5 misconfigurations Mythos-class AI could find in your environment

The attack surface isn't in your unknown unknowns. It's in the defaults your team inherited three years ago and never went back to check.

‍

The uncomfortable truth about Mythos-class AI as an attack tool is that it doesn't need sophisticated targets. It just needs defaults.

‍

At Reco, we spend a lot of time inside enterprise third-party perimeters. What we consistently see is that the highest-risk configurations are rarely the result of negligence. They're the result of apps that were deployed, connected, and moved past — with settings that were never revisited because there was no reason to revisit them until something broke.

‍

Mythos-class AI finds these defaults systematically. Here are five of the most common, drawn from what we see across real enterprise environments — and how to prevent them.

‍

1. Salesforce Sites with guest user access

‍

Salesforce Sites and Experience Cloud pages often launch as lightweight public portals like partner logins or customer-facing forms. When Lightning features and search are enabled for unauthenticated users, what was a "public page" becomes a data discovery path. Guest access is one of the fastest routes from external to internal.

‍

What to check: Audit every Salesforce Site for guest user capabilities. Disable Lightning features and search for unauthenticated profiles. Review sharing rules for any objects or fields that are accessible to guest users.

‍

2. Legacy authentication still permitted in M365

‍

Every enterprise has invested in MFA. Many of those investments have a hole in them. Legacy authentication protocols bypass Conditional Access entirely. Password spray attacks and basic-auth attacks don't need to touch your MFA policies because legacy auth doesn't route through them. If your Conditional Access policies don't explicitly block legacy auth for all users and all applications, the attack path is open.

‍

What to check: Review Conditional Access policies for a legacy auth blocking rule that covers all users. Don't assume full coverage — check which user populations and app registrations are excluded.

‍

3. Snowflake with an open network policy

‍

Your data warehouse probably holds more sensitive information than any other system in your environment. A surprising number of Snowflake deployments have a network policy that allows connections from any IP — 0.0.0.0/0, or its IPv6 equivalent. Broad network access means that anyone with valid credentials can connect from anywhere in the world.

‍

What to check: Review your Snowflake network policy. Lock it to corporate IP ranges or your VPN. Check for users with ACCOUNTADMIN set as their default role — maximum privilege as a standing default means maximum blast radius on any compromise.

‍

4. SSO connected but not enforced

‍

An app that supports your identity provider but doesn't require it lets users — and automated agents — log in directly with username and password. That means no MFA. No Conditional Access. No session controls. 

‍

"SSO available" is not the same as "SSO enforced." Mythos-class AI finds these apps by probing login paths that shouldn't work — and often discovering that they do.

‍

What to check: For every app in your environment, verify that direct login is blocked — not just that SSO is available. This is especially critical for high-value apps with access to sensitive data or broad user bases.

‍

5. Secret scanning alerts going unresolved in GitHub

‍

Many teams have enabled secret scanning on their GitHub repositories. Fewer teams have a process that ensures those alerts get resolved. Credentials in code with an open, unacknowledged alert are as exposed as credentials in code with no detection at all — Mythos-class AI doesn't care whether an alert exists.

‍

What to check: Review the age and volume of open secret scanning alerts across your repositories. If alerts are accumulating without resolution, the detection is functioning and the response process isn't.

‍

The common thread

‍

None of these are novel vulnerabilities. Rather, they're configurations that exist in most enterprise environments. You need to close these gaps before the model that exploits them reaches attacker hands.

‍

Reco surfaces these misconfigurations continuously across more than 225 third-party apps and agents. We prioritize by Mythos-relevance — not by alert volume — so your team focuses on the fixes that matter most.

‍

[Download the CISO Playbook: Mythos Changed the Rules →] https://www.reco.ai/ciso-playbook-mythos

‍

[Get your posture score — 15-minute assessment →] https://www.reco.ai/demo-request

‍

‍