e91 Cyber Security — Vol 06

§00The three horizons

Now (2026) · Mid (2029) · Far (2031)

Horizon 0 · NOW

2026 · Identity is the breach.

80%+ of confirmed breaches involve credentials. Phishing, password reuse, MFA bypass, and insider misuse dominate the incident docket. AI is just starting to industrialise these attacks.

Credential phishing & AiTMAttacker-in-the-middle frameworks (Evilginx-class) bypass legacy MFA in seconds.VOLUME · ROUTINE
MFA fatigue / push bombingSpam push prompts until a tired user taps approve.VOLUME · ROUTINE
Privileged-account abuseHelpdesk social-eng → admin reset → ransomware in 4 hours.HIGH IMPACT
Insider data exfiltrationLeavers, contractors, third-party access misuse.HIGH IMPACT
SaaS sprawl & orphan accessHundreds of unmanaged tenants, no central audit.CHRONIC

Horizon 1 · MID · +3 YEARS

2029 · Identity goes non-human.

AI agents become the dominant identity class, outnumbering humans 10:1. Deepfakes industrialise social engineering. The DPDP regime is in full enforcement and CERT-In has tightened reporting timelines.

Agent-identity sprawlEvery workflow has agents. None of them have proper identity, audit, or lifecycle.EXISTENTIAL
Prompt injection & tool-call abuseIndirect injection via documents, emails, web pages turns helpful agents into exfil tools.HIGH IMPACT
Deepfake voice & video social-engLive-cloned executive calls, video-KYC bypass, helpdesk fraud at scale.HIGH IMPACT
AI-accelerated credential stuffing10×–100× faster spray attacks; password-only authentication is dead.VOLUME · INTENSE
MCP / tool supply-chain attacksMalicious agent tools, poisoned plugins, RAG-source poisoning.EMERGING
"Harvest now, decrypt later"State actors hoard encrypted traffic for future quantum decryption.SLOW BURN

Horizon 2 · FAR · +5 YEARS

2031 · Autonomous adversaries.

Offensive AI agents conduct end-to-end intrusions with limited human direction. Cryptographic relevance of pre-PQ algorithms is in question. The defender is also an agent — Mythos defends Mythos.

Autonomous attack agentsRecon → exploit → lateral → exfil, performed by an LLM-driven agent at machine speed.EXISTENTIAL
Quantum-relevant decryptionRSA-2048 / ECC under sustained pressure; PQ migration is now mandatory, not optional.REGULATORY
Model supply-chain attacksPoisoned weights, backdoored open-source models, attested-registry bypass.EMERGING
Synthetic-citizen fraudAI-generated identities pass KYC. Identity-proofing must move beyond document checks.HIGH IMPACT
OT / critical-infra agent attacksLLM-driven probing of SCADA, with public-grid impact potential.CATASTROPHIC
Defender-agent compromiseThe autonomous SOC analyst is itself a target.META

§01Horizon 0 · today's threats × our response

2026

T-01NOW

AiTM phishing kits bypass legacy OTP

Evilginx, Modlishka, EvilProxy proxy live sessions, capture cookies, defeat SMS/TOTP MFA. The most common cause of "MFA-protected" breaches we see today.

ResponseFIDO2 / passkeys (phishing-resistant by design) + risk-based step-up + session-binding tokens.

MFASSOPolicy

T-02NOW

Push-bombing / MFA fatigue

Attacker spams approval requests until the user taps yes. Famously breached Uber, Cisco. Every push-MFA deployment is exposed by default.

ResponseNumber-matching push, contextual challenge, automatic lockout on N denials, anomaly-driven step-up.

MFASIEM

T-03NOW

Privileged-account abuse via helpdesk

Caller impersonates an executive, social-engineers a helpdesk into a password reset. Full domain admin in under an hour. The MGM and Caesars playbook.

ResponseVerified-identity helpdesk flows, PAM session vaulting, JIT elevation, recorded admin sessions, anomaly alerts.

PAMMFASIEM

T-04NOW

Leaver / contractor exfiltration

Departing employee or third-party still has access for weeks after exit. DPDP makes the breach reportable; sectoral CERT timelines compress investigation.

ResponseHRIS-bound joiner-mover-leaver automation, quarterly access reviews, orphan-account hunt, DLP on egress.

IGADSPSIEM

T-05NOW

VPN as flat lateral-movement highway

Once attacker is on the VPN, they see the whole network. Standard ransomware playbook still works in 2026.

ResponseReplace VPN with identity-aware ZTNA. Per-app micro-tunnels, device posture gate, continuous trust score.

ZTNAEDT

T-06NOW

SaaS sprawl & shadow apps

Hundreds of un-federated SaaS tenants, no central audit, regulator can't see who has access to what regulated data.

ResponseUniversal SSO, SCIM-driven JML, CASB-style discovery, DPDP residency rules at the gateway.

SSOIGADSP

§02Horizon 1 · the AI/Mythos era

2029 · 3 years out

T-07+3 YR

Agent-identity sprawl (10:1 over humans)

By 2029, every internal workflow has 5–20 LLM-driven agents calling tools, accessing data, talking to other agents. None of them have proper identity, audit trail, or lifecycle today.

Mythos responseFirst-class agent identities in the identity graph. Per-agent token, scope, expiry, audit. Agent-to-agent mTLS with signed intent.

MythosIdentity GraphPAM

T-08+3 YR

Indirect prompt injection

Attacker plants instructions in a document, web page, calendar invite, or RAG corpus. Agent reads them, follows them, exfiltrates data — without user awareness.

Mythos responsePrompt firewall on input, output filter on egress, tool-call policy gating, content-provenance signals.

MythosPolicyDSP

T-09+3 YR

Deepfake voice + video at help-desk & video-KYC

Real-time voice cloning passes phone verification. Live deepfake video defeats unsupervised video-KYC. BFSI account-opening fraud and CEO-fraud explode.

Mythos responseInline synthetic-media detection, liveness + content-provenance, mandatory FIDO2 step-up for sensitive helpdesk actions.

MythosMFASIEM

T-10+3 YR

AI-accelerated credential stuffing & spraying

LLMs generate plausible password mutations + bypass simple bot-mitigation. Brute-force becomes intelligent-force, two orders of magnitude more effective.

ResponseMandatory phishing-resistant MFA for everyone (not just admins), behavioural biometrics, credential-stuffing detection in SIEM.

MFASSOSIEM

T-11+3 YR

MCP / tool supply-chain compromise

An agent's available tools (MCP servers, plugins, RAG sources) become the new dependency tree. One malicious MCP server poisons every agent that uses it.

Mythos responseSigned tool catalogue, per-tool allow-list policy per agent, runtime tool-call inspection, behavioural baseline.

MythosPolicyAPP

T-12+3 YR

Harvest-now-decrypt-later (early stage)

Adversaries (state and criminal) capture today's TLS traffic + encrypted backups. They sit on it. When CRQC is meaningful, those archives unlock.

ResponsePQ-ready signing + key-encapsulation today (ML-KEM, ML-DSA). Re-key high-value long-lived assets first.

PQ CryptoKMSAll products

§03Horizon 2 · autonomous adversaries

2031 · 5 years out

T-13+5 YR

Autonomous attack agents

An LLM-driven agent runs the full kill chain — recon, exploit selection, lateral movement, persistence, exfil — at machine speed, against thousands of targets in parallel.

ResponseAutonomous defenders. Mythos-driven SOC analyst. Agent-vs-agent containment loops. SIEM detections tuned for non-human attacker tempo.

MythosSIEMSOAR

T-14+5 YR

Quantum-relevant cryptanalysis

Whether or not a CRQC is in production, regulatory mandates (RBI, CERT-In, NCIIPC) force PQ migration. Vendors who haven't planned face an 18-month emergency.

ResponseAlready shipped — pluggable crypto layer means a config flag, not a migration. Crypto-agility is a feature, not a project.

PQ CryptoAll products

T-15+5 YR

Model supply-chain & weight integrity

Open-source models with backdoors, fine-tuned weights with covert behaviour, attested-registry bypass. The model itself is now the attack surface.

Mythos responseSigned weights, attested registry, runtime behavioural baseline, prompt-output integrity checks.

MythosCSPM

T-16+5 YR

Synthetic-citizen identity fraud

AI generates a complete identity — face, voice, documents, history — that passes onboarding KYC. BFSI, telco, government services exposed.

ResponseMulti-modal identity proofing, Aadhaar attestation flows, deepfake detection, behavioural patterns over time.

MythosMFADPDP

T-17+5 YR

OT / critical-infra agent attacks

LLM-driven probing of SCADA, ICS, grid-management. Public-impact potential — power, telecom, water, transit. NCIIPC-regulated targets.

ResponseAir-gap deployment story, identity-aware OT/IT boundary, SCADA-aware detection, tabletop-tested IR with sectoral CERT.

ZTNASIEMSOARMythos

T-18+5 YR

Defender-agent compromise (the meta-threat)

If a SOC's autonomous analyst is itself an agent, the analyst is a target. Compromise the defender, suppress alerts, run lateral attacks invisibly.

Mythos responseStrict agent-identity scope for defender agents, redundant detection paths, human-in-loop for irreversible actions, signed audit chain that the defender can't tamper with.

MythosAudit FabricPAM

§04The post-quantum bet

Why we ship PQ-ready before the mandate

Why this matters now

"Harvest now, decrypt later" makes 2031 a 2026 problem.

Adversaries don't need a quantum computer today to make today's encryption a future liability. They need patience. Identity tokens, financial transactions, citizen records, and defence telemetry that ride RSA-2048 / ECC today are being quietly archived by sophisticated adversaries. Anything that must remain confidential past 2031 is already at risk. Our pluggable crypto layer means our customers don't need an 18-month migration project when the regulator finally rules — they flip a flag.

NIST baseline. ML-KEM (FIPS 203) for key encapsulation · ML-DSA (FIPS 204) for digital signatures · SLH-DSA (FIPS 205) for stateless hash-based signatures. Each available behind the same primitive interface across MFA, SSO, PAM, ZTNA, and the audit fabric.

§05Likelihood × impact radar

Snapshot · 2029

How to read it

●GreenNOW · 2026 threats
●AmberMID · +3 yr / 2029
●VioletFAR · +5 yr / 2031

The top-right quadrant is what we must defend against today and tomorrow without exception. Bottom-left is where we monitor without immediate investment.