Your 90 Days Guide to Operationalizing Security in the Anthropic Mythos Era: Splunk and AWS’s Path to Resilience
Artificial Intelligence Sahil GuptaKey takeaways
- Splunk and AWS help security teams use AI and human expertise together to detect, investigate, and respond to threats faster.
- An Agentic SOC combines unified data, AI powered investigations, and human oversight to improve security without giving up control.
- A phased approach helps organizations strengthen visibility, automate routine tasks, and build more resilient security operations.
Special thanks to Matt Eglin of AWS and Splunk's Devi Sekar, Paul Frederiksen, and Trav Kane for their contributions to this blog.
The rapid evolution of frontier AI models like Anthropic’s Claude Mythos has fundamentally transformed the cybersecurity landscape. What once took years to exploit a vulnerability now happens at machine speed. Things from here will only continue to accelerate with Anthropic releasing its public version of Mythos (Fable 5) and more on the way. This seismic shift demands a new approach to security operations—one that combines the power of AI automation with human expertise, all running on a unified, scalable platform.
Splunk and AWS are uniquely positioned to help organizations meet this challenge head-on. Together, they deliver an integrated solution that accelerates detection, investigation, and response workflows, enabling security teams to operate at the speed of AI-driven threats.
The Mythos Challenge: Accelerated Threats, Compressed Timelines
Traditional Security Operations Centers (SOCs) were designed for a world where attackers operated at human speed. The average time to exploit a vulnerability has plummeted , driven by frontier AI models like Claude Mythos that automate discovery and exploitation. This acceleration exposes three critical weaknesses in legacy SOC models:
- Machine Speed Attacks: The ability for new AI models to find vulnerabilities in either existing (been there for months/years) or new at machine speed. (a great article on this can be found here)
- Rapid Data Growth: With the increase of AI adoption into businesses, a massive increase of data goes along with it. This leads to potential gaps in visibility within organisations.
- AI Paradox problem: The very AI we are building to streamline our business causes issues around security and visibility as well. More things to secure.
The Agentic SOC: A New Operating Model for the AI Era
Splunk’s Agentic SOC model, powered by AWS cloud infrastructure, addresses these challenges by embedding AI agents into every stage of the security lifecycle while preserving human authority over critical decisions. This model has three key layers:
- Data Layer: Leveraging AWS’s scale, Splunk’s agility and Cisco Data Fabric integration, organizations achieve comprehensive, unified telemetry ingestion across network, endpoint, identity, applications and cloud environments. This foundation is essential for accurate detection and response.
- Reasoning Layer: AI agents automate high-volume, low-judgment tasks such as alert triage, enrichment, correlation and automation. These agents continuously tune detection logic to keep pace with evolving attacker behaviors, reducing alert fatigue and operational overhead.
- Action Layer: Human analysts retain control (human in the loop) over consequential decisions like containment and escalation. Every AI action is transparent, attributable, and reversible, ensuring governance and compliance.
How Splunk and AWS Work Together with Mythos/Fable
Running Splunk Enterprise Security Premier on AWS provides the agility and scale needed to operationalize the Agentic SOC. AWS’s cloud-native services enable rapid deployment of Agentic AI workloads, while Splunk’s platform delivers advanced behavioral detection, risk-based alerting, and automated containment capabilities.
Together, Splunk and AWS:
- Accelerate Detection and Response: AI agents operating via Amazon Bedrock AgentCore process massive telemetry volumes in real time, enabling detection and response in seconds rather than hours.
- Enhance Visibility and Context: Integration with AWS services and Cisco Talos threat intelligence enriches data, providing analysts with actionable insights and reducing blind spots.
- Ensure Data Residency and Security: Splunk’s deployment flexibility on AWS respects customer data residency requirements, with telemetry and model updates managed under strict change control.
- Support Governance and Compliance: Real-time monitoring of AI agent activities, identity tracking, and audit-ready evidence packs ensure compliance with regulatory frameworks.
Frontier AI hasn’t rewritten security operations; it has compressed the timeline. This makes getting the fundamentals right more urgent than ever:
- See Everything: Data & Visibility
Attackers chain reconnaissance, exploitation, and lateral movement in minutes. You cannot correlate what you never collected—complete, retained telemetry is the precondition for moving at machine speed. - Spot the Anomaly: Behavior Analytics
As AI enables adversaries to appear legitimate, rules alone fail. Behavioral baselining distinguishes a real user doing something unusual from an attacker blending in. - Know What Belongs: Identity & Exposure
You cannot defend what you don’t fully understand. Knowing what should—and shouldn’t—be in your environment shrinks the blast radius when an identity is compromised.
Cisco Data Fabric powered by the Splunk Platform, UEBA, and Exposure Analytics provide these foundational capabilities.
A Practical 90-Day Path to Agentic SOC Maturity
Organizations can move from fragmented manual operations to a fully operational Agentic SOC in a phased approach:
- Weeks 1-3: Establish comprehensive telemetry ingestion and exposure analytics to gain full visibility.
- Weeks 3-6: Deploy AI agents for triage, enrichment, and runbook automation to accelerate detection and response.
- Weeks 7-12: Formalize governance frameworks, integrate threat intelligence, and tune risk-based alerting.
- Weeks 12+: Build durable capacity with continuous improvement, purple team exercises, and integration into CI/CD pipelines.
This approach delivers measurable improvements in mean time to detect (MTTD) and mean time to respond (MTTR), freeing analysts to focus on high-value investigations.
The Bottom Line: Resilience at Machine Speed
The Mythos era demands security operations that run at machine speed without sacrificing control or trust. Splunk and AWS provide a unified, scalable platform that empowers security teams to detect, investigate, and respond to AI-driven threats effectively. By operationalizing the Agentic SOC model, organizations can transform their SOC from a reactive alert factory into a proactive, resilient defense system ready for the frontier AI era.
Related Articles

Enter the SOC of the Future in Splunk’s State of Security 2025

Hypothesis-Driven Cryptominer Hunting with PEAK
