A new generation of models is forcing security and engineering teams to ask harder questions about cost, operating model fit, and who in the organization actually benefits.

Models like Mythos represent a potential inflection point in how AppSec gets done, but potential isn't the same as impact. The gap between a capable model and a meaningful change to your security posture depends on how it fits into your SDLC, what it costs at scale, and whether your team has the skills to extract real signal from it. For most organizations, those questions are still largely unanswered.

This session brings together leaders who've spent time with Mythos, alongside other frontier and open models, to cut through the noise. We'll examine where Mythos actually stands in the model landscape, how it interacts with existing AppSec tooling and controls, and — if budget forced a tradeoff — where the rational cuts are. We'll also take on the harder organizational questions: whether this model shift is quietly transferring security ownership into engineering, and whether these tools deliver meaningful value in the hands of your average developer or security practitioner, or whether they still require seasoned, multi-disciplinary expertise to get anything real out of them.

Key topics this session will cover:

1. How Mythos compares to other frontier and open models — real bang-for-the-buck versus the hype
2. Where Mythos fits (and doesn't) in the SDLC, including the honest math on token costs at scale
3. Which traditional controls start to look redundant, and which don't
4. How to think about stack tradeoffs if budget forces a choice between AI-native capabilities and existing tooling
5. Whether this model shift is accelerating the transfer of security ownership into engineering teams
6. The talent question: are these tools genuinely accessible to generalist developers and security practitioners, or do you need seasoned AppSec and purple team depth to get real value?