diff --git a/domains/ai-alignment/ai-cyber-offense-capability-cliff-mythos-181x-exploit-improvement.md b/domains/ai-alignment/ai-cyber-offense-capability-cliff-mythos-181x-exploit-improvement.md
index 95c09b124..be0e041e0 100644
--- a/domains/ai-alignment/ai-cyber-offense-capability-cliff-mythos-181x-exploit-improvement.md
+++ b/domains/ai-alignment/ai-cyber-offense-capability-cliff-mythos-181x-exploit-improvement.md
@@ -17,3 +17,10 @@ related: ["ai-lowers-the-expertise-barrier-for-engineering-biological-weapons-fr
 # Claude Mythos Preview's 181x improvement over Claude Opus 4.6 in autonomous Firefox exploit development represents an emergent capability cliff in AI-enabled cyber offense produced without explicit training
 
 Anthropic's red team evaluation documented that Claude Mythos Preview achieved 181 successful exploit developments for Firefox JavaScript engine vulnerabilities compared to only 2 from Claude Opus 4.6—a 90x improvement in a single model generation. This is not an incremental capability gain but a step-change that renders the predecessor effectively useless for this application. Critically, Anthropic stated: 'These capabilities weren't explicitly trained, but emerged as a downstream consequence of general improvements in reasoning and code generation.' The model also identified zero-day vulnerabilities in OpenBSD (27 years old) and FFmpeg (16 years old) that automated fuzzing had missed millions of times, and demonstrated autonomous exploit construction without human intervention through researcher-built scaffolds. The capability extends to reverse engineering (reconstructing plausible source code from stripped binaries) and complex exploitation chains (JIT heap spray escaping both renderer AND OS sandbox in a single chain). This represents exactly the kind of emergent capability that makes alignment-by-specification fragile: a capability cliff appearing without being explicitly trained for, not predicted from prior model performance, and eliminating the expertise barrier for offensive cyber operations.
+
+
+## Extending Evidence
+
+**Source:** Sysdig Mythos analysis, April 2026
+
+Sysdig's analysis adds specific vulnerability discovery examples: 27-year-old OpenBSD and 16-year-old FFmpeg vulnerabilities that fuzzing missed millions of times, plus autonomous exploit chains combining multiple vulnerabilities without human intervention. The 250-CISO briefing indicates professional security community consensus that existing threat models are obsolete.
diff --git a/domains/ai-alignment/ai-cyber-offense-capability-proliferates-within-9-12-months-following-four-minute-mile-dynamic.md b/domains/ai-alignment/ai-cyber-offense-capability-proliferates-within-9-12-months-following-four-minute-mile-dynamic.md
new file mode 100644
index 000000000..7d905b841
--- /dev/null
+++ b/domains/ai-alignment/ai-cyber-offense-capability-proliferates-within-9-12-months-following-four-minute-mile-dynamic.md
@@ -0,0 +1,19 @@
+---
+type: claim
+domain: ai-alignment
+description: Sysdig's analysis projects Mythos-class autonomous vulnerability discovery will be widely distributed within 9-12 months, creating a specific governance timeline window
+confidence: experimental
+source: Sysdig analysis, based on prior AI capability proliferation patterns and four-minute mile metaphor
+created: 2026-05-12
+title: AI cyber offense capabilities proliferate from restricted frontier labs to broad availability within 9-12 months of capability demonstration following the four-minute mile dynamic where demonstrated possibility accelerates replication
+agent: theseus
+sourced_from: ai-alignment/2026-04-xx-sysdig-mythos-four-minute-mile-cyber-offense.md
+scope: structural
+sourcer: Sysdig
+supports: ["voluntary-safety-pledges-cannot-survive-competitive-pressure-because-unilateral-commitments-are-structurally-punished-when-competitors-advance-without-equivalent-constraints"]
+related: ["ai-lowers-the-expertise-barrier-for-engineering-biological-weapons-from-PhD-level-to-amateur-which-makes-bioterrorism-the-most-proximate-AI-enabled-existential-risk", "ai-cyber-offense-capability-cliff-mythos-181x-exploit-improvement", "ai-offensive-cyber-capabilities-favor-attackers-during-transition-window", "cyber-is-exceptional-dangerous-capability-domain-with-documented-real-world-evidence-exceeding-benchmark-predictions", "frontier-ai-models-achieve-autonomous-multi-stage-network-attack-completion-in-government-evaluation"]
+---
+
+# AI cyber offense capabilities proliferate from restricted frontier labs to broad availability within 9-12 months of capability demonstration following the four-minute mile dynamic where demonstrated possibility accelerates replication
+
+Sysdig frames Mythos as a capability threshold event using the 'four-minute mile' metaphor: Roger Bannister's 1954 sub-four-minute mile broke a psychological barrier, and once broken, dozens replicated it within two years. The analysis projects '9 to 12 months before advanced cyber-reasoning capabilities become widely distributed.' This timeline is critical for governance: any mechanism requiring more than 9-12 months to establish is structurally behind the proliferation curve. The 250-CISO briefing described existing threat models as 'obsolete,' suggesting professional consensus that Mythos represents a fundamental shift. The projection is based on observed AI capability proliferation patterns, not historical data, making it experimental confidence. The governance implication is stark: the window for defenders to catch up is measured in months, not years.
diff --git a/domains/ai-alignment/ai-offensive-cyber-capabilities-favor-attackers-during-transition-window.md b/domains/ai-alignment/ai-offensive-cyber-capabilities-favor-attackers-during-transition-window.md
index 4d041b118..dddb98fa7 100644
--- a/domains/ai-alignment/ai-offensive-cyber-capabilities-favor-attackers-during-transition-window.md
+++ b/domains/ai-alignment/ai-offensive-cyber-capabilities-favor-attackers-during-transition-window.md
@@ -18,3 +18,10 @@ related: ["verification-is-easier-than-generation-for-ai-alignment-at-current-ca
 # AI-enabled offensive cyber capabilities currently favor attackers over defenders because the time to discover and weaponize vulnerabilities has compressed from weeks to overnight while organizational patch cycles have not accelerated
 
 Anthropic frames the Mythos capability as a 'transitional period' where 'offense currently ahead of defense.' The mechanism is specific: non-experts can now ask Mythos to find remote code execution vulnerabilities overnight and receive a complete working exploit by morning—compressing what previously took weeks of expert work into hours of automated discovery. Meanwhile, organizational patch cycles remain unchanged: Anthropic found over 271 Firefox vulnerabilities through Project Glasswing with less than 1% patched at time of writing. Pentagon CTO Emil Michael characterized this as a 'national security moment,' and Anthropic explicitly urges organizations to 'shorten patch cycles, adopt AI-powered defensive tools, restructure vulnerability response.' The restriction is explicitly temporary, not permanent, with an 'eventual goal to enable users to safely deploy Mythos-class models at scale—for cybersecurity purposes but also for myriad other benefits' once safeguards exist. This creates a race condition: can defensive infrastructure and organizational processes accelerate before adversaries gain comparable offensive capability? The transition window exists because capability deployment is asymmetric—offense can be automated immediately while defense requires organizational change.
+
+
+## Supporting Evidence
+
+**Source:** Sysdig Mythos analysis, April 2026
+
+Sysdig's 9-12 month proliferation estimate provides specific temporal bounds for the transition window. The 'current governance cycles were designed for a slower threat environment' statement confirms the structural mismatch between governance speed and capability proliferation.
diff --git a/domains/ai-alignment/security-organizations-shift-from-approval-gates-to-guardrails-as-autonomous-threat-response-eliminates-human-decision-loops.md b/domains/ai-alignment/security-organizations-shift-from-approval-gates-to-guardrails-as-autonomous-threat-response-eliminates-human-decision-loops.md
new file mode 100644
index 000000000..991e5d3a2
--- /dev/null
+++ b/domains/ai-alignment/security-organizations-shift-from-approval-gates-to-guardrails-as-autonomous-threat-response-eliminates-human-decision-loops.md
@@ -0,0 +1,19 @@
+---
+type: claim
+domain: ai-alignment
+description: Sysdig's analysis indicates security professionals are adapting to Mythos by removing humans from approve-every-action loops, driven by both economic forces and threat response needs
+confidence: experimental
+source: Sysdig analysis, 250-CISO briefing content
+created: 2026-05-12
+title: Security organizations are shifting operational models from human approval gates to autonomous systems with guardrails because threat response speed requirements eliminate human decision loops
+agent: theseus
+sourced_from: ai-alignment/2026-04-xx-sysdig-mythos-four-minute-mile-cyber-offense.md
+scope: functional
+sourcer: Sysdig
+supports: ["economic-forces-push-humans-out-of-every-cognitive-loop-where-output-quality-is-independently-verifiable"]
+related: ["approval-fatigue-drives-agent-architecture-toward-structural-safety-because-humans-cannot-meaningfully-evaluate-100-permission-requests-per-hour", "economic-forces-push-humans-out-of-every-cognitive-loop-where-output-quality-is-independently-verifiable"]
+---
+
+# Security organizations are shifting operational models from human approval gates to autonomous systems with guardrails because threat response speed requirements eliminate human decision loops
+
+The Sysdig analysis describes an operational model shift: 'from human-paced response to autonomous systems requiring guardrails rather than approval gates.' This is presented as one of six critical actions rated 'start this week' for organizations. The 250-CISO briefing content suggests this is not just commentary but an organized professional response where security leaders are being formally briefed that their existing threat models are obsolete. The shift is driven by two converging forces: economic pressure (humans cannot meaningfully evaluate responses at machine speed) and threat response requirements (autonomous cyber offense requires autonomous defense). This represents governance change driven bottom-up by practitioners rather than top-down by regulators. The continuous patching requirement shifts from optional to mandatory, indicating structural change in security operations.
diff --git a/inbox/queue/2026-04-xx-sysdig-mythos-four-minute-mile-cyber-offense.md b/inbox/archive/ai-alignment/2026-04-xx-sysdig-mythos-four-minute-mile-cyber-offense.md
similarity index 97%
rename from inbox/queue/2026-04-xx-sysdig-mythos-four-minute-mile-cyber-offense.md
rename to inbox/archive/ai-alignment/2026-04-xx-sysdig-mythos-four-minute-mile-cyber-offense.md
index 9a36957f4..4246f0122 100644
--- a/inbox/queue/2026-04-xx-sysdig-mythos-four-minute-mile-cyber-offense.md
+++ b/inbox/archive/ai-alignment/2026-04-xx-sysdig-mythos-four-minute-mile-cyber-offense.md
@@ -7,10 +7,13 @@ date: 2026-04-01
 domain: ai-alignment
 secondary_domains: []
 format: article
-status: unprocessed
+status: processed
+processed_by: theseus
+processed_date: 2026-05-12
 priority: medium
 tags: [Mythos, cybersecurity, capability-threshold, four-minute-mile, proliferation, offense-defense, zero-day, CISO-briefing]
 intake_tier: research-task
+extraction_model: "anthropic/claude-sonnet-4.5"
 ---
 
 ## Content