The Mythos
Board Tabletop.
Most boards now have AI-driven cyber risk on their agenda. Your chair will likely ask where the board sits on this and what is on the record. The Mythos Board Tabletop is the three-hour facilitated workshop that puts that position on the record. Your directors sign decisions in the room. A 10-page dossier follows within 5 business days. Now booking May and June 2026. Mythos: the April 2026 AI-driven cyber attack capability shift · $8,500 ex GST · 3 hours + dossier + call
What changed
What changed in April 2026
Mythos is an AI-driven cyber attack capability. It is AI being used against organisations, not AI being used inside them.
UK AI Safety Institute evaluations
In April 2026 the UK AISI published evaluations of Anthropic's Mythos model. The model completed a majority of cybersecurity challenges that normally require expert humans.
Anthropic risk report
Anthropic's risk report shows Mythos finding critical vulnerabilities in widely-deployed software at low cost.
21 April incident
On 21 April an unauthorised group reportedly accessed the model. Together these mark a recent and public shift in the threat picture facing Australian organisations.
After Mythos
The patch race breaks
The discover-to-exploit window is collapsing. Before Mythos, working exploits arrived in the weeks after disclosure. They now arrive before disclosure does. The patch race, as most organisations have run it for two decades, is no longer winnable.
How fast can you patch?
How fast can you patch the systems you can't afford to lose, and what does your infrastructure actually support today?
What is your alternative?
When the answer is "not fast enough", what is your alternative?
Outcomes
What your board has at the close of the workshop
The dossier is drafted with your company secretary and counsel before it is finalised. The board decides what enters the minutes.
A shared view
Directors share a common language and view on Mythos, captured in a register they sign before leaving the room.
Documented decisions
8 to 15 board-level decisions captured live, with regulatory mapping. A 10-page dossier in your inbox within 5 business days.
Evidence of consideration
A sourced, dated record of the board's consideration of AI-driven cyber risk. Available for any regulator, AGM, or litigation question that follows.
Scenarios
Seven scenarios
We work with you to pick the right scenario for your situation.
S1: Adversary has Mythos-class capability via open-source
Defensive posture against an AI-armed attacker.
S2: APRA or ASD ultimatum to adopt AI defensively
Regulator-driven AI procurement.
S3: Engineer runs a capable model locally against internal systems
Insider risk with agentic AI.
S4: Vendor finds a zero-day in your code via their AI tool
Coordinated disclosure, vendor management.
S5: Acquired software hits end-of-life with a new AI-found bug
Legacy liability, acquired-company risk.
S6: Whether to deploy a Chinese-origin model defensively
Foreign-model adoption governance.
S7: Mythos-class capability commoditised on criminal marketplaces
Zero-day flood, patch tempo.
What you do
How the engagement runs
Block 3 hours plus a 30-minute pre-brief
Schedule the session at a time that suits your board.
Distribute the briefing pack 7 days ahead
Pre-reading: three public-source documents to all attendees.
Confirm participants up to 10. CISO attends.
Directors, key executives, CISO. Mutual NDA before the session. No recording.
Three-hour facilitated session
Walk through the scenario. Capture decisions live. Sign the register.
Dossier in your inbox within 5 business days
A 10-page dossier drafted with your company secretary and counsel. Include in your next board paper.
Why Matt O'Kane and Notion Digital Forensics
What this workshop is built on
A public-source evidence base
Anthropic's published risk report, the UK AISI evaluation, and reporting on the 21 April incident. Every claim in the dossier is cited and can be read against its source by your counsel.
Independent and unclassified
No security clearances, export licences, or special permissions are required to attend or to use the dossier. The workshop has no Glasswing access and no offensive-capability product attached. Counsel can verify there is no commercial tension between the workshop and the board's subsequent defensive posture.
Federal and Supreme Court expert-witness experience
Matt O'Kane gives evidence on cyber matters in Federal and Supreme Court proceedings, with incident-response work involving ACSC and OAIC notification. The workshop produces a record that holds to that standard.
Recognised board-room translation experience
Matt teaches information security management at UNSW Business School. He is a 2024 UNSW Scientia Education Academy "Linking Learning to Context" Award winner and a 2024 UNSW Centre for Ideas UNSomnia Presenter. The workshop moves directors from briefing to documented position in one session.
$8,500 ex GST · 3 hours · up to 10 attendees
Mutual NDA, no recording. CISO attendance required. In person East Coast Australia, or via Teams.
For Commonwealth procurement, this engagement is 6.8% of the $125,000 open-tender threshold introduced 17 November 2025. It is procurable by delegate without formal tender. SAMSFilter GREEN for Australian commercial, Australian government, and Five Eyes audiences.
Now booking May and June 2026. Contact Matt O'Kane with the sector, approximate participant count, and a preferred two-week window in May or June 2026. Matt replies with three scenario recommendations and a confirmation meeting.