Anthropic’s Mythos preview and Project Glasswing surfaced something defenders already suspected: AI-assisted vulnerability discovery has crossed a threshold where the speed of novel attack patterns is bounded by compute, not by the size of the analyst pool. The defender side has not absorbed that shift.
KAIROS is not a SIEM, an EDR, or an XDR. It is a structural reading layer adjacent to those tools, answering a different question. A classifier returns whether an event matches an attack pattern. The structural margin returns the pressure a defended zone can still absorb before its weakest control collapses. The structural reading is the zero-day early-warning surface, and it does not depend on a signature or a labeled training set.
How the adapter sees a defended zone
The cybersecurity adapter treats a defended zone as a structural object under load. Lambda aggregates six attack-surface metrics with a pressure-dominant rule, so one severe kill-chain indicator drives the zone score. Gamma aggregates six defense-posture metrics with a weak-link rule, so one collapsed control drives the buffer. Averaging hides the kill chain. The adapter refuses to average.
The output is a deterministic stability score per zone, per tick, hash-bound to the calibration anchors and the deployment policy version. Two operators replaying the same incident reach the same answer.
The result that surprised us
We ran a 60-day, 60-zone, 60-second-tick synthetic baseline against public-reference-anchored distributions: DBIR 2024/2025, NIST SP 800-53 / 207, CIS Controls v8, OCSF 1.x, the Los Alamos Unified Host & Network corpus, and the DARPA Operationally Transparent Cyber dataset. 5.2 million snapshots. Replay-deterministic. Byte-identical across runs.
The headline:
| Archetype | Quiet | Noisy-but-benign |
|---|---|---|
| Identity plane | 0.60% | 0.67% |
| Edge device | 28.07% | 26.74% |
| Internal segment | 98.08% | 96.49% |
| Data plane | 1.46% | 1.96% |
A reader’s first reaction to the Internal-segment number is the right one. We had it too. Then we read the literature carefully and the number became the most interesting thing the corpus produced.
The result is not a framework failing. It is the framework correctly identifying that the median enterprise’s internal-segment posture sits at the structural-margin threshold under the default policy. DBIR has been saying for years that lateral-movement controls are inconsistently deployed and most enterprises run effectively flat internal networks. NIST SP 800-207 calls internal-segment microsegmentation the unfinished work for most Zero Trust adopters. CIS Controls v8 implementation surveys consistently rank internal-segment monitoring among the lowest-maturity control families.
What the corpus adds is a number. ~98% of benign internal-segment zone-hours produce policy positives under the default 0.20 floor. A researcher who wants to know what it means to set a structural-margin policy on a realistic enterprise baseline now has a quantified answer they could not read off DBIR or NIST alone.
Where this sits
The Mythos-shaped sandbox-escape fixture in our smoke corpus walks the exact sequence: privilege pressure rises first, segmentation collapses next, exfiltration arrives after. The zone reaches active intrusion before the exfiltration jump. A pattern-matcher reads the exfiltration packet. The structural margin reads the geometry.
This complements the SIEM. It complements the EDR. It does not replace either. It adds a reading the existing tools structurally cannot produce, because they were not designed to compute reachability of the safe set per defended zone, per tick.
The methodology debrief
The full debrief lives on the Spindle: Calibrating the Cybersecurity Adapter. It covers the calibration confidence tags (the 144-cell distribution, the 46% synthesised cells stated up front), the sensitivity sweep treating the policy floor as a tunable knob rather than a hidden vendor parameter, the byte-identical reproducibility manifest, the linguistic contribution renaming “FP rate” to “policy-positive rate,” and the explicit limitations of v1. The methodology lineage there is the Engelen 2021 critique of CICIDS-2017, which calibration-honest cyber benchmarking inherits from.
The partner ask
The methodology is ready for real telemetry. We are looking for design partners able to share a 30–90 day OCSF export covering one or two zone archetypes, with SOC-confirmed benignness labels and incident disclosure for the contributed window. NDA standard, redacted exports preferred, raw partner telemetry never leaves the partner environment in identifiable form.
The full data spec lives at /partner/cyber-data-spec: coverage matrix, labeling discipline, redaction rules, and the partner-relationship shape that makes the work land. If you are running infrastructure where this kind of contribution is feasible, contact us.