As Mythos Expands What Detection Can’t See, Daylight Launches Managed Agentic Threat Hunting
:::info
A new managed service pairs agentic AI execution with expert-driven methodology to surface threats that detection tools are not built to find.
:::
Daylight Security has announced a new managed agentic threat hunting service, one the company says is the first capable of delivering continuous threat hunting at enterprise scale. The timing is deliberate. AI-powered attack discovery platforms like Mythos are giving adversaries an expanding view of what can be found and exploited inside an organisation’s environment, and the security industry’s traditional response, waiting for a detection to fire, is no longer enough.
The pressure on security leaders has been building for some time. Sophisticated attack tooling combined with environments that now routinely span cloud infrastructure, identity systems, SaaS platforms, and endpoints has created conditions in which significant attacker activity can go entirely undetected. Alerts surface what the detection layer already knows to look for. Everything else stays dark.
Daylight Security’s position is straightforward: organisations need to stop treating complete detection as an achievable goal and start building programmes that account for the activity no alert will ever surface.
“Security teams can no longer rely solely on alerts to understand what’s happening in their environment,” said Hagai Shapira, co-founder and CEO of Daylight Security. “Threat hunting is no longer a periodic activity, it’s a required layer of security. The challenge is that it has never been possible to run it continuously. Until now.”
The Gap Detection Cannot Close
The dominant security model, built around alerting and response, was designed to catch known threats. It does that reasonably well. What it cannot do is go looking for threats it was never taught to recognise, and that limitation becomes more consequential as platforms like Mythos broaden the range of attack paths that adversaries can map and act on.
Threat hunting exists precisely to fill that gap, searching actively for hidden or undetected activity rather than waiting to be told something is wrong. The problem is that meaningful threat hunting requires time, skilled analysts, and scale that most organisations cannot sustain. Hypothesis lists grow long. Execution stays thin. Much of the environment never gets tested.
Expert Methodology, Agentic Execution
Daylight’s service is built on a division of labour between human experts and an agentic system. The human side designs the hunting hypotheses and defines the analytical approach. The execution, querying data sources, working through findings, refining the dataset, reaching a verdict, is handled by a coordinated set of specialised AI agents running end-to-end without manual intervention at each step.
The system does not follow fixed playbooks. Each investigation adapts based on what the data shows, which Daylight argues allows for both greater depth and greater accuracy than rule-based approaches can deliver.
Two hunting modes operate in parallel. Hypothesis-based hunting targets unknown or undetected threats, the activity with no existing detection signature. IOC-based hunting tests for known threats, validating whether the organisation is exposed to something the broader industry has already identified. Running together, they cover both ends of the threat landscape continuously.
Continuous Coverage Replaces the Periodic Hunt
Removing the manual execution bottleneck changes the economics of threat hunting in a material way. Where a traditional hunt might take weeks to complete, or simply never be completed, Daylight’s agentic model runs multiple hypotheses in parallel across large environments and resolves investigations in minutes.
Every hunt closes with a defined outcome. Either the hypothesis is disproved and the environment is cleared, or activity requiring further investigation has been found. The full process is documented and auditable throughout, which matters for both operational and compliance reasons.
Early Signals from the Field
Organisations that have already deployed the service describe a shift in how their programmes operate, moving from infrequent, resource-limited hunts to continuous environmental validation.
“Mythos and platforms like it make one thing clear: organisations must operate with an assume-breach mindset,” said Itay Livne, CISO at Sixt. “Detection alone will never be perfect, especially as new vulnerabilities emerge. That makes continuous threat hunting essential, but at enterprise scale, speed is now just as critical as coverage. Until recently, achieving both simply wasn’t feasible.”
:::tip
This story was distributed as a release by Jon Stojan under HackerNoon’s Business Blogging Program.
:::
