While updating your patching practices will be essential, preventing attackers from fully utilizing vulnerabilities will require identity hardening as well.
In all likelihood, the security conversation will continue for some time to be dominated by the rise of AI-discovered vulnerabilities and exploits, and the near-panic-level responses that have ensued.
But the existence of powerful AI vulnerability discovery technologies such as Anthropic’s Claude Mythos doesn’t mean that patching will be the whole answer—far from it.
[Related: The 20 Hottest AI Cybersecurity Companies: The 2026 CRN AI 100]
From my recent conversations with security experts and solution providers, it’s clear that updating your organization’s practices will be essential, obviously. But that’s only as a first step.
However, preventing attackers from fully utilizing vulnerabilities will require identity hardening as well, among other measures.
Even though AI-discovered vulnerabilities have already been increasing for years, exploitation of software flaws is “still not the most accessed ingress vector for an attack,” Darktrace’s Nicole Carignan told me. “That really still lies in identity.”
In particular, identity is still a crucial area of concern due to the fact that, with modern IT architectures, “we’re tying so much to the identity control plane,” said Carignan, senior vice president of security and AI strategy at Darktrace, which is based in Cambridge, U.K., but has numerous office in the U.S. and Canada.
In other words: Don’t forget about identity.
Without a doubt, for many companies, patching has long been one of the most vexing security challenges. And there is little reason to doubt that AI is going to make that problem much more urgent.
But even with all the FUD (fear, uncertainty and doubt) around Mythos and similar technologies, de-prioritizing identity would be a shortsighted move, according to solution and service providers.
That is, the increase in cyber risk from the widespread adoption of AI—including by threat actors looking to exploit vulnerabilities—is unquestionably going to be about more than just exposure management.
“It’s one of the more robust cross-domain narratives that we’ve seen,” Blackwood’s Chris Ebley told me.
Organizations are trying to figure out how to take action to counter the rise in risk, but “action for a lot of these things is going to be an identity conversation—the permissioning and provisioning side of things, removal of entitlements—making sure that you don’t have [identity] risk that is exposed,” said Ebley, CTO at Annapolis, Md.-based Blackwood, No. 93 on CRN’s Solution Provider 500 for 2025.
The bottom line is that identity remains one of the most important areas for organizations to modernize in the Claude Mythos era, especially as they simultaneously adopt agentic AI systems.
For solution and service providers, that means the opportunity is not just helping customers respond faster to vulnerabilities. It also means helping organizations to harden their identity systems and improve access controls, as well as to implement zero-trust segmentation and other compensating controls.
Without a doubt, the channel opportunity ahead is massive in identity, as it has been for a number of years now, according to GuidePoint Security’s Mark Thornberry.
“Identity has been one of our biggest areas of focus and growth as a company. It’s our largest single practice that we have at GuidePoint,” said Thornberry, senior vice president for partnerships at Herndon, Va.-based GuidePoint, No. 37 on CRN’s 2025 Solution Provider 500.
Even before the advent of LLMs, identity was already a highly convoluted and confusing space for many customers, he noted.
Ultimately, “customers just have to do something there—they’ve had to do it for years,” Thornberry said.
GuidePoint kicked off its identity practice in 2020 and, given the surging needs among customers, “it just continues to expand,” he said. “There’s a huge opportunity there. Obviously AI is [top of mind]. But identity keeps us really busy.”
