Companies have never secured their stuff and it's not because they didn't have access to Mythos. No one cares and breaches don't cost them money or customers. If I sound cynical it's because I am.

There's no functional difference between

"Hey npm says this is vulnerable, we need to fix it!" / "Nah, later."

and

"Hey Mythos says this is vulnerable, we need to fix it!" / "Nah, later."