Cybersecurity is changing. The limited release of Claude Mythos sent the security community into a tail spin, with concerns that frontier AI could be used to discover and exploit enterprise vulnerabilities.
The Mythos model was dubbed too dangerous to be released, and Anthropic put together an international task force, known as Project Glasswing, to find new ways to address the risks such powerful models have introduced to the threat landscape.
Chris Wallis, founder and CEO of Intruder, an exposure management platform, is on the frontlines of this shift – not as part of Project Glasswing, but as a vendor providing vulnerability and attack surface management.
The new paradigm is not only a case of rising to address AI-driven threats, but also staving off defensive AI models like GPT-5.4-Cyber, which present new competition.
Building an exposure management startup
Wallis’ journey toward founding Intruder has been a long road. His passion for technology initially began when he was a young man, taking apart mobile phones before moving on to complete a computer science degree at the University of Bath from 2002 to 2006. After completing his studies, he began working as an ethical hacker with Deloitte.
By 2015, Wallis founded Intruder, at first bootstrapped with funds from GCHQ’s Cyber Accelerator; the founder used the small stipend they supplied him for transportation and cut costs by renting out a garden shed near the office as a home base. This approach helped him save up enough money to hire Intruder’s first CTO.
Image source: Chris Wallis via LinkedIn
Today, the startup generates $14 million USD in annual recurring revenue, with over 3,000 customers including the Alan Turing Institute, Drata, Virgin Active, Sopra Steria, NHS, Pangea, PostHog, Fujifilm and Farmatodo. It has an office in London, 60 employees, and engineering staff based across Europe and as far out as Argentina.
“I spent 10 plus years working as an ethical hacker before,” Wallis told 150sec. “So the likes of Cisco and Lloyds, and all the big kinds of high street names you’d recognise. And often, the way I was getting into those companies was the little things they left on the internet.”
“So that was the original inspiration for Intruder,” Wallis said. He noted that building Intruder over the past 11 years has been difficult, especially with such limited funding ($1.5 million USD to date).
“You pay for it in sweat and tears rather than VC equity.”
Filling a gap in the market
Wallis says that Intruder focuses on companies that don’t necessarily have the same resources as large companies like Barclays – which have all the money they need for people and tooling.
The startup combines AI-driven penetration testing, attack surface management and vulnerability management to look for exploits across a company’s entire tech stack, including monitoring for exposures that traditional vulnerability scanners miss.
Wallis notes that the limited release of Mythos Preview and Project Glasswing called for a strategic pivot, however – not just in that frontier AI could increase the speed of vulnerability discovery and exploitation, but that defensive-minded models could displace traditional cybersecurity vendors.
Speaking on Mythos, he said: “If some of the hype is to be believed, it’s likely we’re going to see an uptick in the number of vulnerabilities that are discovered in code that gets used, whether it’s open source or closed source.”
Walli notes that the need for a pivot became more apparent around March 2026 after the company began observing reliable AI-generated vulnerability reports coming out for the first time.
“If the technology has shifted now into being useful, then it’s time for us to go all in on it. So we’ve shifted a lot of our roadmap towards AI, and what we can do with AI. The first version of that is already out, so we now have an AI that can investigate the issues the Intruder platform finds,” he stressed, adding that it can go further and investigate them as a penetration tester would.
Move fast and break things
The capability of advanced AI models to detect vulnerabilities at speed means that defensive teams also need to move faster to mitigate risks in their environment. Companies like Intruder will be on the front line of adapting post Mythos.
Intruder’s limited funding and impressive growth has shown the company’s ability to thrive under pressure. And, the strategic pivots it’s making toward AI-driven penetration testing appear to put it in a solid position to compete for the foreseeable future.
Featured image: Getty Images via Unsplash+
