The Architectural Answer to the Mythos AI Security Vulnerability: GRIDS
Commercial Brief for E-Commerce Leaders and Major Online Retailers
QPQ AG, Switzerland – 7 May 2026
Every link in this briefing leads to a primary source. QPQ is contactable for verification of any claim not covered by an embedded link.
What has happened
On 7 April 2026, Anthropic announced an AI model called Mythos that breaks into other people’s computer systems on its own, at machine speed, without a human at the keyboard. In Anthropic’s own words, the model can perform “account login bypasses that allow unauthenticated users to log in without knowledge of their password or two-factor authentication code” and “multiple complete authentication bypasses that allow unauthenticated users to grant themselves administrator privileges.”
In commercial terms: the model can sign in as your customer without their password, defeat the two-factor code your systems text to their phone, and then act as that customer at checkout, in the loyalty programme, against stored payment instruments, and in customer service. It can do this against any retail platform whose authentication runs on the same architecture every retailer uses today. Anthropic has held the model back. On Anthropic’s own assessment, equivalent capability will be in less responsible hands within six to eighteen months.
Within days, the US Treasury Secretary and the Chair of the Federal Reserve convened Wall Street’s largest bank chief executives in the first joint emergency meeting of its kind since the financial crisis of October 2008. The Bank of Canada convened its Financial Sector Resiliency Group. The Bank of England is convening its Cross Market Operational Resilience Group.
On 13th April the Cloud Security Alliance, SANS, and OWASP jointly published an emergency framework: eleven priority actions, with the report’s own caveat that “long-term goals should be considered a quarter away at most.” Two days later, the UK government’s open letter to business leaders recorded the UK AI Security Institute’s assessment that frontier AI capabilities are now doubling every four months, against the previous estimate of every eight.
Subsequently, on 24 April, the Swiss Financial Market Supervisory Authority told Bloomberg that “the uncontrolled and immediate availability of AI models such as Mythos would be classified as a systemic risk” because “virtually all existing software systems could simultaneously be affected by a multitude of previously unknown zero-day vulnerabilities, which would be exploited immediately and via AI.” FINMA confirmed it is in contact with banks and “critical service providers” on the matter – a category that includes the payments processors and identity providers that sit beneath every Tier 1 retail stack. On 4 May, the Eurogroup convened in Brussels to discuss Mythos access for European institutions.
Why the defensive response cannot be enough
The dynamics are now permanently in the attacker’s favour. An attacker needs one route to one credential. A defender has to stop every route, every time, forever. An attacker failing a thousand times costs nothing; one success compromises everything. A defender catching 99.9999% of attempts still lets 0.0001% through, and at machine speed that fraction is all that is needed. Defensive AI cannot close the gap; the asymmetry runs the wrong way. Even the best-performing models hallucinate at rates between 0.7% and 2% on the easiest tasks. Mythos is the first of its kind, not the last; the defender is up against a category of capability that will proliferate. In this context, additional defensive spend inflates the cost of inevitable compromise. The only variable is when.
The framework lists its authors and reviewers on its title page: most are CISOs, vendors, investors in security firms, training organisations, and conference operators whose commercial position is served by an answer that is more of what they sell. Lead author Gadi Evron is chief executive of Knostic, whose tools appear among the recommended options in the framework’s first priority action; the framework’s publishing bodies are themselves named in its adoption pathways. The affiliations are disclosed on the title page; the conflict at the points where the affiliations bear on specific recommendations is not flagged. This is the framework that will shape what supervisors expect of every regulated and supervised participant in the retail-payments stack across the major democracies in the coming months.
The architectural answer
The correct response is to put customers in possession of their own identity, so that nothing on your systems can sign in as the customer. The data the attacker is looking for stops being a weapon. That separation now exists, is operational, and is open sourced, ready for immediate deployment.
A Swiss company, QPQ AG, has been running this alternative architecture since 22 October 2024: the Internet of Economics, an open economic resource layer designed for value rather than information. The first commercial tool of the Internet of Economics directly relevant to retail is GRIDS – Gajumaru Remote Instruction Dispatch and Serialisation – a free open protocol released under GPL3 at Main Net on 26 April 2026. GRIDS is the authentication and authorisation component, and it is what Self Sovereign Single Sign On looks like when it is built properly.
Today, when a customer signs in to your site, your systems hold something that proves the customer is who they claim to be – a password, a session token, a two-factor code, a stored fingerprint template. That proof has to sit somewhere, and wherever it sits, an attacker who reaches it can act as the customer. The rest of what you hold about the customer – email address, shipping addresses, payment card reference, purchase history – sits alongside it. The proof is what makes that data dangerous in the wrong hands: with the proof, an attacker becomes the customer; with the data, they know what to do once they have.
Under GRIDS, the proof does not sit on your systems. The customer holds a cryptographic key inside the hardware-backed keystore of their own laptop today, their phone from end Q2 2026. When they sign in or authorise an action, the key produces a one-off digital signature that binds to that specific action and nothing else. Your server checks the signature against the customer’s public key – the mathematical counterpart that is useless to an attacker – and acts on it. Nothing on your systems can sign in as the customer. An attacker who reaches your customer database can read the data, but cannot use it to act as the customer anywhere.
This is Self Sovereign Single Sign On. The customer is sovereign over their own identity. You are freed of the burden of managing other people’s credentials. One key, one customer, every site they choose to authenticate to.
A five-minute live demonstration is available at https://youtu.be/WkzNErEg51o – login, transfer action, and QR code login.
The principle extends beyond sign-in
Once the customer’s key is the anchor, anything you currently hold on the customer’s behalf can be tied to that key. Their loyalty account. Their refund and dispute authority. Their shipping addresses. Their payment instruments. Their seller identity if they sell on your marketplace. Each of these is something you currently store because there has been no other way to have it available when needed. With the key as anchor, the customer presents what is needed at the moment of need, signed by their device for that specific use – this shipping address for this order, this dispute authority for this refund, this payment authorisation for this purchase. What you used to hold on their behalf, they hold themselves and present when required.
The fraud categories that exist because you hold this data on behalf of millions of customers reduce as you hold less of it. Refund fraud through customer service social engineering reduces because a refund must be signed by the same key that made the original purchase. Loyalty fraud reduces because the points belong to the key that earned them. Marketplace seller impersonation reduces because the seller’s identity is signed by their key, not stored on your platform. The same principle extends forward to payment cards bonded to the customer’s key, subscription authorisations, and machine-to-machine payments. These are the doors that open once the foundation is in place.
Our commercial position
The GRIDS protocol is open source and free under GPL3; QPQ does not charge for the protocol or for the reference applications, GajuDesk and GajuMobile.
The commercial offer is engineering integration through QPQ IaaS AG, the Swiss operating subsidiary in Einsiedeln: retailers that want GRIDS built into their existing systems by the team that built it engage QPQ IaaS AG on a project basis. We make that point explicitly because the cybersecurity industry’s framework does not.
The cost of carrying what you should not be carrying
This is where the brief turns from security to P&L, though the two are the same argument.
Global information-security spending reached $213 billion in 2025 and is forecast at $240 billion in 2026 – 12.5% growth in a single year, driven, Gartner says, by “rising threats and the expanding use of AI and generative AI – by both internal users and attackers.” The identity and access management segment alone is $26 billion and growing above 10% annually. None of this expenditure is solving the underlying problem. It is the cost of defending an architecture that was not built to carry the economic activity retailers place on it, and that Mythos has now rendered indefensible at scale.
Your own share of this is the visible tip of a much larger cost picture. Beneath it sit the costs that exist because customer credentials and customer data sit on your systems: IAM tooling, customer authentication infrastructure, fraud prevention platforms, breach insurance, breach response capability, third-party assessment, compliance programme overhead, the portion of your customer-service operations that handles identity and fraud disputes, and the portion of your marketing spend that exists to rebuild customer trust after every industry incident that erodes it.
The breach event itself has become a specific commercial risk with a known shape. The IBM Cost of a Data Breach Report placed the average breach cost at $4.88 million in 2024, up 10% year on year. For a Tier 1 retailer, this is the floor, not the ceiling. Marks & Spencer’s April 2025 breach wiped £300 million from profit and £400 million from revenue; its rival Next, benefiting from displaced customers, upgraded profit guidance four times in the same year and now expects pre-tax profits to exceed £1.1 billion. The M&S incident is the 2025 proof that the cost of a breach is no longer bounded by remediation and regulatory fines; it includes permanent market-share loss to competitors who happened to be running that week.
Solving the security problem through architecture removes the credentials these costs exist to defend. When nothing on your systems can sign in as the customer, and when bonded data points are presented by the customer at the moment of need rather than held continuously by you, the attack surface that your business has been paying to defend reduces with every step. The IAM spend that scales with your customer base reduces because customers are self-sovereign. The breach risk that haunts every board review falls because the data left on your systems is no longer dangerous in the wrong hands – without the credential to act as the customer, it is information rather than access. The customer-trust cost falls because your customers are protected by architecture rather than by your security team’s diligence alone.
Three stages of implementation
Stage 1: operational today, open sourced under GPL3. GajuDesk on desktop platforms today; GajuMobile on iOS and Android from end Q2 2026. Private keys held in the device’s hardware-backed keystore (Apple Secure Enclave on macOS and iOS, Android hardware-backed keystore, TPM on Windows and Linux). The honest limitation: the device holding the key is itself network-connected. The keystore is strong but the device sits on the internet. That is a smaller attack surface than the current architecture by orders of magnitude, but it is not zero.
Stage 2: dedicated air-gapped hardware, on the protocol roadmap. Dedicated signing device with no network connection of any kind – no Wi-Fi, no Bluetooth, no NFC, no cellular radio. The only communication channel is optical, via QR codes. For customer populations with significant exposure – premium accounts, enterprise marketplace sellers, high-value loyalty balances, B2B buyers with procurement authority – Stage 2 is the definitive answer.
Stage 3: sovereign-provenance hardware, partnership programme. Signing devices manufactured in auditable facilities with verified component-to-assembly manufacturing chains. For retailers with strategic customer populations – sovereign procurement, high-value enterprise, critical infrastructure partnerships.
What we are proposing
Immediate: A ten-to-fifteen-minute live demonstration, on your machine or ours. Download GajuDesk from gajumining.com/downloads; we will send installation instructions and a mining licence so your team can sign in themselves during the session. If local installation is precluded by policy, we screen-share our own live operations.
Near term: QPQ IaaS AG works with your team to implement Stage 1 GRIDS for customer authentication and account actions. The protocol is open source. The cost is implementation time and any specific customisation, not licensing. For a Tier 1 retailer, the initial integration sits against customer sign-in and the authenticated-session actions that carry the most risk.
Bonding extensions: Specific data classes you currently hold on behalf of customers – loyalty balances, shipping addresses, refund and dispute authority, marketplace seller identity, account preferences – can be bonded to the customer’s key as discrete engineering projects. Each is a defined piece of work that QPQ IaaS AG undertakes with retailers wishing to extend SSSO into the data they currently store. Data the retailer no longer has to store has lost its weight as a target, and the operational cost categories that exist because the retailer holds it – customer-service social engineering, loyalty fraud, marketplace seller impersonation – reduce as the bonding extends.
Medium term: Stage 2 hardware deployment for customer populations where the value at stake warrants air-gapped signing. Structured as a commercial relationship with deployment commitments that accelerate the manufacturing timeline.
Technical summary
| Property | GRIDS Stage 1 | GRIDS Stage 2 | GRIDS Stage 3 |
|---|---|---|---|
| Status | Operational (desktop today, mobile end Q2 2026) | On protocol roadmap | Partnership programme |
| Cost | Open sourced under GPL3 | To be announced | Partnership |
| Key location | Device hardware-backed keystore | Air-gapped hardware | Verified-provenance hardware |
| Network connection | Device connects to internet; signing context isolated | No network at all | No network; verified hardware throughout |
| Attack surface | Software attack surface eliminated | Hardware attack surface eliminated | Supply-chain attack surface eliminated |
The full architectural argument: Un-White Paper
qpq.swiss · gajumaru.io · gajumining.com
Engineering credit: Ulf Wiger (CTO, formerly chief designer of Ericsson’s AXD 301), Craig Everett (CPO and GRIDS architect), Dimitar Ivanov (CDO, co-architect FATE virtual machine and Sophia smart-contract language).
QPQ AG (Industriestrasse 47, Zug) built the Internet of Economics architecture and holds the intellectual property. QPQ IaaS AG (Allmeindstrasse 17, 8840 Einsiedeln) is the integration counterparty for retailers deploying GRIDS. Gajumaru and GRIDS operational since 22 October 2024. Main Net: 26 April 2026.