We've seen this question doing the rounds since the Mythos announcement. And honestly? It's a fair one.
A frontier AI model that excels at cybersecurity reasoning, available via API, at a fraction of what you'd pay a human analyst. On paper, it looks like game over for managed security.
It's not. Here's why.
The Cost Isn't What You Think It Is
$125 per million tokens sounds cheap until you do the maths for continuous protection. A single endpoint generating logs, alerts, and telemetry around the clock will burn through tokens at a rate most businesses haven't budgeted for. Now multiply that across your estate. Add in the context windows needed for meaningful threat correlation.
You're not looking at a few hundred quid a month. You're looking at a runaway cloud bill that makes your current security spend look modest. And that's before you account for the retry loops, the re-prompting when outputs miss the mark, and the duplicate processing when context windows overflow. Token economics at scale are brutal.
Token Cost Estimator
Drag the sliders to estimate your monthly AI security spend.
Estimate excludes retry loops, context overflow re-processing, and output token costs. Real-world spend is typically 2-4× higher.
Plugging It In Isn't Plug and Play
Who's building the integrations? Who's writing the prompts that actually matter? Who's connecting Mythos to your Microsoft 365 tenant, your firewall logs, your EDR telemetry, and making sure the outputs are actionable rather than just impressive?
Most small and medium businesses don't have a DevOps function, let alone a security engineering one. The gap between "access to the model" and "protected business" is enormous.
Context Is Everything. Most Businesses Don't Have It
Mythos can reason about cybersecurity brilliantly. But it needs the right questions. It needs structured data. It needs someone who understands what a suspicious OAuth grant looks like versus a legitimate one, what a credential stuffing pattern means for your specific environment, or why that PowerShell execution chain matters at 3am on a Sunday.
Without operational security context, you're asking a genius to solve a problem you can't describe properly.
An LLM Doesn't Hold Accountability. An MSSP Does
When a breach happens, and statistically it will, who owns the response? An API doesn't sit on an incident call with your insurer. It doesn't produce the forensic report your regulator demands. It doesn't carry professional indemnity.
Cyber Essentials, ISO 27001, GDPR, the ICO: none of them accept "we had an AI watching" as a valid control. Accountability requires a human chain of responsibility. That's not a limitation of the technology. That's the reality of operating a business in a regulated environment.
Attackers Will Use the Same Models Against You
This is the part that doesn't get discussed enough. Every capability Mythos gives a defender, it hands to an attacker too. Phishing at scale with perfect grammar and localised context. Automated reconnaissance. Polymorphic payloads generated on the fly.
The threat landscape doesn't stay still while you figure out your prompt engineering. It accelerates. And when both sides have the same weapon, the differentiator isn't the tool. It's the operator behind it.
Hallucinations in Cybersecurity Aren't Just Wrong. They're Dangerous
In most use cases, a hallucination is an inconvenience. In security, it's a missed detection. A false negative that lets a threat actor dwell in your environment for weeks. Or worse, a false positive that sends your team chasing ghosts while the real compromise goes unnoticed.
Validating AI output in a security context requires someone who already knows what right looks like. If you had that person in-house, you probably wouldn't be looking at DIY AI security in the first place.
The Maintenance Burden Is Invisible Until It Isn't
Day one, everything works. Day thirty, your log formats have changed, your cloud provider updated their API schema, a new CVE dropped that your prompt library doesn't account for, and the model version you built around has been deprecated.
Security tooling isn't a project. It's a programme. It demands constant tuning, testing, and iteration. MSSPs absorb that operational overhead because it's our core business. For a small business, it's a side task that quietly rots until something breaks.
| Capability | DIY AI (LLM API) | MSSP + AI |
|---|---|---|
| 24/7 Monitoring | You build it | Included |
| Integration Engineering | You build it | Included |
| Incident Response | No accountability | SLA-backed |
| Regulatory Compliance | Not covered | ICO / CE / ISO ready |
| Threat Context | Generic | Environment-specific |
| Ongoing Maintenance | Your burden | Absorbed |
| Cost Predictability | Variable / runaway | Fixed monthly |
MSSPs aren't threatened by this. We're accelerated by it. The MSSPs paying attention are already integrating models like Mythos into their detection pipelines, triage workflows, and threat intelligence processes. We bring the context, the integrations, the 24/7 operational discipline, and now we layer AI on top to work faster and sharper than ever before.
AI doesn't replace the analyst. It replaces the inefficient analyst. And it makes the good ones dangerous.
If you're a small or medium business thinking about strapping an LLM to your infrastructure and calling it security, think again. The model is a tool. The protection is a service. That's what we do.
Need Managed Security That Actually Works?
313SEC provides MSSP services to businesses from our Cardiff SOC. AI-augmented. Human-accountable.
TALK TO 313SEC →