After Mythos: What Cyber Insurers Should Actually Be Asking

Cyber insurance underwriting evolution and expectations
Written by Michael Hoffman
Strategic Partnerships
Written by Pratyush Uddagiri
Product Manager - Cyber Risk Modeling & Analytics, Moody’s

One issue we keep hearing from insurance underwriters and portfolio managers is some version of the same question: how do you price a risk that can change between bind and the very next day?

The steady stream of headlines about Claude Mythos is the latest reason why this question comes up, but it isn’t really all about Mythos. Frontier AI is collapsing the gap between vulnerability disclosure and weaponized exploit, and the numbers are no longer subtle. Google’s Mandiant measured the mean time to exploit a new vulnerability at 63 days in 2018; by 2024, it had fallen to roughly zero, and in 2025, it’s estimated at negative seven days, meaning exploitation now routinely begins before a patch even exists. 

For six consecutive years, exploitation of Internet-facing systems has been the single most common way attackers get in, and a separate IBM dataset puts vulnerability exploitation as the reason behind 40% of incidents. This ‘window’ insurers used to count on, the one where bind-time data stayed roughly accurate through the policy period, is closing. The market is recognizing it: the data behind cyber decisions has to be better and faster than before, which is the same reason Bitsight was named the leader in the 2026 Forrester Wave for Cybersecurity Risk Ratings Platforms and Cyber Insurtech of the Year at the 2026 Cyber Insurance Awards USA.

The new imperatives

All of this has a few real implications for how the market will react.

First, the underwriting question has shifted 

No insured will avoid high-severity vulnerabilities. The applicants worth underwriting aren’t the ones with the cleanest scan on day one; they’re the ones who can fix things when something breaks. Mean time to patch, exposure decay curves, and how fast a known bad piece of software disappears from an attack surface are the variables that predict loss now.

Second, you can’t underwrite or manage portfolio accumulation if you don’t know what software your insureds are running 

This is the part where some insurers are underinvesting at the scale the moment requires. 

Bitsight’s Groma Internet scanner scans four billion IP addresses and fingerprints software across 40 million-plus organizations, spanning more than 60,000 unique technology applications. That dataset is what makes the next part possible at scale. When a Common Vulnerability and Exposure (CVE) drops on a Tuesday afternoon, customers can see in real time which of their insureds are running the affected version and how heavily they depend on it. 

Pairing that with curated, real-time threat intelligence from deep- and dark-web sources tells them which of those exposures are being weaponized right now. That’s the difference between finding out about portfolio concentration during a claim and finding out before one materializes.

Third, the AI attack surface is becoming material to a kind of loss that the market is barely underwriting

But it’s worth being precise about why, because the path from ‘faster exploitation’ to ‘systemic event’ is not automatic.

Speed is the trigger, not the loss. Compressed time to exploit is real: when the gap between disclosure and weaponization runs negative, the remediation window underwriting relied upon is gone. 

But faster exploitation is not the same thing as systemic loss. Most vulnerabilities are never exploited at all: of the 40,000-plus CVEs disclosed each year, only a low single-digit percentage are ever used in the wild. Even among those that are exploited, most stay contained because systems are fragmented and networks are segmented. 

Speed changes how fast a single incident arrives 

It does not, on its own, turn that incident into a catastrophe. Two conditions do. 

The first is homogeneity. A loss becomes systemic when many insureds fail at once because they share the same exposed dependency, and that is precisely what makes the AI stack different from the average new technology: it is, by design, concentrated. It runs on a handful of model providers, common gateways like LiteLLM, and the same agentic patterns and exposed MCP servers repeated across thousands of networks, which is why we now fingerprint 40-plus AI-native technologies. 

The diversification that normally protects a book is thinner here than almost anywhere else in the IT estate, and these tend to be Internet-facing, highly privileged systems with access to email, code, and credentials, the kind that segmentation protects least. When our research team found 30,000-plus exposed OpenClaw instances earlier this year, with many inside healthcare, finance, government, and insurance organizations, the concern wasn’t any single one. It was how alike they all were.

That concentration is compounded by version velocity. Because these tools constantly add features, using them means running the newest, least-vetted release, which turns the supply chain itself into a shared concentration risk. Earlier this year, an attacker pushed malicious versions of the LiteLLM gateway after stealing its publishing credentials, hitting any build that auto-installed the latest version. Weeks later, the same group poisoned the official Mistral AI and Guardrails AI packages, two of more than 170 hit in a single coordinated campaign. Sitting on a stable, patched version is what protects you in ordinary IT, and the AI stack is exactly where that protection gets traded away for features.

The second condition is materiality. An exploited, widely shared component only produces a large loss if insureds’ revenue and core processes depend on it. A flaw in software that no one’s operations hinge on is an incident, not a catastrophe. Modeling that dependence, incorporating revenue reliance and business impact by industry sector and company size across perils, is precisely what turns an exposure map into a loss estimate. The newer challenge is specifically tying that view to the AI stack, and that is where systemic risk modeling must go next.

The genuinely new variable, the one that earns the Mythos reference, is whether Frontier AI raises the rate at which a discovered vulnerability becomes a reliable, weaponized exploit. If that conversion rate climbs, the funnel that keeps most vulnerabilities harmless narrows, and more of them reach the two conditions above. For a multi-year book, the prudent assumption isn’t that those guardrails hold; it’s that a capability of this kind diffuses over a policy period faster than bind-time assumptions can. Exploitation speed is the trigger; homogeneity and business-criticality decide whether it matters; and the direction of travel on all three runs one way.

For reinsurers and exposure managers, this makes the AI stack an accumulation problem before a pricing one. Until you treat shared AI infrastructure as a concentration in its own right, you can't cap how much of it sits in your book, and any loss estimate that assumes it isn't a common point of failure is understating the tail.

What does this mean practically?

  • For underwriters, the data behind a bind decision should look more like a behavioral profile than a snapshot. How fast does this applicant remediate? What does their AI footprint look like? What does their technology usage and cloud infrastructure say about how they manage cyber? Are they running infrastructure that becomes a portfolio-wide problem if it gets compromised?

  • For portfolio managers, accumulation analysis must run continuously, weighting exposure by how much insureds’ revenue and operations depend on it. Loss control becomes table stakes, to both price competitively and grow profitably.
  • For brokers, it means the carriers you place business with should be ones that answer these questions in real time. The rest will surprise your clients at renewal.

This is the gap the Moody’s/Bitsight partnership is built to close. The cyber insurance market has been held back by limited data transparency, disconnected models, and a lack of a shared view of systemic risk. Cloud and vendor concentration, together with deep- and dark-web intelligence, is now integrated into Moody’s Cyber Solutions. Version 10 builds on the strengths of the award-winning Cyber 9.0,  giving carriers a single, real-time dataset that underwriting, exposure management, and event response can all act on, and feeding the models that turn exposure into the accumulation and tail metrics the capital side relies on.

Mythos doesn’t make cyber untenable. It makes incomplete data untenable. The moment calls for enterprise-scale visibility across points of failure, CVE activity, and what’s moving live in the threat landscape. The carriers, reinsurers, and brokers who can map what’s running across their book, see concentration before it becomes loss, and move when the timeline compresses will be the ones that outperform.

2026 gartner magic quadrant cover

Bitsight Recognized as a Visionary in 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence Technologies

Get the report and see why Bitsight was named a Visionary.