Yeah I tend to agree. For me Mythos' principal risk in my mind is saturation through being able to do bad things faster. Vulnerabilities are found and fixed - that's life. What is a problem is identifying and prioritising vulnerabilities. A miscategorisation or misidentification may lead to an extended attack window of a vulnerability. If a cloud provider, or multiple cloud providers are open to something there then everyone is in trouble. That's a pretty big nightmare scenario for me where I currently am.

Especially because you can potentially use a model like Mythos to figure out how to hide (from humans, at least) a deliberately created vulnerability.