Enterprise Security in the Agentic AI Era

Cyber Poverty Line

2 min read

Cyber Poverty Line

The Cyber Poverty Line, introduced by Wendy Nather, is the threshold below which an organization cannot field the resources (people, tooling, expertise, time) needed to defend itself adequately against current threats. The concept predates the Mythos era and has been cited across the cybersecurity-economics literature for years; it is surfaced in the Mythos-ready briefing as a load-bearing reason to invest in collective defense — ISACs, CERTs, sector coordinating groups, and standards bodies — especially when considering organizations that fall below the line.

Why It Matters in the Mythos Era

AI-driven vulnerability discovery widens the offense/defense capacity gap. Organizations above the Cyber Poverty Line can adopt VulnOps, deploy Claude Code Security / Codex Security / OpenAnt across their pipelines, build deception capabilities, and stand up automated response. Organizations below the line cannot. The Mythos-era response from the briefing’s lead authors is explicit:

“Engage now with sector coordinating groups, ISACs, CERTs, and standards bodies to share threat intelligence, coordinate response, and produce sector-specific guidance for this moment. Defenders must do the same and leverage our coordinating groups, especially when considering organizations that fall below the Cyber Poverty Line, as introduced by Wendy Nather.”Mythos-ready briefing, §II “Build Collective Defense Now”

Adjacent / Open

  • Quantitative threshold is not formally defined by Nather; it is a qualitative construct describing structural capacity deficit rather than a numeric metric.
  • Mythos-era refinement candidate: as AI defensive tools become accessible (e.g., free OpenAnt OSS scan; CCS expedited free access for OSS maintainers; OpenAI pro-bono Codex Security scanning for non-commercial OSS), the line itself may move. The briefing implicitly argues that capability below the line is rising via free / pro-bono / OSS tooling — but capacity (people, time, triage discipline) remains the binding constraint.

See Also

Graph View

Backlinks