Getting Ready for Mythos with Semgrep

Overview

The coverage of Mythos has been loud, and the signal is clear. As Semgrep CEO, Isaac Evans put it: "This trend favors offense, which means defenders will need to move faster, automate more aggressively and rethink how AppSec can keep up at scale." His most recent writeup about Mythos: Bad Takes, Facts, and Fear is worth a read, and I’m not just saying this because he’s my CEO.

You're already dealing with more findings than your team can realistically triage, more code being written by AI agents than by humans, and an attacker landscape that is moving faster than traditional security tooling was designed to handle. Below are four steps that you can take to prepare for a world of Mythos:

• Add the AI Security, Agent Skills, and Shadow AI rulesets to catch risky patterns in AI-generated code and malicious patterns in agent skill files.

• Install Semgrep Guardian into your AI coding agents to enforce your security policies the moment code is written, before it ever reaches version control.

• Enable Autofix to automatically generate fix PRs for SAST and SCA findings and close the gap between finding and fixing.

• Run your next scan and benefit from up to 50% faster scan speeds on large codebases, with no configuration needed (unless you’re using the CLI, then please update to latest).

Detect threats from AI-generated code

AI coding agents introduce a new class of risk that most security tooling wasn't built to handle. These agents suggest packages that don't exist, write patterns that pass review but fail under attack, and generate code faster than any human reviewer can keep pace with. To help you get ahead of this, we've shipped four new rulesets:

AI Security Rules (27 rules) catch risky patterns in AI-powered applications before they reach production. This includes prompt injection attacks where user input manipulates model behavior, unrestricted tool use that exposes shell access or data exfiltration paths, and unsafe integration patterns across common AI frameworks. We're releasing these now while actively iterating and expanding coverage, so your feedback directly shapes what comes next.

Add AI best practices rules

Agent Skills Rules (122 Pro rules) detect malicious patterns in AI agent skill files across Claude Code, Cursor, Windsurf, Codex, and Continue. These cover the specific techniques used in active campaigns targeting AI coding assistants: credential access, command execution, persistence mechanisms, and data exfiltration.

Add Agent skills rules

Shadow AI Rules (186 rules) span providers like OpenAI, Anthropic, Gemini, Cohere, Mistral, HuggingFace, LangChain, Bedrock, etc. Shadow AI rules help detect hardcoded API keys, missing safety guardrails (max tokens, content filtering, refusal handling), prompt injection risks, and insecure agent/tool configurations across Cursor, Claude Code, and Windsurf.

Add Shadow AI rules

Additionally, Semgrep provides coverage for a number of the OWASP LLM Top 10; Prompt Injection, Sensitive Information Disclosure, Improper Output Handling, Excessive Agency, System Prompt Leaker. See our new rules below and add them to your policy:

• LLM01: Prompt Injection 

  • skill-indirect-prompt-injection

  • anthropic-user-input-in-system-prompt-js

• LLM02: Sensitive Information Disclosure 

  • Skill-hook-credential-exfiltration

  • hooks-sensitive-file-access-bash

• LLM05: Improper Output Handling

  • Anthropic-no-error-handling-javascript

  • skill-hook-bash-reverse-shell

• LLM06: Excessive Agency 

  • skill-excessive-autonomy

  • claude-settings-bypass-permissions-generic

• LLM07: System Prompt Leakage 

  • Skill-system-prompt-extraction

Scan and fix AI-generated code the moment it's written

The Semgrep Guardian is a plugin that bundles three components; an MCP server, hooks, and skills. We ensure every line of AI-generated code is scanned against your org's policies before it ever reaches a pull request. 

Given the sheer amount of PR’s generated, combined with the amount of security vulnerabilities introduced by AI-generated code, fixing at PR time is too late. Semgrep Guardian installs directly into your AI coding agents, scans every file the moment it’s written, and enforces your defined security policies before any code reaches version control — without a ticket, without a backlog, and without asking developers to change how they work.

Available now for Claude Code, Cursor, Codex, Replit, and other LLM-based IDEs. It should take about five minutes to configure and deploy across your entire engineering fleet.

For Claude Code and Cursor users, simply add the Semgrep Guardian docs via the respective marketplace.

Full setup: Semgrep Guardian Setup

Close the gap between finding and fixing

More findings only create value if you can act on them. Autofix, now in public beta, automatically generates fix PRs for both static application security testing and software composition analysis findings, using context from the Semgrep Pro Engine. For dependency upgrades, it performs line-level breaking change analysis before the PR is created, so your developers can fix without the lingering concern of breaking something.

Use Autofix for SAST & SCA: What used to take 7 steps and days of cross-team coordination now takes 4 steps and minutes.

A partner you can count on

We continue to closely with the most popular foundation labs to get early access to new models before release. That early access is what allows us to build and test capabilities like the Agent Skills rules before threats become widespread. Semgrep was recently named one of OpenAI's Trusted Access for Cyber grant recipients. When the next model drops, you’ll be leveraging our insights and research from early access. 

Get results faster

While other vendors struggle to scale, Semgrep was built for the modern enterprise codebases. For teams running massive monorepos, traditional security tools have always been a bottleneck: slow scans mean delayed feedback, delayed feedback means vulnerabilities sit longer, and longer exposure windows mean more risk.

We've been investing heavily in scan performance, and customers are already seeing the results. We expect teams running large monorepos to see up to 50% reductions in scan time. P95 full scan times have already dropped from 15–20 minutes to under 8 minutes, with p99 now running consistently between 25 and 35 minutes.

For customers using the CLI, update to the latest. For those using Semgrep Managed Scanning, no action needed: your next scan is already faster.

And if you’re not a Semgrep customer, and you have a monorepo that currently takes about a day to scan, we can help. Today, we currently secure some of largest codebases in the world that could not be supported by other legacy and modern vendors.

Mythos, AI Harnesses, and Surviving the Next 12 Months of AppSec

Interested in learning more about how to get ready for Mythos? Join Dr. Katie Paxton-Fear, Isaac Evans and Kurt Boberg for a practical discussion on what tools like Mythos, Codex Cyber, and current-generation AI harnesses are capable of today, and what security teams should prepare for over the next 12 months.

They will cover what these systems find well, where they still fail, how attackers are already using publicly available AI tooling, and why strong security fundamentals still matter more than panic-buying new products.

The goal is simple: leave with a clearer understanding of the current state of AI-assisted security work and a practical plan for what your organization should do next.

Sign up for the Webinar