Thought Leadership
When a Leaked Memo Repriced Every Security Stock

In the spring of 2026 a single leaked document did more damage to the cybersecurity industry’s market value in one afternoon than any breach in its history. The document was a draft Anthropic blog post about a model codenamed Mythos, and it sat public by accident because assets in the company’s content system default to visible. Before it was meant to exist, the draft revealed that Anthropic considered the model a “watershed moment for security” and far ahead of anything else at finding and exploiting software flaws. The market read the memo and sold. CrowdStrike fell about seven percent, Palo Alto Networks around six, Zscaler and SentinelOne similar, Tenable close to nine, and the main cybersecurity ETF dropped four and a half percent, per Sherwood News. Billions in market capitalisation evaporated on a leaked draft about a product nobody could buy yet.
That reaction is the story, and it is a bigger one than any individual model. The market did not price a breach. It priced a belief: that AI is about to find vulnerabilities faster than the vendors selling you protection can patch them. Whether or not Mythos lives up to the memo, the trade tells you how the people with money now rate the defensive-security business. If you buy, run, or trust firewalls and the tooling around them, that repricing is aimed squarely at your stack, and it is worth understanding before the next headline moves it again.
What actually leaked, and what the market did with it
The facts are narrow. A draft post describing Mythos became reachable because Anthropic’s content management system sets new assets to public by default unless someone changes them. Reporting on the leaked draft, later followed by an official capability announcement, described a model that in Anthropic’s own testing found thousands of previously unknown vulnerabilities across major operating systems and browsers, including a decades-old bug in OpenBSD and a long-lived flaw in FFmpeg that had survived millions of automated scans, and that it could autonomously assemble a working remote root exploit. Those are the claims that moved the tape.
Notice what did not happen. No firewall was breached because of this. No CrowdStrike customer lost data to Mythos. The selloff was pure anticipation: investors looking at a capability description and concluding that the economics of finding software flaws had just shifted toward the attacker’s side of the ledger. Markets are a rough instrument, and they overshoot. But they are also a fast aggregator of a lot of informed opinion, and the direction of this move was unambiguous. Given a credible claim that AI can now out-discover human researchers at scale, the reflex was to sell the companies whose product is finding and blocking known bad things.
The bet underneath the trade: discovery is outrunning patching
Strip the selloff down to its logic and it is a bet on a race that security teams have always quietly been losing. There has never been enough time between a vulnerability becoming known and it being exploited. The defender’s job has always been to shrink that window: find the flaw first, patch it, or block the path to it. The Mythos memo suggested that one side of that race is about to get an engine bolted on, and the other side, the patching, the testing, the change window, still runs at human speed.
This is not abstract for a firewall team. The perimeter appliance is exactly where this race is most visible, and it is losing. As covered in 2026: the year the firewall became the way in, the edge device has become one of the most reliably exploited things on the network, because it is exposed by definition, it runs complex proprietary code, and it patches slowly. Point a tireless vulnerability-discovery engine at that class of software and the asymmetry is obvious: the machine can look for flaws around the clock; your change process cannot deploy fixes around the clock. The market saw that gap and priced it.
Why AI-driven discovery hits perimeter kit hardest
Firewalls, VPN concentrators, and management planes share the three properties that make a target attractive to an automated finder. They are internet-facing, so a discovered flaw is immediately reachable. They run large, closed codebases that no customer can audit, so nobody outside the vendor knows what is lurking. And their patch cycles are slow, gated by change control, maintenance windows, and the entirely rational fear of taking the perimeter down to fix it. A human researcher probing that surface is a manageable threat because there are only so many of them. An automated one that can be replicated across thousands of targets changes the arithmetic.
- Exposure: the appliance is on the edge on purpose. There is no “internal only” mitigation for the box whose job is to face the internet.
- Opacity: you cannot review the firmware for the bug an AI just found in it. You are dependent on the vendor discovering it first, and now the vendor is racing the same tools the attacker has.
- Patch latency: the gap between “fix available” and “fix deployed” is measured in weeks on most networks, because deploying it means a change to the thing everything else depends on.
The uncomfortable version: the tools your vendors are buying to find bugs before shipping are the same tools an adversary points at the shipped product. Discovery got cheaper for everyone at once. The side that can act on a discovery fastest wins, and right now that is not the side constrained by a maintenance window.
Was the selloff fear or a real repricing?
Both, and separating them is the useful exercise. The fear part is obvious: a leaked draft is not a shipped capability, the model was gated by the US government within weeks, and defensive-security vendors are themselves among the heaviest users of AI to find and triage flaws. Several of the analyses that followed, including from Forbes, framed the drop as an overreaction and a buying opportunity, on the reasonable argument that better vulnerability discovery helps defenders too.
The real repricing is the part worth keeping. Even discounting the panic, the market registered a structural shift: the cost of finding an exploitable flaw is falling toward zero, and that changes the value of any product whose pitch is “we will find the bad thing for you.” A security tool that detects known patterns is worth less in a world where novel flaws are discovered faster than signatures can be written for them. That is not fear. That is a rational markdown of a business model, and it will not un-happen when the news cycle moves on.
What a firewall team should actually do about it
None of this is a reason to panic, and it is certainly not a reason to trust the market’s timing. It is a reason to stop assuming the perimeter is a solved problem and to build for a world where your exposed kit has undiscovered flaws that someone will find on an accelerating schedule. The response is unglamorous and entirely within your control.
- Assume the appliance is vulnerable, not patched. Architect so that a compromised firewall is contained, not catastrophic: strict egress control so a breached box cannot phone home or move laterally freely. The pattern is in the egress filtering guide.
- Compress your own patch window. The one variable you can move is the time between a fix existing and you deploying it. A change process that can safely push a firewall update in hours instead of weeks is now a security control, not just an operations nicety. That is the entire argument for emergency changes that actually get rolled back rather than lingering forever.
- Know your rules well enough to spot the anomaly. If discovery is accelerating, detection has to lean on behaviour, not just signatures. Continuous, automated review of what your firewall is actually permitting is the baseline, as laid out in automated firewall vulnerability checks and AI-driven rule analysis.
- Feed the discovery race back to your own side. The same AI that worries the market can triage your rule base, flag the risky permit, and surface the drift. Defenders get the engine too; use it, on the terms set out in the AI agent security threat model.
Why it matters
The Mythos selloff was a market telling you, in the bluntest language it has, that it believes the balance between finding flaws and fixing them is tilting toward whoever finds them. You do not have to accept the market’s verdict on any single stock to take the underlying signal seriously. The defensible position is not a better appliance; it is a shorter distance between a fix existing and a fix being live, a perimeter built to contain its own failure, and a change process fast and auditable enough to keep pace with an adversary that no longer works at human speed. The teams that came through the last decade of exploited edge devices calmly were the ones who stopped trusting the box and started trusting their control over it. This is the same lesson, arriving faster.
About FwChange
FwChange is a firewall change management methodology and platform for reviewable, auditable firewall changes across every vendor.
See where your perimeter stands before the next headline moves the market.
Free NIS2 Readiness Check
