chart.umd.js\"><\/script>\n<script>\n(function () {\n  var FG = \"'Helvetica Neue',Helvetica,Arial,sans-serif\";\n  var BREAKPOINT = 540;\n  var exploitInst = null;\n  var vulnInst = null;\n  var exploitTimer = null;\n  var vulnTimer = null;\n \n  \/* \u2500\u2500 CHART 1: rebuild exploit bar chart \u2500\u2500 *\/\n  function rebuildExploit() {\n    var wrap = document.getElementById('cx-exploit-canvas-wrap');\n    if (!wrap) return;\n    var w = wrap.offsetWidth || 400;\n    var small = w < 400;\n \n    if (exploitInst) { exploitInst.destroy(); exploitInst = null; }\n    wrap.innerHTML = '';\n    var c = document.createElement('canvas');\n    wrap.appendChild(c);\n \n    exploitInst = new Chart(c, {\n      type: 'bar',\n      data: {\n        labels: ['Sonnet 4.6', 'Opus 4.6', 'Mythos Preview'],\n        datasets: [\n          { label: 'Successful exploit',    data: [4.4, 14.4, 72.4], backgroundColor: '#F25929', borderRadius: 0, borderSkipped: false },\n          { label: 'Register control only', data: [0,   0,    11.6], backgroundColor: '#A822BF', borderRadius: 0, borderSkipped: false },\n          { label: 'Did not succeed',       data: [95.6,85.6, 16.0], backgroundColor: '#6B34FD', borderRadius: 0, borderSkipped: false }\n        ]\n      },\n      options: {\n        responsive: true, maintainAspectRatio: false, animation: false,\n        plugins: {\n          legend: { display: false },\n          tooltip: {\n            callbacks: { label: function (ctx) { return ' ' + ctx.dataset.label + ': ' + ctx.parsed.y + '%'; } },\n            backgroundColor: '#140921', titleColor: '#FCF9FE', bodyColor: '#FCF9FE', borderColor: '#6B34FD', borderWidth: 1\n          }\n        },\n        scales: {\n          x: {\n            stacked: true,\n            ticks: { color: '#333', font: { size: small ? 10 : 13, weight: '600', family: FG }, maxRotation: 0 },\n            grid: { display: false }, border: { color: '#ccc' }\n          },\n          y: {\n            stacked: true, min: 0, max: 100,\n            ticks: { color: '#888', font: { size: small ? 9 : 11, family: FG }, callback: function (v) { return v + ''; }, stepSize: 25 },\n            grid: { color: 'rgba(0,0,0,0.06)' }, border: { display: false },\n            title: { display: !small, text: 'Trials (%)', color: '#555', font: { size: 12, family: FG }, padding: { bottom: 8 } }\n          }\n        }\n      },\n      plugins: [{\n        afterDatasetsDraw: function (chart) {\n          var ctx = chart.ctx;\n          var sm = chart.chartArea.width < 280;\n          var m0 = chart.getDatasetMeta(0), m1 = chart.getDatasetMeta(1);\n          function lbl(val, bar, fs) {\n            var sh = bar.base - bar.y; if (sh < 14) return;\n            ctx.save(); ctx.fillStyle = '#FCF9FE';\n            ctx.font = 'bold ' + (sm ? fs - 2 : fs) + 'px ' + FG;\n            ctx.textAlign = 'center'; ctx.textBaseline = 'middle';\n            ctx.fillText(val.toFixed(1) + '%', bar.x, bar.y + sh \/ 2); ctx.restore();\n          }\n          chart.data.datasets[0].data.forEach(function (v, i) { if (v > 0) lbl(v, m0.data[i], 13); });\n          chart.data.datasets[1].data.forEach(function (v, i) { if (v > 0) lbl(v, m1.data[i], 12); });\n        }\n      }]\n    });\n  }\n \n  \/* \u2500\u2500 CHART 2: rebuild vuln line chart \u2500\u2500 *\/\n  var vLabels = ['2018','2019','2020','2021','2022','2023','2024','2025','2026'];\n  var vRaw    = [840, 693, 475, 295, 291, 207, 56, 23.2, 1.6];\n  var vDisp   = ['2.3y','1.9y','1.3y','9.8mo','9.7mo','6.9mo','56d','23.2d','1.6d'];\n \n  function rebuildVuln() {\n    var wrap = document.getElementById('cx-vuln-canvas-wrap');\n    if (!wrap) return;\n    var w = wrap.offsetWidth || 400;\n    var small = w < 380;\n \n    if (vulnInst) { vulnInst.destroy(); vulnInst = null; }\n    wrap.innerHTML = '';\n    var c = document.createElement('canvas');\n    wrap.appendChild(c);\n \n    vulnInst = new Chart(c, {\n      type: 'line',\n      data: {\n        labels: vLabels,\n        datasets: [{\n          data: vRaw,\n          borderColor: '#6B34FD', borderWidth: 2,\n          pointBackgroundColor: vLabels.map(function (_,i) { return i === vLabels.length-1 ? '#F25929' : '#6B34FD'; }),\n          pointBorderColor:     vLabels.map(function (_,i) { return i === vLabels.length-1 ? '#F25929' : '#6B34FD'; }),\n          pointRadius:          vLabels.map(function (_,i) { return i === vLabels.length-1 ? 5 : 3; }),\n          tension: 0.35, fill: true, backgroundColor: 'rgba(107,52,253,0.07)'\n        }]\n      },\n      options: {\n        responsive: true, maintainAspectRatio: false, animation: false,\n        layout: { padding: { top: small ? 22 : 26 } },\n        plugins: {\n          legend: { display: false },\n          tooltip: {\n            callbacks: { label: function (ctx) { return ' ' + vDisp[ctx.dataIndex]; } },\n            backgroundColor: '#140921', titleColor: '#FCF9FE', bodyColor: '#FCF9FE', borderColor: '#6B34FD', borderWidth: 1\n          }\n        },\n        scales: {\n          y: {\n            ticks: { color: '#888', font: { size: small ? 9 : 11, family: FG }, callback: function (v) { return v >= 365 ? Math.round(v\/365)+'y' : v >= 30 ? Math.round(v\/30)+'mo' : v+'d'; }, maxTicksLimit: 5 },\n            grid: { color: 'rgba(107,52,253,0.1)' }, border: { dash: [3,3] }\n          },\n          x: {\n            ticks: { color: '#555', font: { size: small ? 8 : 10, family: FG }, autoSkip: false, maxRotation: small ? 45 : 0, minRotation: 0 },\n            grid: { display: false }\n          }\n        }\n      },\n      plugins: [{\n        afterDatasetsDraw: function (chart) {\n          var ctx = chart.ctx, xs = chart.scales.x, ys = chart.scales.y;\n          var sm = chart.chartArea.width < 220;\n          vRaw.forEach(function (val, i) {\n            ctx.save();\n            ctx.fillStyle = i === vRaw.length-1 ? '#F25929' : '#6B34FD';\n            ctx.font = 'bold ' + (sm ? 9 : 11) + 'px ' + FG;\n            ctx.textAlign = 'center';\n            ctx.fillText(vDisp[i], xs.getPixelForValue(i), ys.getPixelForValue(val) - (sm ? 12 : 15));\n            ctx.restore();\n          });\n        }\n      }]\n    });\n  }\n \n  \/* \u2500\u2500 LAYOUT: stack\/unstack vuln body \u2500\u2500 *\/\n  function applyVulnLayout() {\n    var wrapEl = document.getElementById('cx-vuln-wrap');\n    var bodyEl = document.getElementById('cx-vuln-body');\n    if (!wrapEl || !bodyEl) return;\n    if (wrapEl.offsetWidth < BREAKPOINT) { bodyEl.classList.add('stacked'); }\n    else { bodyEl.classList.remove('stacked'); }\n  }\n \n  \/* \u2500\u2500 RESIZE handlers \u2500\u2500 *\/\n  function onResizeExploit() {\n    clearTimeout(exploitTimer);\n    exploitTimer = setTimeout(rebuildExploit, 80);\n  }\n  function onResizeVuln() {\n    clearTimeout(vulnTimer);\n    vulnTimer = setTimeout(function () { applyVulnLayout(); rebuildVuln(); }, 80);\n  }\n \n  function attachResize(elId, handler) {\n    var el = document.getElementById(elId);\n    if (!el) return;\n    if (typeof ResizeObserver !== 'undefined') {\n      new ResizeObserver(handler).observe(el);\n    } else {\n      window.addEventListener('resize', handler);\n    }\n  }\n \n  \/* \u2500\u2500 BOOT \u2500\u2500 *\/\n  function boot() {\n    applyVulnLayout();\n    rebuildExploit();\n    rebuildVuln();\n    attachResize('cx-exploit-wrap', onResizeExploit);\n    attachResize('cx-vuln-wrap', onResizeVuln);\n  }\n \n  \/* Wait for Chart.js \u2014 it's loaded via the <script src> tag just above,\n     so it will always be ready by the time this inline script runs in a\n     normal browser. The window.onload fallback catches any edge cases\n     (e.g. slow connections where the CDN script is still in-flight). *\/\n  if (typeof Chart !== 'undefined') {\n    boot();\n  } else {\n    window.addEventListener('load', function () {\n      if (typeof Chart !== 'undefined') { boot(); }\n    });\n  }\n \n})();\n<\/script>\n\n\n\n<p><\/p>\n\n\n\n<p>According to our&nbsp;annual&nbsp;Future of Application Security&nbsp;<a href=\"https:\/\/checkmarx.com\/report-future-of-appsec-2025\/\" target=\"_blank\" rel=\"noreferrer noopener\">report<\/a>, over 81% of organizations knowingly ship vulnerable code driven by overwhelming noise, uncontextualized backlogs, and limited resources. This is just one of several AI-driven challenges AppSec leaders must now confront. In the next section, we break down the most critical ones.&nbsp;<\/p>\n\n\n\n<p><em>For&nbsp;additional&nbsp;perspective on how&nbsp;security&nbsp;is&nbsp;evolving with advances like Mythos, watch this industry discussion:<\/em>&nbsp;<\/p>\n\n\n\n<iframe width=\"560\" height=\"315\" src=\"https:\/\/www.youtube.com\/embed\/B9AJK5LbEds?si=Lo7Gv5Diwa0bO0Wq\" title=\"YouTube video player\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-3\"><strong>The Challenges of Adopting only AI Model-Based Security Solutions<\/strong><\/h2>\n\n\n\n<p>As organizations accelerate toward AI-native development, the security landscape is shifting just as rapidly, and not always in predictable ways. New AI models are&nbsp;demonstrating&nbsp;an unprecedented ability to uncover vulnerabilities in existing codebases, including long-standing flaws that have gone undetected for years. At the same time, these models are dramatically lowering the barrier to exploitation, enabling faster weaponization of both known and unknown vulnerabilities. This creates a dual challenge: while discovery improves, the volume and velocity of risk increase just as quickly.&nbsp;<\/p>\n\n\n\n<p>With that in mind,&nbsp;here are some of the&nbsp;key security challenges&nbsp;that are&nbsp;emerging&nbsp;in agentic development,&nbsp;that&nbsp;enterprises must acknowledge:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>New models are uncovering large volumes of zero-days in older code.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AI Speeds weaponization of vulnerabilities:&nbsp;Known &amp;&nbsp;unknown.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A great reference to learn from is the recent&nbsp;<a href=\"https:\/\/tomtunguz.com\/the-jagged-frontier-of-ai-security\/\" target=\"_blank\" rel=\"noreferrer noopener\">article<\/a>&nbsp;around the&nbsp;\u201cjagged frontier\u201d&nbsp;of AI security.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>As much as 45% of&nbsp;AI-generated code&nbsp;may be&nbsp;insecure.&nbsp;&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>LLMs&nbsp;are&nbsp;missing&nbsp;vulnerabilities;&nbsp;coverage is incomplete.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Models are trained from&nbsp;different sources, thus producing inconsistent results from one LLM to another.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>AI Models are not comprehensive enough and are lacking context.&nbsp;<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-4\"><strong>Deterministic &amp; Probabilistic AppSec for Known &amp; Unknown Vulnerabilities<\/strong><\/h2>\n\n\n\n<p>As the software landscape evolves into an agentic one and LLMs continue to advance,&nbsp;it\u2019s&nbsp;critical to recognize that AI-driven security analysis alone is not sufficient. Models that generate, and flag issues based on probabilistic reasoning must&nbsp;operate&nbsp;alongside deterministic systems grounded in real-world context, customer environments, true exploitability, policy enforcement, auditability, and full visibility. At enterprise scale, this also means supporting thousands of repositories, distributed teams, and highly interconnected systems.&nbsp;<\/p>\n\n\n\n<p>As highlighted in&nbsp;<em>Tomasz&nbsp;Tunguz\u2019s&nbsp;\u201cJagged Frontier of AI Security\u201d&nbsp;article above<\/em>, AI capabilities are not&nbsp;linear;&nbsp;they are inconsistent and context dependent. While models like Mythos can&nbsp;demonstrate&nbsp;breakthrough performance in discovering and exploiting unknown vulnerabilities, similar outcomes can often be reproduced by smaller models when given the right inputs. At the same time, known vulnerabilities,&nbsp;often buried in backlogs and lacking prioritization,&nbsp;remain a significant and weaponizable risk in the age of AI.&nbsp;<\/p>\n\n\n\n<p>In this uneven reality, some vulnerabilities are identified with high precision, while others are missed entirely. This leads to false confidence, inconsistent outputs, and critical gaps in risk coverage. If detection&nbsp;isn\u2019t&nbsp;consistent, it&nbsp;isn\u2019t&nbsp;trustworthy.&nbsp;<\/p>\n\n\n\n<style>\n  .cx-quote{font-family:'Helvetica Neue',Helvetica,Arial,sans-serif !important;background:#140921 !important;border-radius:14px !important;border-left:5px solid #6B34FD !important;padding:40px 44px 38px !important;max-width:860px !important;margin:32px auto !important;position:relative !important;overflow:hidden !important;box-sizing:border-box !important;width:100% !important;display:block !important}\n  .cx-quote::before{content:'' !important;position:absolute !important;top:0 !important;right:0 !important;width:220px !important;height:220px !important;background:radial-gradient(circle at top right,rgba(107,52,253,.18) 0%,transparent 70%) !important;pointer-events:none !important}\n  .cx-quote::after{content:'\\201C' !important;position:absolute !important;top:-10px !important;right:28px !important;font-size:140px !important;line-height:1 !important;color:rgba(107,52,253,.18) !important;font-family:Georgia,serif !important;pointer-events:none !important}\n  .cx-quote .cx-quote__text{font-family:'Helvetica Neue',Helvetica,Arial,sans-serif !important;font-size:clamp(22px,2.8vw,32px) !important;font-weight:600 !important;color:#FCF9FE !important;line-height:1.55 !important;margin:0 !important;font-style:normal !important;text-decoration:none !important;display:block !important;text-align:center !important}\n<\/style>\n \n<div class=\"cx-quote\">\n  <p class=\"cx-quote__text\">If detection isn&#8217;t consistent, it isn&#8217;t trustworthy.<\/p>\n<\/div>\n\n\n\n<p>This is where a hybrid model becomes essential&nbsp;&#8211;&nbsp;AI&nbsp;with its&nbsp;probabilistic&nbsp;reasoning&nbsp;provides speed and scale, but it must be complemented by a deterministic security layer that&nbsp;validates&nbsp;findings based on context and real exploitability, and this is where&nbsp;we are focused.&nbsp;Brought together,&nbsp;probabilistic&nbsp;and deterministic approaches&nbsp;establish&nbsp;a new standard for agentic application security,&nbsp;one that delivers high-fidelity, actionable results at scale.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-5\"><strong>Making the case for Agentic Triage &amp; Remediation<\/strong><\/h2>\n\n\n\n<p>We\u2019ve&nbsp;established&nbsp;that combining LLM-driven security which uncovers a wide range of unknown vulnerabilities with an already unmanageable backlog of known issues (leaving 81% of organizations exposed) requires a hybrid approach that blends probabilistic and deterministic analysis. But that alone is not enough.&nbsp;<\/p>\n\n\n\n<p>The sheer volume of vulnerabilities now demands agentic triage and remediation. Manual processes cannot keep up; they&nbsp;fail to&nbsp;provide context, prioritize effectively, or resolve risk with confidence at scale.&nbsp;<\/p>\n\n\n\n<p>This is where AI agents become critical. By automatically performing intelligent triage to&nbsp;eliminate&nbsp;noise and prioritize truly exploitable risk, and by driving fast, automated remediation, they bring together reasoning and precision. The result is security that is not only scalable, but truly actionable in an AI-native development environment.&nbsp;<\/p>\n\n\n\n<h2 class=\"wp-block-heading article-anchor\" id=\"article-anchor-6\"><strong>Final Thoughts &amp; Recommendations<\/strong><\/h2>\n\n\n\n<p>The&nbsp;Mythos&nbsp;announcement and the formation of Project&nbsp;Glasswing&nbsp;mark a major milestone in AI-driven security, but they are not, and cannot be, a standalone solution. As outlined above, AI models both amplify existing risks and expose new ones, creating challenges that require a broader, more integrated approach.&nbsp;<\/p>\n\n\n\n<p>To build a truly enterprise-grade, trustworthy AI security program, we recommend the following steps:&nbsp;<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Hybrid AppSec Model<\/strong>&nbsp;<br>Combine deterministic precision with probabilistic AI to cover both known and unknown risk.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Agentic Triage &amp; Remediation<\/strong>&nbsp;<br>Leverage AI agents to scale context-aware triage and accelerate remediation.&nbsp;<\/li>\n<\/ul>\n\n\n\n<ul class=\"wp-block-list\">\n<li>\n<strong>Shift Left to the Source<\/strong>&nbsp;<br>Identify and fix AI-generated vulnerabilities at code&nbsp;creation, before&nbsp;they reach production.&nbsp;<\/li>\n<\/ul>\n\n\n\n<p>Learn more about Checkmarx\u2019s agentic agents: <a href=\"https:\/\/checkmarx.com\/product\/developer-assist\/\">Developer Assist <\/a>and <a href=\"https:\/\/checkmarx.com\/product\/triage-and-remediation\/\">Triage and Remediation Assist<\/a>.<\/p>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create. Securing them requires agentic AppSec that combines deterministic precision with probabilistic intelligence, delivering full AI visibility and high-fidelity, low-noise results.<\/p>\n","protected":false},"author":146,"featured_media":108273,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1284,84],"tags":[1272,1517,15],"class_list":["post-108259","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ai-llm-tools-in-application-security","category-blog","tag-agentic-ai","tag-claude-mythos","tag-security"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Checkmarx Application Security Guide to Claude Mythos<\/title>\n<meta name=\"description\" content=\"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Checkmarx Application Security Guide to Claude Mythos\" \/>\n<meta property=\"og:description\" content=\"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2026-04-13T20:52:30+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-04-19T06:26:34+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"2000\" \/>\n\t<meta property=\"og:image:height\" content=\"1000\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Jonathan Rende\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jonathan Rende\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"8 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\"},\"author\":{\"name\":\"Jonathan Rende\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3bc63fc73f8171237cb6abba15df4536\"},\"headline\":\"Checkmarx Application Security Guide to Claude Mythos\",\"datePublished\":\"2026-04-13T20:52:30+00:00\",\"dateModified\":\"2026-04-19T06:26:34+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\"},\"wordCount\":1521,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\",\"keywords\":[\"Agentic AI\",\"Claude Mythos\",\"security\"],\"articleSection\":[\"AI &amp; LLM Tools in Application Security\",\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\",\"name\":\"Checkmarx Application Security Guide to Claude Mythos\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\",\"datePublished\":\"2026-04-13T20:52:30+00:00\",\"dateModified\":\"2026-04-19T06:26:34+00:00\",\"description\":\"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp\",\"width\":2000,\"height\":1000},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/3bc63fc73f8171237cb6abba15df4536\",\"name\":\"Jonathan Rende\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/download-150x150.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/download-150x150.jpg\",\"caption\":\"Jonathan Rende\"},\"url\":\"https:\/\/checkmarx.com\/author\/jonathan-rende\/\"}]}<\/script>\n<meta property=\"og:video\" content=\"https:\/\/www.youtube.com\/embed\/B9AJK5LbEds\" \/>\n<meta property=\"og:video:type\" content=\"text\/html\" \/>\n<meta property=\"og:video:duration\" content=\"860\" \/>\n<meta property=\"og:video:width\" content=\"480\" \/>\n<meta property=\"og:video:height\" content=\"270\" \/>\n<meta property=\"ya:ovs:adult\" content=\"false\" \/>\n<meta property=\"ya:ovs:upload_date\" content=\"2026-04-13T20:52:30+00:00\" \/>\n<meta property=\"ya:ovs:allow_embed\" content=\"true\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Checkmarx Application Security Guide to Claude Mythos","description":"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","og_locale":"en_US","og_type":"article","og_title":"Checkmarx Application Security Guide to Claude Mythos","og_description":"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.","og_url":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2026-04-13T20:52:30+00:00","article_modified_time":"2026-04-19T06:26:34+00:00","og_image":[{"width":2000,"height":1000,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","type":"image\/webp"}],"author":"Jonathan Rende","twitter_card":"summary_large_image","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Jonathan Rende","Est. reading time":"8 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/"},"author":{"name":"Jonathan Rende","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3bc63fc73f8171237cb6abba15df4536"},"headline":"Checkmarx Application Security Guide to Claude Mythos","datePublished":"2026-04-13T20:52:30+00:00","dateModified":"2026-04-19T06:26:34+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/"},"wordCount":1521,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","keywords":["Agentic AI","Claude Mythos","security"],"articleSection":["AI &amp; LLM Tools in Application Security","Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","url":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/","name":"Checkmarx Application Security Guide to Claude Mythos","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","datePublished":"2026-04-13T20:52:30+00:00","dateModified":"2026-04-19T06:26:34+00:00","description":"Claude Mythos highlights a new era of dynamic, AI-driven applications, and the growing security blind spots they create.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/checkmarx-application-security-guide-to-claude-mythos\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2026\/04\/Checkmarx-Application-Security-Guide-to-Claude-Mythos.webp","width":2000,"height":1000},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/3bc63fc73f8171237cb6abba15df4536","name":"Jonathan Rende","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/download-150x150.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2025\/05\/download-150x150.jpg","caption":"Jonathan Rende"},"url":"https:\/\/checkmarx.com\/author\/jonathan-rende\/"}]},"og_video":"https:\/\/www.youtube.com\/embed\/B9AJK5LbEds","og_video_type":"text\/html","og_video_duration":"860","og_video_width":"480","og_video_height":"270","ya_ovs_adult":"false","ya_ovs_upload_date":"2026-04-13T20:52:30+00:00","ya_ovs_allow_embed":"true"},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/108259","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/146"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=108259"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/108259\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/108273"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=108259"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=108259"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=108259"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}