authorized speed
aka ruh roh
the end of the big CISO mythos paper had a chart that made me laugh.
this one.
except in the version used in april Sergej Epp’s zero day clock said 20h for 2026. by june 25, it says 6h.
the old security clock depended on friction and the friction is disappearing.
Joshua Saxe’s GLM-5.2 post nailed the shift. the panopticon dilemma (logged API access = attacker exposure a real cost) dissolved last week when private open-weights inference removed the logging cost… attackers now have permissionless speed and permissionless privacy.
Saxe is right that defenders need machine-speed capability but we need to go further. machine-speed capability without enforcement authority is just a faster version of the same accountability gap.
attackers have permissionless speed and what defenders need is ~authorized speed~.
that gap is not something we can close by moving faster. it isn’t that defenders are slow, it’s that every action defenders take needs to be accountable (logged, audited, reviewable) and every action attackers now take is not. one way we can close that gap is by making authorized speed cheaper and more verifiable than it is now.
attackers run, test, probe, chain, and discard… kill-chain execution, C2 authoring, zero-day discovery, long-con fraud… defenders cannot simply mirror that behavior because their systems and actions carry consequence. the good guys are bound by institutional constraint. the defensive equivalent isn’t matching capability it’s enforcement at the action boundary before the capability runs.
once defensive agents carry the same responsibility as human defenders (remediation, containment, secrets, CI/CD, audit evidence) they’re delegated actors and have different accountability surface. think of a containment action that modifies a firewall rule. is speed more important than authorization there? a defensive agent that reads logs is one thing. a defensive agent that rotates secrets, modifies CI/CD, quarantines infrastructure, changes access, or creates audit evidence is another beast altogether.
once an agent can change the state of the system it changes from being assistance to becoming a delegated action.
the right control layer for that failure mode isn’t just which model; it’s the deciusions around tools, permissions, logs, escalation paths, refusal conditions… and it needs to be defined before deployment rather than re-negotiated at runtime.
we need to stop accepting defaults where we should be making decisions:
what it can inspect
what it can infer
what it can change
what it must refuse
when it escalates
what evidence survives
it’s a whole other rodeo when we move from “AI-speed discretion” to “machine-speed enforcement inside bounded authority” or we just end up with faster ambiguity.
we’ve had the era of move fast and break things; let’s move fast and fix things.
ultimately i think to be Mythos ready, and ready for whatever comes next, must mean we make our systems custody ready. the answer to permissionless attackers cannot be permissionless defenders. let’s build authorized speed.