The Architectural Answer to the Mythos AI Security Vulnerability: GRIDS
Commercial Brief for Hosting and Infrastructure Service Providers
QPQ AG, Switzerland – 7 May 2026
Every link in this briefing leads to a primary source. QPQ is contactable for verification of any claim not covered by an embedded link.
What has happened
On 7 April 2026, Anthropic announced an AI model called Mythos that breaks into other people’s computer systems on its own, at machine speed, without a human at the keyboard. In Anthropic’s own words, the model can perform “account login bypasses that allow unauthenticated users to log in without knowledge of their password or two-factor authentication code” and “multiple complete authentication bypasses that allow unauthenticated users to grant themselves administrator privileges.”
In hosting terms: an attacker can act as any authenticated user – your customer, your support engineer, your operations administrator – on any system you run on behalf of any customer, without holding either the password or the second-factor code. Anthropic has held the model back. On Anthropic’s own assessment, equivalent capability will be in less responsible hands within six to eighteen months.
Within days, the US Treasury Secretary and the Chair of the Federal Reserve convened Wall Street’s largest bank chief executives in the first joint emergency meeting of its kind since the financial crisis of October 2008. The Bank of Canada convened its Financial Sector Resiliency Group. The Bank of England is convening its Cross Market Operational Resilience Group.
On 13th April the Cloud Security Alliance, SANS, and OWASP jointly published an emergency framework: eleven priority actions, with the report’s own caveat that “long-term goals should be considered a quarter away at most.” Two days later, the UK government’s open letter to business leaders recorded the UK AI Security Institute’s assessment that frontier AI capabilities are now doubling every four months, against the previous estimate of every eight.
Subsequently, on 24 April, the Swiss Financial Market Supervisory Authority told Bloomberg that “the uncontrolled and immediate availability of AI models such as Mythos would be classified as a systemic risk” because “virtually all existing software systems could simultaneously be affected by a multitude of previously unknown zero-day vulnerabilities, which would be exploited immediately and via AI.” FINMA confirmed it is in contact with banks and “critical service providers” on the matter. Hosting and infrastructure providers are precisely the category FINMA named. On 4 May, the Eurogroup convened in Brussels to discuss Mythos access for European institutions.
The hosting provider’s specific exposure
Your customers’ authentication architecture is your authentication architecture. The credential surface that Mythos defeats – passwords, session tokens, MFA codes, support-system access logs, administrative API keys, the credential storage every hosted application sits behind – is concentrated at the platform you operate. A vulnerability in one customer’s authentication is one customer’s incident; a vulnerability in the hosting provider’s authentication is every customer’s incident at once.
The October 2023 Okta breach is the recent precedent for what concentration looks like. From 28 September to 17 October 2023, an attacker had unauthorised access to Okta’s customer support system, reached HAR files containing session tokens, and used those tokens to hijack the live Okta sessions of five customers including 1Password, BeyondTrust, and Cloudflare. The initial entry was a service-account credential stored in an employee’s personal Google profile on a company laptop. One credential, one support system, downstream session-hijack across multiple identity-management vendors and password managers – precisely the cascading customer-base exposure the hosting provider carries by definition. That attack required a human attacker working through a sequence of operational mistakes over weeks. Mythos can do the same kind of work in seconds, on its own.
The asymmetry that has been dominating recent news flow is instructive: $5,000 drones against a $2 billion navy destroyer that fires $2 million missiles to stop it – and only one drone in the swarm has to get through. Mythos is a step beyond that. The drone is single-use and the swarm is finite, as is the missile supply on the defending ship. The framework being put in front of supervisors asks regulated institutions to keep firing $2 million missiles. One drone gets through and the $2 billion destroyer is gone. Mythos and those AI models that will follow, can attack every system in the world, in parallel, indefinitely, at a marginal cost per attack approaching zero.
For a hosting provider the asymmetry has a specific edge: each customer compromise damages the hosting provider’s reputation across the entire customer base, regardless of where in the customer estate the breach occurred. The platform’s reputation is itself the platform’s commercial position.
The disclosure problem at the heart of the cybersecurity policy response
The CSA / SANS / OWASP framework’s eleven priority actions each assume the same software stack the regulated population already runs and call for it to be defended harder. None addresses why the stack is vulnerable in the first place. Global information-security spending reached $213 billion in 2025 and is forecast at $240 billion in 2026 – 12.5% growth in a single year against a threat that has just rendered the underlying assumption obsolete.
The framework lists its authors and reviewers on its title page: most are CISOs, vendors, investors in security firms, training organisations, and conference operators whose commercial position is served by an answer that is more of what they sell. Lead author Gadi Evron is chief executive of Knostic, whose tools appear among the recommended options in the framework’s first priority action; the framework’s publishing bodies are themselves named in its adoption pathways. The affiliations are disclosed on the title page; the conflict at the points where the affiliations bear on specific recommendations is not flagged. The hosting provider that follows the framework’s recommendations is the volume-aggregator of the spend the framework’s commercial logic depends on.
The architectural answer
A Swiss company, QPQ AG, has been running an alternative architecture since 22 October 2024: the Internet of Economics, an open economic resource layer designed for value rather than information. The first commercial tool of the Internet of Economics directly relevant to hosting is GRIDS – Gajumaru Remote Instruction Dispatch and Serialisation – a free open protocol released under GPL3 at Main Net on 26 April 2026.
The cybersecurity industry has spent thirty years trying to keep attackers away from the place where credentials and sensitive data sit. The architectural alternative does not try harder. It moves the credential to a place the attacker cannot reach. The proof that the user is who they say they are – the signing key – sits in a sealed part of the user’s own device that even the device’s own software cannot read. When your platform needs to verify the user, it sends the specific request to the user’s device. The device displays the request in plain language. The user approves. The device produces a one-off cryptographic signature bound to that specific request. Your system verifies the signature against a public counterpart on file – useless to anyone else – and acts on it. There is no password to steal. There is no code to intercept. There is no logged-in session left behind for an attacker to take over – and no HAR file an Okta-class incident can leak.
The same primitive serves every credential surface a hosting provider operates: customer-facing authentication into the hosting control panel, support-engineer authentication into the customer support system, administrator authentication into the operations layer, API authentication for programmatic management, inter-provider authentication where you participate in shared identity federations.
A five-minute live demonstration is available at https://youtu.be/WkzNErEg51o – login, transfer action, and QR code login. It works today on a laptop or desktop; the mobile reference application follows in July 2026. The first sovereign user is the Liechtenstein Trust Integrity Network, with Telecom Liechtenstein as majority owner, deploying national infrastructure on this architecture in the second half of 2026.
Our commercial position
The GRIDS protocol is open source and free under GPL3; QPQ does not charge for the protocol or for the reference applications, GajuDesk and GajuMobile.
The commercial offer is engineering integration through QPQ IaaS AG, the Swiss operating subsidiary in Einsiedeln: hosting providers that want GRIDS built into their platform by the team that built it engage QPQ IaaS AG on a project basis. We make that point explicitly because the cybersecurity industry’s framework does not.
What platform-level deployment looks like
GRIDS deploys at the credential layer beneath the existing IAM stack. Identity governance, lifecycle, federation, entitlement management, and access control continue to be handled by the existing stack. What changes is what gets authenticated and how. Three deployment shapes are common:
Platform-Level Integration. GRIDS is integrated at the hosting platform’s authentication layer. Every customer running on the platform inherits the architecture. The hosting provider offers GRIDS-authenticated hosting as a feature within the existing service catalogue. The integration work happens once at the platform; the customers consume it on the platform’s terms.
Customer-Selectable Integration. GRIDS is offered as an opt-in feature within the platform. The hosting provider builds the integration once. Individual customers choose to deploy GRIDS for their applications on their own timeline. Commercial position: the hosting provider offers the architectural answer as a differentiated capability.
Hardware Stage. GajuDesk on desktop today and GajuMobile on iOS and Android from end Q2 2026 implement GRIDS using the device’s hardware-backed keystore (Apple Secure Enclave, Android hardware-backed keystore, TPM on Windows and Linux). For populations where the value at stake warrants air-gapped signing – administrator-tier customers, operations users with elevated privilege, customers running regulated workloads – dedicated air-gapped hardware on the protocol roadmap is the definitive answer; sovereign-provenance hardware in the partnership programme adds verified manufacturing chains for the sovereign and critical-infrastructure customer segment.
What we are proposing
Immediate: A ten-to-fifteen-minute live demonstration, on your machine or ours. Download GajuDesk from gajumining.com/downloads; your team can sign in themselves during the session and inspect the protocol in operation.
Near term: Integration of Stage 1 GRIDS at the platform’s authentication layer, scoped to the credential surfaces you choose – customer control panel, support-system access, administrative API. The protocol is open source. The cost is engineering time and any specific customisation, not licensing. QPQ IaaS AG is available to support the integration where the touch points are non-trivial.
Strategic: A platform that removes the credential surface for its customers holds a competitive position no platform still defending the existing architecture can match. The first hosting provider in any market segment to deploy at the platform level shapes the segment’s commercial logic for the providers that follow. The conversation about platform-level integration timing, customer-segment prioritisation, and the commercial position the architecture creates is open.
The full architectural argument: Un-White Paper
qpq.swiss · gajumaru.io · gajumining.com
Engineering credit: Ulf Wiger (CTO, formerly chief designer of Ericsson’s AXD 301), Craig Everett (CPO and GRIDS architect), Dimitar Ivanov (CDO, co-architect FATE virtual machine and Sophia smart-contract language).
QPQ AG (Industriestrasse 47, Zug) built the Internet of Economics architecture and holds the intellectual property. QPQ IaaS AG (Allmeindstrasse 17, 8840 Einsiedeln) is the integration counterparty for hosting providers deploying GRIDS. Gajumaru and GRIDS operational since 22 October 2024. Main Net: 26 April 2026.