UK’s Mythos AI exposes systemic cybersecurity failures amid state-corporate surveillance expansion

Indigenous cybersecurity frameworks prioritize relational accountability over adversarial threat models, treating digital spaces as extensions of communal well-being rather than battlegrounds. The UK’s AI-driven approach mirrors colonial logics by framing security as a top-down, militarized endeavor, erasing Indigenous practices of collective governance and data sovereignty. For example, Māori data sovereignty principles (e.g., the 2020 Declaration on Indigenous Data Sovereignty) reject the commodification of threat intelligence, which Mythos AI implicitly enables.

The UK’s cybersecurity paradigm traces back to Cold War-era signals intelligence (SIGINT) programs, where GCHQ’s ECHELON system laid the groundwork for today’s AI-driven surveillance. Mythos AI’s 'multi-step infiltration challenge' echoes historical military exercises like the US’s 'Operation Eligible Receiver' (1997), which simulated cyberattacks to justify expanded defense budgets. This continuity reveals a pattern: cybersecurity crises are manufactured to sustain state-corporate control over digital infrastructure, with AI now serving as the latest justification for securitization.

In contrast to the UK’s state-led approach, Estonia’s cybersecurity model incorporates citizen participation through the 'Cyber Defense League,' blending military and civilian expertise. Meanwhile, India’s indigenous cybersecurity collectives, like the 'Free Software Movement,' emphasize open-source tools to resist corporate and state surveillance. These examples highlight how decentralized, community-driven models can address threats without reinforcing militarized AI paradigms.

AI-driven threat assessment tools like Mythos rely on datasets curated by defense contractors, which are prone to bias and lack transparency about their provenance. Peer-reviewed research (e.g., Raji et al., 2020) demonstrates that such systems often misclassify benign activities as threats, particularly in marginalized communities. The 'multi-step infiltration challenge' itself is a synthetic benchmark that may not reflect real-world adversarial tactics, which are increasingly adaptive and non-linear.

Artistic responses to cybersecurity, such as Trevor Paglen’s 'Machine Visions,' critique the aestheticization of surveillance under the guise of 'threat detection.' Indigenous artists like Hemi Macgregor (Ngāpuhi) use digital art to visualize data sovereignty, framing cybersecurity as a spiritual and cultural practice. Meanwhile, the 'hacker ethic' of early cyberculture—rooted in countercultural ideals of freedom and collaboration—has been co-opted into the Mythos narrative, obscuring its original anti-authoritarian roots.

If unchecked, Mythos AI could accelerate an arms race in AI-driven cyber warfare, where states and corporations deploy increasingly opaque tools to justify perpetual conflict. Scenario modeling by the Stockholm International Peace Research Institute (SIPRI) suggests that such systems may lead to 'autonomous escalation,' where AI misclassifies benign activities as attacks, triggering disproportionate responses. Conversely, a decentralized, open-source approach could democratize threat intelligence, reducing reliance on state-corporate monopolies.

Marginalized communities—including racialized minorities, LGBTQ+ activists, and Indigenous land defenders—are disproportionately targeted by AI-driven surveillance tools, yet their expertise in resisting such threats is excluded from narratives like Mythos AI. For example, Black Lives Matter organizers have documented how 'threat assessment' tools are used to criminalize protest, while Palestinian digital rights groups highlight how AI enables occupation through cyber warfare. The Mythos narrative frames these communities as 'threats' rather than as stakeholders in redefining cybersecurity.