MRIS assesses the 93 controls of ISO/IEC 27001:2022 Annex A (ISO/IEC 27002:2022) against AI-accelerated attacks — and names concrete compensating controls for every gap.
Mythos (Anthropic) was the first frontier AI model whose capabilities in an attacker’s hands fundamentally changed the security landscape. MRIS uses it as the reference threat model: every control is measured against an attacker with Mythos-level capabilities.
The time between a known vulnerability and its exploitation is shrinking toward zero.
Minutes, not days, pass between initial access and damage.
Attacks run in parallel and distributed to overwhelm the response.
Attack capability no longer depends on the actor's resources.
Each of the 93 controls from ISO/IEC 27001:2022 Annex A is assessed against the AI threat landscape. The result feeds directly into your risk assessment under ISO/IEC 27005.
Select a control from ISO/IEC 27002:2022. MRIS shows the flanking Myth-Hardening Controls (MHC) that close the gap.
Mappings per MRIS, Annex A/C. Excerpt of degraded and flanked controls.
Number of degraded controls each MHC flanks. Prioritization starts with the broadest impact.
Complete assessment of the 93 controls from ISO/IEC 27001:2022 Annex A, with gap analysis and MHC catalog.
DownloadPrioritization with Threat Priority Score, roadmap and RACI for the 13 MHC.
DownloadMRIS and the Implementation Guide are working aids for assessing the effectiveness of existing security controls. They assume an established ISMS and do not replace it. They do not constitute legal, compliance or certification advice, make no claim to completeness and establish no warranty. Use is at your own responsibility. Named standards, frameworks and trademarks belong to their respective owners.