The Architectural Answer to the Mythos AI Security Vulnerability: GRIDS
Commercial Brief for Professional Services Firms – Legal, Accounting, Consulting
QPQ AG, Switzerland – 7 May 2026
Every link in this briefing leads to a primary source. QPQ is contactable for verification of any claim not covered by an embedded link.
What has happened
On 7 April 2026, Anthropic announced an AI model called Mythos that breaks into other people’s computer systems on its own, at machine speed, without a human at the keyboard. In Anthropic’s own words, the model can perform “account login bypasses that allow unauthenticated users to log in without knowledge of their password or two-factor authentication code” and “multiple complete authentication bypasses that allow unauthenticated users to grant themselves administrator privileges.”
In professional services terms: an attacker can act as any party your firm has been built to verify – your client signing instructions, your partner authorising work-product release, your audit-engagement team accessing working papers, your support staff handling privileged communications – against any system whose authentication runs on the same architecture every major firm uses today. Anthropic has held the model back. On Anthropic’s own assessment, equivalent capability will be in less responsible hands within six to eighteen months.
Within days, the US Treasury Secretary and the Chair of the Federal Reserve convened Wall Street’s largest bank chief executives in the first joint emergency meeting of its kind since the financial crisis of October 2008. The Bank of Canada convened its Financial Sector Resiliency Group. The Bank of England is convening its Cross Market Operational Resilience Group.
On 13th April the Cloud Security Alliance, SANS, and OWASP jointly published an emergency framework: eleven priority actions, with the report’s own caveat that “long-term goals should be considered a quarter away at most.” Two days later, the UK government’s open letter to business leaders recorded the UK AI Security Institute’s assessment that frontier AI capabilities are now doubling every four months, against the previous estimate of every eight.
Subsequently, on 24 April, the Swiss Financial Market Supervisory Authority told Bloomberg that “the uncontrolled and immediate availability of AI models such as Mythos would be classified as a systemic risk” because “virtually all existing software systems could simultaneously be affected by a multitude of previously unknown zero-day vulnerabilities, which would be exploited immediately and via AI.” On 4 May, the Eurogroup convened in Brussels to discuss Mythos access for European institutions.
The professional services firm’s specific exposure
The credential surface that Mythos defeats is, for every professional services firm, the surface through which the firm’s most valuable asset moves: client confidence in the firm’s discretion. Privileged client communications, attorney work-product, audit working papers, M&A deal data rooms, expert-witness engagements, litigation-hold material, regulatory-investigation correspondence, due-diligence findings, internal advice memoranda – every one of these sits behind credentials that prove someone is authorised to read, sign, or release it. When the credential is defeated, the protection it represented is defeated with it.
For a law firm, a single confirmed unauthorised access to client files is sufficient to compromise privilege across every matter the affected user touched. Attorney-client privilege does not survive demonstrable third-party access; once the breach is on the record, the firm’s central commercial proposition – that a client’s communication with the firm stays inside the firm – becomes legally unenforceable. For an accounting firm, audit-engagement integrity rests on demonstrable control of working papers; a compromise of those papers calls every signature on every audit opinion into supervisory review. For a consulting firm, the strategic and operational data clients share under non-disclosure has commercial value that survives no published breach.
The 2016 Mossack Fonseca breach is the precedent of what scale looks like in this sector. 11.5 million documents and 2.6 terabytes of data, including 4.8 million emails covering 214,488 offshore entities, exfiltrated through a vulnerable WordPress plugin that gave the attacker access to email-server credentials stored in plain text in the database. The firm’s client portal ran a three-year-old Drupal version with multiple known vulnerabilities. Mossack Fonseca survived as a corporate entity for years afterward but never recovered as a going concern; its client base evaporated within months of the breach. The firm’s defence at trial was that no Mossack Fonseca conduct was unlawful. A Panamanian court acquitted the founders and all employees in June 2024 on chain-of-custody grounds. By then there was no firm left to acquit. The breach itself, not any subsequent legal finding, ended the firm.
That breach took a determined human attacker exploiting a sequence of operational mistakes over months. Mythos can do the same kind of work in seconds, on its own.
The asymmetry that has been dominating recent news flow is instructive: $5,000 drones against a $2 billion navy destroyer that fires $2 million missiles to stop it – and only one drone in the swarm has to get through. Mythos is a step beyond that. The drone is single-use and the swarm is finite, as is the missile supply on the defending ship. The framework being put in front of supervisors asks regulated institutions to keep firing $2 million missiles. One drone gets through and the $2 billion destroyer is gone. Mythos and those AI models that will follow, can attack every system in the world, in parallel, indefinitely, at a marginal cost per attack approaching zero.
The disclosure problem at the heart of the cybersecurity policy response
The CSA / SANS / OWASP framework’s eleven priority actions each assume the same software stack the regulated population already runs and call for it to be defended harder. None addresses why the stack is vulnerable in the first place. Global information-security spending reached $213 billion in 2025 and is forecast at $240 billion in 2026 – 12.5% growth in a single year against a threat that has just rendered the underlying assumption obsolete.
The framework lists its authors and reviewers on its title page: most are CISOs, vendors, investors in security firms, training organisations, and conference operators whose commercial position is served by an answer that is more of what they sell. Lead author Gadi Evron is chief executive of Knostic, whose tools appear among the recommended options in the framework’s first priority action; the framework’s publishing bodies are themselves named in its adoption pathways. The affiliations are disclosed on the title page; the conflict at the points where the affiliations bear on specific recommendations is not flagged. Professional services firms, themselves the trusted advisors of the regulated population, will recognise the structure: the disclosure standard the firm imposes on its own engagement letters, conflicts checks, and independence determinations is the disclosure standard the framework’s authors did not meet on their own work.
The architectural answer
A Swiss company, QPQ AG, has been running an alternative architecture since 22 October 2024: the Internet of Economics, an open economic resource layer designed for value rather than information. The first commercial tool of the Internet of Economics directly relevant to professional services firms is GRIDS – Gajumaru Remote Instruction Dispatch and Serialisation – a free open protocol released under GPL3 at Main Net on 26 April 2026.
The cybersecurity industry has spent thirty years trying to keep attackers away from the place where credentials and sensitive data sit. The architectural alternative does not try harder. It moves the credential to a place the attacker cannot reach. The proof that the user is who they say they are – the signing key – sits in a sealed part of the user’s own device that even the device’s own software cannot read. When the firm’s systems need to verify the user, they send the specific request to the user’s device. The device displays the request in plain language: “release these audit working papers to the engagement partner”; “approve this client communication”; “authorise access to this matter file.” The user approves. The device produces a one-off cryptographic signature bound to that specific request. The firm’s system verifies the signature against a public counterpart on file – useless to anyone else – and acts on it. There is no password to steal. There is no code to intercept. There is no logged-in session left behind for an attacker to take over.
The same primitive serves every credential surface a professional services firm operates: partner and staff authentication into the firm’s matter management system; client authentication into the client portal; audit-engagement working-paper access; data-room access for M&A and litigation matters; e-signature for engagement letters and binding deliverables; inter-firm authentication where firms collaborate on transactions or audits; regulator-facing authentication for supervisory submissions and investigations.
A five-minute live demonstration is available at https://youtu.be/WkzNErEg51o – login, transfer action, and QR code login. It works today on a laptop or desktop; the mobile reference application follows in July 2026. The first sovereign user is the Liechtenstein Trust Integrity Network, with Telecom Liechtenstein as majority owner, deploying national infrastructure on this architecture in the second half of 2026.
Our commercial position
The GRIDS protocol is open source and free under GPL3; QPQ does not charge for the protocol or for the reference applications, GajuDesk and GajuMobile.
The commercial offer is engineering integration through QPQ IaaS AG, the Swiss operating subsidiary in Einsiedeln: firms that want GRIDS built into their existing systems by the team that built it engage QPQ IaaS AG on a project basis. We make that point explicitly because the cybersecurity industry’s framework does not.
What deployment looks like
GRIDS deploys at the credential layer beneath the existing IAM stack. Identity governance, lifecycle, federation, entitlement management, matter-level access control, and the firm’s existing audit logging continue to be handled by the existing stack. What changes is what gets authenticated and how. The firm chooses where to deploy: at the partner-and-staff authentication layer first; at the client-portal layer where the firm wants to demonstrate to clients that it has eliminated the credential surface holding their material; at the data-room layer for high-value or supervisory-sensitive matters; at the inter-firm collaboration layer for transactions and audits.
GajuDesk on desktop today and GajuMobile on iOS and Android from end Q2 2026 implement GRIDS using the device’s hardware-backed keystore (Apple Secure Enclave on macOS and iOS, Android hardware-backed keystore, TPM on Windows and Linux). For populations where the value at stake warrants air-gapped signing – senior partners with full-firm matter access, audit signing-partners on listed-company engagements, M&A lead partners on bid-side transactions – dedicated air-gapped hardware on the protocol roadmap is the definitive answer; sovereign-provenance hardware in the partnership programme adds verified manufacturing chains.
The credential lifecycle (registration, use, rotation, revocation, recovery) is fully auditable and produces signature events that contain the specific instruction approved, the user’s public key, and the verification timestamp – higher-resolution audit trails than session-based authentication produces today. For firms subject to regulatory examination (audit firms under PCAOB / FRC / AOB; law firms under SRA / Bar Council equivalents; consulting firms with regulated-sector engagements), the audit and supervisory dimensions of a GRIDS deployment compose with existing evidence requirements rather than complicating them.
What we are proposing
Immediate: A ten-to-fifteen-minute live demonstration, on your machine or ours. Download GajuDesk from gajumining.com/downloads; your team can sign in themselves during the session and inspect the protocol in operation.
Near term: Integration of Stage 1 GRIDS at the credential surface you choose – partner and staff authentication, client portal, data-room access, inter-firm collaboration, or a defined subset. The protocol is open source. The cost is engineering time and any specific customisation, not licensing. QPQ IaaS AG is available to support the integration where the touch points are non-trivial.
Strategic: A firm that demonstrates to its clients that the credential surface holding their material has been eliminated holds a competitive position no firm still defending the existing architecture can match. For the highest-value engagements – the ones where a firm’s reputation for discretion is the asset the client is paying for – the architectural conversation is the conversation the firm wants to be having with its top-tier clients in the year ahead.
The full architectural argument: Un-White Paper
qpq.swiss · gajumaru.io · gajumining.com
Engineering credit: Ulf Wiger (CTO, formerly chief designer of Ericsson’s AXD 301), Craig Everett (CPO and GRIDS architect), Dimitar Ivanov (CDO, co-architect FATE virtual machine and Sophia smart-contract language).
QPQ AG (Industriestrasse 47, Zug) built the Internet of Economics architecture and holds the intellectual property. QPQ IaaS AG (Allmeindstrasse 17, 8840 Einsiedeln) is the integration counterparty for firms deploying GRIDS. Gajumaru and GRIDS operational since 22 October 2024. Main Net: 26 April 2026.