Last week, Anthropic shipped Claude Opus 4.8. In the same announcement, they confirmed that Mythos-class models, the ones currently behind closed doors with Project Glasswing partners, will be available to all customers in the coming weeks.
The story that matters for anyone running Oracle workloads is what Mythos actually is: an AI that autonomously finds critical vulnerabilities at scale, chains them into working exploits, and does it from a single prompt with no scaffolding. Anthropic's own lab numbers had Mythos generating 181 working exploits on Firefox, where Opus 4.6 managed two under the same conditions.
What "Mythos-ready" actually means
The Cloud Security Alliance, SANS, the OWASP GenAI Security Project, and a long list of CISOs published a strategy brief in April titled The "AI Vulnerability Storm": Building a "Mythos-ready" Security Program. The primary finding is that time-to-exploit has collapsed to hours, attackers get asymmetric benefit from AI, and quarterly patch cycles plus pre-AI risk models are no longer fit for purpose.
The brief is worth reading end-to-end, but if I had to compress it into one line for an Oracle audience, it would be this: invest in the security fundamentals, reduce your exposed surface area, and use AI to audit your own software before adversaries do.
That is the strategic frame. Now let's talk about three specific moves Oracle shops can make this quarter.
Move 1: Upgrade to 26ai and turn on Deep Data Security
A question I keep getting in client workshops: what happens when an AI agent is tricked into generating SQL that the application layer was supposed to prevent?
Until now, the honest answer was "you have a problem." Application-layer authorization assumes the application is the only thing writing SQL. Once you have agents in the loop, that assumption is dead.
Oracle Database 26ai introduces Deep Data Security, which moves the guardrails into the database itself. Three concepts to know:
-
End Users — a new identity type, distinct from schema users. They authenticate via OCI IAM, Azure AD, or password. They own no tables, no objects, nothing.
-
Data Roles — named policy holders that bundle access rules and are granted to end users.
-
Data Grants — declarative policies that define exactly which rows and columns an identity can SELECT or UPDATE, evaluated at query time through a SQL predicate.
The magic is ORA_END_USER_CONTEXT.username. Every query, whether it came from a human, an app, or an agent, gets transparently rewritten at the database to enforce the predicate. If Chris asks an agent to bump his own salary and the agent obliges with a perfectly valid UPDATE, the database silently drops the change because Chris's data grant has no UPDATE privilege on the salary column. No error. No rows changed. No raise.
That is what defense-in-depth looks like in an agentic world. The application is no longer the boundary. The database is.
If you are still on 19c or even 23ai, this is now a planning conversation, not a someday conversation. Anas Darkal has a clean walk-through of the syntax on Medium if you want to see the CREATE END USER, CREATE DATA ROLE, and CREATE OR REPLACE DATA GRANT statements in action.
Move 2: Get on the monthly CSPU cadence
Effective May 28, 2026, Oracle moved to monthly Critical Security Patch Updates (CSPUs) alongside the existing quarterly CPUs. The new cadence is the third Tuesday of every month. Next release: June 16. July 21 is a full CPU. August 18 is back to CSPU.
The math here is the math the CSA brief is talking about. If time-to-exploitation is hours and your patch window is 90 days, you are losing on every cycle. Compressing the patch cadence from quarterly to monthly does not solve the problem, but it cuts your exposure window by roughly two-thirds for the issues Oracle considers critical.
If you are on Oracle-managed cloud services, this is automatic. If you are running customer-managed, and most of my clients still are for at least part of the estate, this needs to be a calendar item, a named owner, and a test pipeline.
Move 3: Point agents at your own code first
One actionable line in the CSA brief is use LLM-based vulnerability discovery on your own code, this week. Not next quarter. This week.
For Oracle shops, that translates to a short list:
-
Run an agent over your PL/SQL packages, your APEX apps, your custom JDBC layers, and your Terraform / OCI Resource Manager templates.
-
Audit your MCP servers, plugins, and any agent harness that touches Oracle. The harness "prompts, tool definitions, retrieval pipelines, escalation logic" is where the most consequential failures will happen.
-
Treat agent identity the same way you treat any other privileged identity. Scoped credentials, blast-radius limits, segmentation, the works.
Conclusion
Opus 4.8 shipped. Mythos is next. The runway between an Anthropic announcement and a capability landing in adversary hands is now measured in weeks. That is now your planning window.
For businesses running Oracle, the mitigation is possible. It is three concrete moves:
-
Upgrade to 26ai and put Deep Data Security at the data layer, so agentic SQL hits a wall the application can no longer be trusted to provide.
-
Get on the monthly CSPU cadence starting now, and treat the third Tuesday as a non-negotiable calendar entry.
-
Adopt the CSA Mythos-ready playbook — segmentation, egress, MFA, agent governance, and LLM review on your own code before someone else's agent does it for you.
A token has been the new unit of accountability for AI cost. An hour is now the new unit of accountability for AI security. Plan accordingly.
If you have any questions about Oracle 26ai, Deep Data Security, or AI security readiness? Get in touch with our experts today.
