CrowdStrike President: ‘Huge Opportunity’ For Partners In Countdown To AI-Driven Vulnerability Surge

In the wake of Anthropic’s Claude Mythos disclosure, ‘the alarm has gone off’ and partners should be preparing their customers for heightened risk from vulnerability exploitation, CrowdStrike President Mike Sentonas told partners Tuesday.

Following the recent disclosures about the stunning speed and effectiveness of AI-powered vulnerability discovery, solution and service providers have a crucial role to play in preparing their customers for the impending risk of surging vulnerability exploitation, CrowdStrike President Mike Sentonas said Tuesday.

Addressing top CrowdStrike partners during the company’s Americas Partner Symposium 2026, Sentonas said that Anthropic’s disclosure last month about Claude Mythos has led to unfounded fears that attackers will virtually overnight have access to similar capabilities for finding and exploiting software vulnerabilities.

Recent weeks have seen “master pontification going on across the industry. And there’s just so much misinformation,” he said during the event in Miami Beach, Fla. “It’s no wonder that people are starting to think they’ve got like hours before all hell’s going to rain down on the internet.”

However, the reality is that organizations do have a window of time to prepare for the inevitable surge in AI-discovered vulnerabilities—though not a lengthy one, Sentonas said.

“Whether it’s six months, 12 months [or] 18 months—it’s probably going to be in that range where suddenly we wake up and every day there’s 200 new vulnerabilities that are discovered. [And where] every day we come to work, there’s a zero-day threat that we all have to triage,” Sentonas said.

The bottom line for all organizations is that “the alarm has gone off. It’s time to wake up and it’s time to do something about it,” he said.

Partners will be pivotal in enabling the preparation for this major shift for their customers, starting with education about what the real risks are, according to Sentonas.

“There’s a huge opportunity to just educate people [around] the technologies, the architectures, the approaches that people need to start implementing today to prepare for what will come in the future,” he said. “Organizations want to understand, what does exposure management look like for this new world? How do we find these vulnerabilities? How do we patch them? Which is the one that we need to patch first?”

Anthropic has not revealed plans to release its Claude Mythos Preview model and instead has made it available to a select group of software vendors, including CrowdStrike, through its Project Glasswing initiative. From CrowdStrike’s usage of the technology, it has become clear that the latest available versions of Claude Opus are also extremely effective for uncovering flaws in software, Sentonas said.

“Here’s the great thing—you can do everything that you think you can do with Mythos, with Opus [models] with some really good prompt engineering,” he said.

It’s clear that what Sentonas is advocating—in terms of preparing for increased risk from AI-discovered vulnerabilities—is exactly the right response, according to GuidePoint Security’s Mark Thornberry.

“It’s going in a direction and at a speed that you’ve got to get your arms around,” said Thornberry, senior vice president for partnerships at Herndon, Va.-based GuidePoint, No. 37 on CRN’s 2025 Solution Provider 500.

Without a doubt, the impact of AI on vulnerability exploitation has become a concern “at the highest levels, and it’s a business risk” for customers of all sizes, he said.

“But [you don’t need a] knee-jerk reaction,” Thornberry said. “You do need to come up with a strategy, though.”

Key parts of that strategy should include building capabilities to help customers understand where their weaknesses are, as well as how to enhance prioritization and patching—with the ultimate goal of building repeatable processes, according to Sentonas.

Other major initiatives should focus on removing standard privilege and “building a more modern ecosystem and architecture to deal with these problems that people are going to have,” he said.

“I believe that most organizations will not be able to deploy and manage security systems by themselves and security solutions by themselves,” Sentonas said. “They will need a managed service. They will need somebody to do it for them because [the partner] can operate at a scale and speed that they can’t do by themselves.”

Ultimately, when it comes to the coming risk from AI-discovered vulnerabilities, the best response is to recognize the urgency of the situation without overreacting, he said.

“This is not something that you need to drop everything and just redeploy all of your engineers to solve this problem now,” Sentonas said.

At the same time, partners should most certainly be taking significant action on behalf of their customers—“so if in six months time or 12 months time, a version of this technology that has no guardrails is in the hands of people that want to do bad things—you had the opportunity,” he said. “I’d be starting now.”