Mythos-Class Frontier Models and PQC Migration: Protocol, PKI, and Cryptographic-Agility Risks Under Mythos-Class Vulnerability Discovery

Post-Quantum Cryptography (PQC) migration to NIST FIPS 203, 204, and 205 under NSA CNSA 2.0 is a multi-year, multi-domain transformation across cloud, enterprise, embedded, OT, tactical, and national-security systems. Anthropic’s Claude Mythos Preview (April 2026) introduces AI-accelerated cybersecurity capabilities that intersect this migration directly, performing autonomous reasoning against previously unknown vulnerabilities in production software — a qualitative departure from signature-based and SAST/DAST tooling. Drawing on federal guidance from NIST, NSA, OMB, and CISA, and on independent analyses from CETaS and the UK AI Security Institute, we present a lifecycle and architecture analysis of how Mythos-class models alter PQC migration timelines, risk surfaces, lifecycle dependencies, and architectural constraints. Modeling Mythos as both accelerator and destabilizer, we derive an analytic projection of a compressed two-to-four-year migration window for highest-exposure systems, against traditional baselines of five-to-ten years for small organizations and twelve-to-fifteen-plus years for large enterprises. The compression collapses human-labor bottlenecks in discovery, planning, and code modification, not cryptography itself. We propose a lifecycle-aligned migration model, an updated cost model, and governance requirements for frontier-model access. The binding constraint shifts domain-conditionally: defender capacity at adversary tempo governs software-analytical phases, while non-compressible external cadence governs embedded and regulated domains.