How much does it cost to hire a 24/7 “digital worker”?

(Hint: Less than you thought – (as long as the US government will let you)

This week, the internet was abuzz for two reasons around the same topic: first, the launch of Anthropic's Claude Mythos 5, and Claude Fable 5 (the new API version from Anthropic), and second, the huge drama of the last 76 hours. In which the US government activated a 'special order' called an Export Control Directive Order for national security reasons, which temporarily blocked access to the model for users outside the US.

Why are US national security officials so afraid of the new generation of AI?

Because beyond the technological buzz, the real revolution that Mythos brings here is not only economic significance at the level of a new economy, but operational, and most importantly – autonomous, independent, investigating and correcting on its own and in a controlled manner for the best results.

We are no longer talking about a chatbot that waits for a prompt, but about 'autonomous agents' (Agentic AI) that operate according to Your full instructions. You give them a complex task to perform when the Orchestrator is in the cloud, close the laptop, and the agents continue to work in the background for you without stopping, they can also audit, repair themselves and produce corrected products in the background, and operate 24/7 without rest - it's like a Super-employee, you just need to understand for a moment at the Fin AI Ops level how much it costs us, or shoot accurately - how much will this task cost?

To understand this incredible power (and risk) that the Americans are trying to stop others' access to, let's talk in numbers and a figure that will surprise you: "ROI" (it's more correct to look at the ROV):

Let's say you are a company that manages 10,000 supplier contracts (each contract is an average of 5 pages), and a new regulatory requirement has arisen that requires you to review all previous agreements and, in some of them, to make changes and adjustments. You assign the agent a task: "Go through all contracts (average about 4,000 tokens per contract), identify exceptions (let's estimate that 60% require treatment), and draft a customized email to the supplier with an updated agreement.

Want an example from the world of cyber risk management and information security?

Take the same logic and apply it to scanning and mapping 10,000 configuration files, cloud permissions (IAM), or vulnerability reports from the SOC. The agent scans everything autonomously, identifies architectural exceptions, and for 60% of cases that require correction – automatically drafts accurate remediation instructions for the development teams.

What does the economic calculation (Fin AI Ops) look like according to the Fable 5 API pricing?

1️⃣ Analysis and scanning stage (Input) - processing of 10,000 files/contracts = 40 million tokens.
💰 Cost: $400

2️⃣ Output stage - drafting 6,000 emails/repair instructions (approx. 500 tokens per output) = 3 million tokens.
💰 Cost: $150

📉 Bottom line: A huge project of risk mapping, diagnosis, and drafting instructions for 10,000 entities, or going over contracts and sending emails for signature in an addendum or renewed contract, ends at a cost of only $550 (around 2,000 NIS). This is a break-even point, in a few hours of work in the cloud, with the laptop closed in a briefcase.

For SMB organizations, this means saving hundreds of hours of exhausting manual work in operational operations or information security; for enterprise organizations, it is months of work by a skilled and professional team. The ability to carry out projects that we previously gave up on due to the required resources with an autonomous system breaks all possible imagination. The future of organizational automation is no longer "If a character in the code changes - the automation will stop", but automation through an intelligent system, a system that knows how to exercise discretion and manage risks from end to end autonomously and in conjunction with the instructions defined for the agent without deviating - this is already a new organizational concept.

Entropic is far from alone in the campaign - Google with Gemini Spark and OpenAI with Codex are deep in a world war over your corporate servers.

What does the full agent map of 2026 look like, what are the differences between the models, and how does the latest geopolitical event affect your strategy?

--------------------------------------

The Age of Superagents: The 2026 Autonomous Roadmap – Between Anthropic, Google and OpenAI

The most advanced AI and language models (LLMs) recently launched (June 2026) by Anthropic – the Claude Fable 5 and Claude Mythos 5 – have reignited the question: what are these tools, what can be done with them, and are they the only ones on the market or is this new architecture already offered by other tech giants?

In this article, we will take a look at the global map of autonomous agents.

The Basics: What is a “Mythos-class”?

These are two versions of the same powerful base model, which differ mainly in their safety filtering system (Guardrails) and their target audience.

Both models represent a leap forward in the capabilities of "autonomous agents" (Agentic Work) - that is, the ability to work on complex projects that last days or weeks, repair themselves, run sub-agents, and audit their own work without close human supervision.

1. Claude Fable 5 (Public Version)

The most powerful model that Anthropic has released to its customers. Includes strict security layers that filter and pass to an alternative model (such as Opus) very sensitive queries in the fields of offensive cyber or biology.

* Complex and autonomous software development - The model excels at performing huge code migrations (converting entire libraries or changing architecture and code), writing tests for itself, and running independent rounds of fixes.

* Multi-step research and data analysis - building a work plan, analyzing PDF files, graphs and tables (thanks to advanced vision capabilities), and producing a nearly finished product.

* Long-term work with AI agents - integrating the model into agent systems (like Claude Code) for long-term background tasks that require deep memory of the project context.

2. Claude Mythos 5 (Secure/Government Version)

A core model created without the safety filters and automatic classifications in the fields of cyber and biology. As a result, access to it is completely blocked to the general public and limited to approved entities only (such as the US government and leading medical research organizations).

* Advanced Cybersecurity: Threat analysis, identification of complex security vulnerabilities in code, and simulation of attacks for defense purposes (such as Red Teaming) at the highest national level.

* Scientific and biomedical research: Analysis of molecular structures, genetic research, and analysis of complex clinical data in the life sciences without system blockages.

🚨 Critical current update - Following an Export Control order issued by the US government for national security reasons, Anthropic was forced to temporarily and immediately disable access to Fable 5 and Mythos 5 for anyone who is not a US citizen. This incident proves to what extent these autonomous capabilities are now seen as a strategic weapon for everything.

Is Anthropic the only one offering autonomous agents?

Absolutely not! We are in the midst of a global war between the tech giants, all of whom have moved from a simple “chatbot” experience to a model of independent agents running 24/7 in the cloud. 2026 is the year of the corporate “superagent.” Here's what the major competitors currently offer:

1. OpenAI (Codex ecosystem and GPT-5.5)

OpenAI has the core models that power the enterprise Codex system (which Gartner has declared a global market leader).

How does it work?

Following the acquisition of 'Ona', a company specializing in secure cloud infrastructure for running long-term agents, the user assigns the agent a task (such as a cross-platform version update for all applications in the organization), and the agent runs for days in an isolated, secure cloud environment (Sandbox).

• The economic angle reveals OpenAI's collaboration with Visa presents the vision of "Agentic Commerce" - agents who can not only write but actually make payments and purchases on behalf of the organization, under predefined budget constraints.

2. Google too (Google Workspace & Cloud Platform - the Gemini Spark era),

Google plays a very strong card of "everything under one roof". At its last conferences this year (Cloud Next and I/O 2026 - which I reviewed in previous posts), they rebranded the entire Google Workspace around agents.

How does it work?

Google launched Gemini Spark (based on Gemini 3.5 models and the Antigravity management system). This is an agent that runs 24/7 on Google Cloud virtual machines without the need for an open local computer.

* The special connection to Workspace - using a tool called Workspace Studio, a business user can define complex automations in simple language: "Every Friday, scan emails from customers, update the Tracker in Google Sheets, and open a task in Jira if there is a critical complaint" that comes in. This artificial but 'natural' integration runs the agents in Google's secure environment with built-in connections to third-party entities (like Salesforce).

3. The traditional giants (Salesforce, Microsoft, IBM)

These companies They usually don't develop the base model from scratch (using Google, Entropic, or OpenAI models), but they have built the dedicated platforms that allow these agents to run on internal organizational data securely.

What to choose?

The choice of companies today depends entirely on their architecture and internal needs:

• Convenience and integration - Companies that sit firmly on Google Workspace will choose Gemini Spark because of its unbeatable convenience and built-in connection to everyday organizational tools.
• Development, cyber, and complex tasks - Complex development, infrastructure, and cyber teams will prefer OpenAI Codex, or Claude Fable 5 (when regulatory restrictions are lifted), which present the highest level of autonomous thinking, problem-solving, and bug-fixing capabilities on the market.

Now that you better understand the competitive landscape and the tremendous capabilities of the new tools on the market and the 'age of agents,' you are ready to get started and plan your strategy for the coming year.

#Agentic_Commerce #Gemini_spark #Claude_Fable_5 #OpenAI_Codex #ClaudeMythos5 #Cybersecurity #RiskManagement #AI #Google_spark_AI #CybersecurityRisks #RiskManagement #Anthropic #ClaudeFable5 #TechLeadership #AgenticAI

🛡️ Trump’s 2026 Cyber Strategy: From Passive Defense to "Offensive by Design"

On March 6, 2026, the White House released "President Trump's Cyber Strategy for America." This isn't just an internal policy update; it’s a global shift in the digital balance of power with massive implications for the Israeli cyber ecosystem.

As threats from China, Russia, and Iran escalate—fueled by AI and quantum breakthroughs - the U.S. is moving the goalposts.

1. The Paradigm Shift: Offensive-Active Defense

The strategy moves away from waiting for breaches. The new mantra? Detect, confront, and defeat. * The Goal: Disrupt adversary networks before they touch critical infrastructure.

• The Israeli Context: For a nation leading in defense tech, this is a green light for deeper intelligence sharing and more aggressive joint operations against common enemies.

2. Six Pillars of Modern Warfare

The document outlines a clear roadmap for global cyber resilience:

• Infrastructure Hardening: Prioritizing energy, finance, and health systems while securing the entire supply chain.

• Post-Quantum & Zero-Trust: A total modernization of federal systems to stay ahead of the "Quantum leap."

• AI-Driven Defense: Leveraging AGI to automate threat identification and rapid recovery.

• Simplified Regulation: Removing "compliance burdens" to let the private sector innovate faster.

• Resource Allocation: Incentivizing the private sector to actively disrupt adversary campaigns.

• Workforce as a Strategic Asset: A massive push to bridge the gap between academia, military, and industry.

3. The "Missing Link": Strategic Leadership

A critical takeaway from the report is the global shortage of strategic cyber managers. We have plenty of technical experts, but a "dearth of strategic managers" who can blend deep technical knowledge with academic management skills.

“The cyber workforce is a strategic asset... we must eliminate roadblocks between industry and academia.”

For Israel’s rapidly growing industry, "low-level management" is a liability. To implement these complex strategies, we need leaders who understand risk-based business processes, not just data logs.

4. Unleashing Innovation through Security

The strategy argues that by making networks more resilient and disrupting threats, we actually unleash economic growth. It’s a balance of:

• Fairness: Distributing the cost of defense across the U.S. and its democratic allies.

• Values: Ensuring privacy and ethical security are built-in "by design."

---

The Bottom Line

This document is a "Call to Action." It changes how regulators will act and how future partnerships will be built. For Israel and the global community, the message is clear: Adopt a risk-based, offensive-active posture or get left behind.

What do you think? Is the Israeli industry ready to shift from "passive defense" to "offensive-by-design," or are we still lagging in strategic leadership?

---

Next steps I can take for you:

• Would you like me to generate a "hook" or intro specifically for a LinkedIn post?

• Should I create a summary table of the KPIs (Measures of Success) mentioned in the document?

The Evolution of Enterprise Defense Strategy SOC Vs. MDR Vs. ITDR

 Integrating MDR and ITDR Systems to Address the 2026 Threat Landscape

The 2026 cyberspace presents CISOs with complex challenges that require a fundamental paradigm shift in the concept of enterprise defense [Planning {and Risk Management}, Guidance, Compliance, Protection and Control {SOC}]. The traditional concept of a physical or networked “Perimeter” has almost completely disappeared with the massive shift to hybrid work, where the user works with multiple work dimensions, increasing use of distributed cloud infrastructures and widespread adoption of SaaS cloud services. Today, digital identity has become the first and main line of defense, with attackers focusing more on identity theft and privilege updates and less on using “break-in” techniques through complex firewalls. The attacker’s connection to systems using stolen credentials makes Identity and Access Management (IAM) one of the most critical and central challenges for the CISO, as it renders almost all “traditional” access controls ineffective once the adversary is already “inside” with valid credentials, requiring a dramatic shift to Zero Trust models, with anomalous behavior detection becoming a must-have tool. Therefore, it is important to examine the critical need to combine Managed Detection & Response (MDR) and Identity Threat Detection and Response (ITDR) technologies, examining the synergistic relationships between them and deciding whether they are two separate solutions or a unified defense fabric.

 

Changing the Face of the Perimeter: Networked Identities for Digital Entities

In the past, the mission of protecting the organization focused on fortifying the local network. The point of contact with the outside world was well-defined through routers and firewalls. However, digital transformation has accelerated processes where every endpoint, browser and user account is effectively a “node” in the corporate network. In 2026, the complexity of these environments has been exacerbated by the use of generative artificial intelligence (Generative AI), which allows attackers to create incredibly sophisticated and accurate phishing campaigns.

Data indicates that over 90% of cyber incidents originate from human behavior, whether it is an innocent mistake or the exploitation of social engineering. With stolen identities at the root of approximately 88% of security breaches, it is clear that traditional tools such as EDR (Endpoint Detection and Response) no longer provide complete protection, as they focus on what is happening inside the physical machine and less on the misuse of user identities in the cloud.

Threat Trend Analysis and Their Impact on the CISO Role

Threat Trend Mechanism of Action Impact on the Organization Required Response

Identity Theft and Use of Access Credentials Use of Info-stealers and AI-Based Phishing Bypassing Traditional MFA Mechanisms and Direct Access to Data Phishing-Resistant ITDR Systems and Authentication

AI-Based Attacks Creating Polymorphic Malware and Adjusting Campaigns in Real Time Reducing Dwell Time in Response to a Few Hours Continuous Monitoring and Automated Response (MDR)

Exploiting Misconfigurations in the Cloud/On-Premises Identifying Over-Privileged and Dormant Accounts in SaaS 95% of Microsoft Entra ID Environments Were Set Up with Deficiencies Continuous Exposure Management (CTEM)

Supply Chain Attacks Harming Service Providers and Third Parties Exposing the Organization to Threats Through Trusted External Vectors Vendor Monitoring and Just-in-Time Access Control

 

MDR Systems: The Operational Response to Protect the Organization

For For the modern CISO, protecting the organization is not just about acquiring technology, but about managing response capabilities around the clock. This is where Managed Detection and Response (MDR) systems come into play. MDR services provide a layer of human expertise (managed SOC) running on top of EDR or XDR tools, enabling SMBs and enterprises to identify, investigate, and contain threats in real time.

The key benefit of MDR in 2026 and beyond is the shift from signature-based detection to behavior-based and anomaly-based detection. Using artificial intelligence, modern MDR systems are able to filter out background noise created by small events or false positives generated by systems and focus on the real threats. In this way, they reduce the “alert fatigue” of security teams. For small and medium-sized organizations, MDR is often the only way to achieve 24/7 coverage without having to keep people up at night or hiring expensive and hard-to-reach internal cyber analysts and staff.

 

The Dynamics of Modern MDR

The MDR protection process does not end with the identification of the malware. It includes a comprehensive forensic investigation to understand the source of the intrusion and the attacker's trajectory. In 2025 and 2026, Threat Exposure Management (TEM) models were introduced into MDR, transforming the service from proactive to predictive of threats before they occur.

The mathematical model of MDR protection effectiveness can be represented as follows:

 

Effectiveness = ({Visibility} x {Detection Accuracy}) / {Mean Time to Respond (MTTR)} 

The shorter the response time (thanks to automation and skilled analysts), the more potential damage to the organization decreases exponentially.

 

ITDR Systems: Securing “Identity” as the New Perimeter

While MDR focuses on the device and network plane, ITDR (Identity Threat Detection and Response) systems focus on the user plane. The need for ITDR stems from the fact that traditional security tools are often blind to actions taken by a legitimate identity that has been compromised/authenticated. ITDR is not a replacement for Identity Management (IAM) systems but a layer of protection that complements them by continuously monitoring user behavior and identifying attempts to escalate privileges or lateral movement in the cloud.

Modern ITDR systems are able to detect patterns such as “Impossible travel” (critical security alert triggered when a user account logs in from two geographically distant locations), logging in from several different countries in a very short period of time, use of stolen tokens, and suspicious changes to Active Directory or Entra-ID settings.

The importance of ITDR is especially emphasized in cloud environments and SaaS, where the multitude of applications and permissions creates a vast and invisible attack surface for regular network tools.

 

Comparing capabilities between the different layers of protection

The strategic decision: do you need both or one solution?

The main question for the CISO today is whether to purchase the best and most innovative ("Best-of-Breed") solutions, separate MDR and ITDR, or to strive for one unified platform (Unified Platform)?

The trend in 2025 among international SMBs clearly tended towards automatic integration. XDR (Extended Detection and Response) platforms, modern XDR systems have begun to implement ITDR capabilities as an integral part of them, with the understanding that a modern cyber event is almost always a combination of identity breach and endpoint breach. But today there is a tendency to locate MDR companies and perform a SHIFT to modern MDR products, some of which enable MDR capabilities combined with ITDR, and this is in the product spread that will lead in the coming year and even more.

The advantage of a single platform that combines automation, Human in the loop and identity control is in the ability to automatically correlate (coordinate) between events. For example, if the system detects a suspicious login by a user from abroad, the ITDR will detect, and at the same time a strange process is detected on that user's computer, EDR automation will be activated. The system can conclude with a high probability that it is an active attack and block it immediately using automation ((XDR, but the process is accompanied by professional human material that acts according to its capabilities, and a play book is configured to analyze and decide how to act, including notifying the customer and more. Such integration dramatically reduces the response time and the management burden on the security team.

Therefore, there are cases in which small as well as large and complex organizations will prefer an integrated and dedicated MDR solution that goes deeper at the solution level than a general EDR, especially when managing complex multi-cloud environments that require specific identity monitoring that is not fully supported by traditional vendors.

 

Artificial Intelligence and Automation: The Future of the Autonomous SOC

One of the most significant trends for 2025-2026 is the transition "Agentic SOC" – a security operations center based on autonomous AI agents. These agents are able not only to identify threats, but also to conduct initial investigations, collect evidence and suggest courses of action for human analysts. This technology allows the CISO to deal with the huge volumes of information generated as a result of the breakdown of every user action and every network traffic.

The use of AI is not limited to defense, attackers use it to create malware that is able to change its code to evade detection (Polymorphic Malware). Therefore, the protective system must have the ability to self-learn and predict attack vectors before they are even launched.

 

Return on Investment (ROI) in choosing modern security systems

Calculating the ROI of MDR and ITDR systems should take into account not only the cost of licensing, but also the cost of the potential damage prevented.

 

ROI = ({Estimated Breach Cost} x {Risk Reduction %}) / {Solution Cost}}

 

Organizations that implement a "Zero Trust" strategy combining MDR and ITDR compared to organizations with a ZTE and SOC or ZTE and EDR policy report very high average savings per incident, thanks to reduced exposure time and response accuracy.

Organizations without a ZTE model and without at least EDR are at "unreasonable" - or unreasonable - risk.

Summary and Recommendations for the Information Security Manager

The answer to the question of what the CISO needs today is one unambiguous interpretation!

He is required to combine the two capabilities. The protection of the organization (MDR) and an addition to the "identity" parameter (ITDR). Together they complement each other like two sides of the same coin. For most organizations, the right way is to look for an integrated MDR provider with built-in ITDR capabilities or deep integration with identity recognition tools.

 

The CISO or SMB organization owner should focus on three main axes:

1.      Full Visibility: Adopt solutions that unify signals from endpoints, network, cloud, and identities into a single picture.

2.      Velocity: Invest in AI-based automation to minimize MTTR (Mean Time to Recovery).

3.      Identity hygiene: Root out permissions, reduce dormant accounts, and adopt phishing-resistant MFA as the foundation upon which the ITDR system based on MDR rests.

In 2026, cybersecurity, like our physical security as a country, is no longer measured by the strength or thickness of literal “Fences” but by the system’s ability to understand who the user is, the context of the action they took, and how quickly they can respond when their identity becomes a weapon in the hands of an attacker. The transition to managed and intelligent systems is the only way to stay one step ahead of threats that are evolving at the speed of light.