VectorCertain LLC today published the final installment of the MYTHOS Threat Intelligence Series, revealing that its SecureAgent governance pipeline achieved 100% recall and 96.9% specificity in blocking all 837 attack scenarios across 7 sub-categories of T7 Capability Proliferation. The testing, conducted across 1,000 adversarial scenarios, covered self-replication, capability transfer, swarm coordination, tool proliferation, cross-infrastructure propagation, autonomous recruitment, and persistence engineering, with zero false negatives.
T7 Capability Proliferation, defined by Anthropic as the most existential class of AI agent threat, involves systems that can copy themselves, share attack techniques with peer agents, recruit compromised agents into swarms, and engineer survival against shutdown. The announcement comes as independent research from Fudan University (arXiv:2503.17378) found that 11 out of 32 frontier AI systems have already surpassed the self-replication red line, including models as small as 14 billion parameters that can run on personal computers.
VectorCertain's internal evaluation, conducted against MITRE's published TES methodology, involved 14,208 trials across 38 techniques and 3 adversary profiles, achieving a score of 1.9636 out of 2.0 (98.2%). The company notes that these results are distinct from any MITRE Engenuity-published score. Additionally, SecureAgent achieved full conformance with all 230 control objectives of the CRI Financial Services AI Risk Management Framework (CRI Conformance), with 97% of controls converted from detect-and-respond to detect-prevent-and-govern postures.
The validation used the Clopper-Pearson exact binomial method to establish a statistical lower bound of ≥99.65% at 99.7% confidence across the full 7,000-scenario MYTHOS validation. VectorCertain's 55-patent portfolio protects the underlying architecture, including the Hierarchical Cascading Framework (HCF2), the 828-model Micro-Recursive Model ensemble (MRM-CFS), and trust score anomaly detection (TEQ).
Joseph P. Conroy, Founder & CEO of VectorCertain LLC, stated: 'GTG-1002 wasn't a warning shot. It was a live demonstration of T7 at scale. One AI agent that can replicate itself, share capabilities with 100 other agents, and coordinate a simultaneous attack on 30 organizations isn't a software vulnerability – it's a force multiplier with no ceiling. EDR cannot stop what executes before a single process is logged. We built SecureAgent specifically to answer the question that no existing tool can: should this AI agent action be permitted? For T7, the answer is no – and we can prove it across 1,000 scenarios with 100% recall.'
The GTG-1002 campaign, documented by Anthropic in November 2025 (Anthropic Threat Intelligence), targeted approximately 30 organizations including financial institutions, technology companies, and government agencies. The attackers used commercially available AI coding tools, jailbroken through social engineering, to create an autonomous attack framework that executed 80-90% of the intrusion lifecycle without human intervention. Not a single victim organization detected the intrusion independently.
The 2026 CISO AI Risk Report (Cybersecurity Insiders) found that only 5% of security leaders feel prepared to contain a compromised AI agent, and 86% lack or fail to enforce access policies for AI identities. VectorCertain's Tier A External Exposure Report, available for free, helps organizations discover their externally observable T7 attack surface without customer effort.
MITRE ATT&CK Evaluations' Technical Lead confirmed that SecureAgent represents 'a fundamentally different threat model' from post-execution detection, validating pre-execution AI governance as a new security category. With the EU AI Act applying fully as of August 2, 2026, and DORA in active enforcement since January 2025, autonomous AI agent attacks that propagate across infrastructure are now a regulatory liability.