Agentic Cloud Security: Shimon Tolts on Building the Context Moat

As Claude Mythos turns legacy backlogs into an instant liability, Copperhelm’s CEO explains why the ultimate defense against machine-speed exploits is a shift toward agentic cloud security. 

Architecting defense for the Mythos Era

In the security world, there are builders and “operators.” Shimon Tolts, Co-founder and CEO of Copperhelm, is a rare fusion of both. And he is the architect who foresaw the Mythos crisis. The arrival of Claude Mythos in April 2026 sharpened that problem considerably. When a frontier AI can autonomously identify and exploit a decades-old kernel vulnerability in minutes, the traditional 45-day patch window stops functioning as a safety measure. It becomes a liability.

The industry is still processing that shift. Shimon isn’t waiting. Moving beyond static severity scores toward a machine-readable defense that outpaces AI-driven attacks. After scaling platforms that process billions of events and founding the Kubernetes pioneer Datree, he recognized a fundamental disparity. Engineering teams integrated AI years ago, while security remained trapped in manual silos.

Now, in a rare sit-down with Digital Digest, Shimon breaks down the technical substrate of the Context Lake, the industry’s first real-time decision engine for agentic cloud security. By utilizing Reachability Graphs, Copperhelm builds a Context Moat that allows autonomous defenders to neutralize threats before a human analyst even receives an alert. 

The scaling veteran

Shimon’s track record reads like a roadmap of the modern cloud. From investigating high-stakes cybercrime in the IDF to his status as an AWS Community Hero and CNCF Ambassador.

You’ve spent nearly two decades at the intersection of infrastructure and security, scaling platforms that process billions of events. What was the breaking point you saw in legacy security tools that convinced you the industry needed a fundamental reboot? 

Shimon: The breaking point wasn’t just legacy tools failing; it was witnessing what is now possible for attackers to achieve with advanced AI like Mythos. We realized that human capacity simply cannot compete against AI-driven threats operating at machine speed, requiring a fundamental reboot to autonomous defense. 

As a leader of the Claude User Group and a YC alumnus, you’ve been at the forefront of the generative AI boom. Was there a specific moment where you realized that LLMs weren’t just for writing code, but could be the engine for autonomous defense? 

Shimon: The release of Claude Mythos was the ultimate catalyst. Because it destroyed the old mindset. A mindset that can focus only on criticals and leave low or medium CVSS scores unchecked. Mythos proved that AI can seamlessly chain together multiple low-severity flaws into a deadly attack, making agent-based defense a necessity.  

The infrastructure 

You recently exited stealth with Copperhelm, focused on your core thesis. Why has cloud security specifically been so resistant to the automation that DevOps teams take for granted? 

Shimon: Cloud security has resisted automation because of sheer scale. Determining if a single asset is exploitable requires correlating data from too many sources to fit within standard LLM context windows. We built the Context Lake specifically to solve this data scale problem. Giving agents the exact topological mapping needed to reason accurately. 

Copperhelm’s core technical moat is the Context Lake. Most security tools are just log aggregators. How does a real-time cloud ontology allow an AI agent to reason about a multi-account environment in a way a human analyst simply can’t? 

Shimon: The fundamental difference is speed. What would take a human analyst hours to manually piece together takes our AI minutes. The Context Lake aggregates and contextualizes your cloud telemetry. Giving our AI agents the precise environment data they need to provide clear, actionable answers instantly. 

One of your flagship features is Reachability Mapping. In a world of infinite alerts, why is the ability to trace an exact path through VPCs, Security Groups, and WAFs the only way to effectively prioritize risk? 

Shimon: It’s not about prioritization, because prioritizing implies you have a lingering threat that you are actively ignoring. We run continuous exploitability tests to give you a definitive answer. An answer to what can be exploited by an AI model like Mythos, so you can fix it immediately. 

The catalyst 

This brings us to Claude Mythos, which has collapsed exploit timelines from days to minutes. If an attacker can now find and chain zero-days at machine speed, does the traditional “backlog and prioritize” model of security officially become a liability? 

Shimon: Yes, the entire concept of a prioritized backlog is officially a liability. You must understand what is actually exploitable and fix it the minute it drops. Fighting AI-driven threats requires an integrated agentic cloud security posture. It is the only way to stay safe when attacks happen at this velocity. 

Mythos doesn’t just find critical bugs; it reasons through how to chain lower-severity flaws into full compromises. How does Copperhelm’s agent infrastructure simulate these exact paths to eliminate the false positives that typically overwhelm security operations? 

Shimon: Copperhelm’s AI agents act exactly like a real senior engineer by logging into running machines and inspecting live processes in memory. By analyzing the runtime environment firsthand, the agent definitively understands if a CVE or chained vulnerability is truly exploitable, completely eliminating false positives. 

With Mythos in play, a decades-old, overlooked bug can be weaponized rapidly for minimal compute cost. Is it time we officially retired the CVSS score as a metric for risk? If so, what replaces it? 

Shimon: Score: The NVD (National Vulnerability Database) de facto abandoned the CVSS because the sheer volume of new vulnerabilities became completely unmanageable for a manual scoring system. Because of this bottleneck, the modern standard for agentic cloud security must move to a No-SLA (No Service Level Agreement), No-Prioritization world where you simply find out what is actually exploitable and fix it immediately. 

You talk about near real-time remediation, deploying WAF rules, or revoking tokens without waiting for an emergency human meeting. How d, o you address the “Trust Gap” for CISOs who are terrified of an autonomous agent causing production downtime? 

Shimon: We bridge this trust gap by operating strictly within your existing change control processes, utilizing ticketing, rollbacks, and deep integrations with your observability stack to monitor impact. Furthermore, our mitigation rules always begin in “learn mode” to ensure safe, transparent monitoring before active enforcement. 

“The minute a new CVE drops, an AI agent should autonomously investigate your environment and resolve the issue immediately if it proves to be exploitable.”  Shimon Tolts, CEO of Copperhelm 

The 2027 horizon 

Mythos-level capabilities are becoming ubiquitous via optimized, open-source models that anyone can run locally. In that landscape, what does a truly resilient system look like? Can any enterprise survive the next three years without transitioning to this architecture? 

Shimon: True resilience means shifting your entire defense model to agentic cloud security, where instant investigation and resolution are standard. The minute a new CVE is released, an AI agent should autonomously investigate your environment. It should resolve the issue immediately if it proves exploitable.