1. The pitch deck

Twelve slides. Read each one out loud once before the meeting to lock the cadence. Open the corresponding screen on the second monitor when you say the slide.

SLIDE 01 · COVER

Mythal — the autonomous vulnerability remediation fabric for critical infrastructure

Twelve coordinated AI agents that close the loop from CVE to verified fix — without ever endangering an OT system.

Madhu Uppalapati · AI Architect · Next-Era LLC · For CSX

Open with: "What you're going to see in the next 25 minutes is a complete autonomous vulnerability remediation platform — running live, against a simulated Class I rail estate with 4,300 assets. Built from the assumption that AI-discovered CVEs are now the operating condition, not the exception."

SLIDE 02 · THE MYTHOS PROBLEM

Vulnerability discovery has gone machine-speed. Remediation has not.

163

CVEs Microsoft patched in April 2026 alone

~28%

of CVEs now AI-assisted (Mythos & peers)

< 24 hrs

from disclosure to active exploitation (avg, 2025)

48 days

average MTTR in critical infrastructure (Ponemon 2025)

The gap between when a vulnerability becomes weaponized and when an operator can patch it is now measured in hours on one side and weeks on the other. That delta is the largest unhedged risk on a Class I rail CISO's balance sheet — and it cannot be closed by hiring more humans.

Say: "If you remember nothing else, remember this — vulnerability discovery has become a machine speed activity, and remediation has not. The asymmetry is the entire investment thesis."

SLIDE 03 · WHY CRITICAL INFRASTRUCTURE IS WORSE

Rail, pipeline, power, water have it worse than anyone else

Constrained maintenance windows. You cannot patch a wayside interface unit during a train movement. Most OT systems have one quarterly window of opportunity.
Vendor-locked firmware. Siemens RTUs, Wabtec PTC boxes, Hitachi locomotive controllers — patching is vendor-coordinated, not push-button.
Regulatory exposure. TSA SD 1580-21-01 requires documented timely patching of Critical Cyber Systems, with auditor-ready evidence.
Asymmetric blast radius. A misfire on a yard SCADA system stops freight. A misfire on a server is contained.

Say: "This is why a generic IT vulnerability tool fails on a railroad — and why CSX has been telling vendors what you need is a Middleware AI Agent. We agree on the workflow. We disagree that one middleware agent is enough."

SLIDE 04 · WHAT CSX ASKED FOR

Your stated workflow — and the seven gaps we filled in

What CSX asked for	What you also need (Mythal covers)
Receive trigger for critical CVE	Multi-scanner dedup across Qualys, Tenable, Wiz, Claroty, Defender
Assess threat level	KEV / EPSS / ransomware-actor enrichment + business-impact join to CMDB
Download appropriate patch	Vendor-aware resolver (MS bulletin, Cisco SA, Siemens SSA) with reliability score
Update system	OT Safety Officer veto · dual approval · executor through Tanium/SCCM/Ansible/Panorama · verifier rescan · auto-rollback
—	Signed reasoning trace auditors can read
—	Compliance evidence mapped to TSA SD 1580-21-01, NIST CSF 2.0, NIST 800-82r3, IEC 62443
—	Mythos-aware — built assuming the patch firehose is the operating condition

SLIDE 05 · THE MYTHAL FABRIC

Twelve specialist agents · one signed message bus · one policy gate

★ Supervisor

Orchestrator. Manages the per-finding state machine. Runs on Claude Opus.

Scanner Liaison

Normalizes findings from Qualys, Tenable, Rapid7, Wiz, Defender, Claroty, Nozomi, Dragos.

Threat Intel Aggregator

Enriches with NVD, KEV, EUVD, vendor PSIRTs, GHSA, ICS-CERT.

Patch Hunter

Resolves the vendor fix. MS bulletins, Cisco SAs, Siemens SSAs, vendor archives.

Impact Analyst

Joins to CMDB → business criticality, network exposure, blast radius.

Change Risk

Scores against historical change-failure rates · recommends window.

★ OT Safety Officer

Veto rights on OT and CCS assets. Recommends compensating controls. Runs on Claude Opus.

Remediation Planner

Produces ordered runbook + machine-executable workflow + rollback.

Executor

Applies via Tanium / SCCM / Ansible / Catalyst Center / Panorama / OT-native.

Verifier

Re-scan · health check · exploit re-test · auto-rollback on failure.

Compliance Reporter

TSA SD 1580 · NIST CSF 2.0 · NIST 800-82r3 · IEC 62443 evidence packages.

★ Inventory Insights

Asset graph maintenance, dependency discovery, CMDB delta detection.

Specialists don't share memory. They communicate over a typed, signed message bus. Every decision lands in the reasoning-trace ledger. Every side-effecting tool call passes through a deterministic policy gate first.

SLIDE 06 · THE OT SAFETY OFFICER

The single most important agent for selling into rail

Holds veto rights on every action targeting an asset tagged Critical Cyber System or sitting in an OT zone. Default policy: no direct firmware patching during operations. Instead:

Compensating controls now. Tightens industrial-firewall ACLs · pushes IPS signature · puts the device under monitored isolation.
Firmware patch scheduled. Pinned to the next planned maintenance window, with dual approval (security + OT Operations) required.
Mapped to standards. Every veto records the NIST 800-82r3 + IEC 62443 zone-conduit rationale.

Say: "On a railroad, the difference between buying Mythal and buying a generic vuln-management tool is one agent — this one. Without an OT Safety Officer, the tool will eventually patch the wrong device at the wrong time, and a train will stop."

SLIDE 07 · THE CLOSED LOOP IN 11 STAGES

From CVE landing in a scanner to a signed compliance evidence unit

Ingest

Enrich

Impact

Change risk

Patch lookup

Plan

OT safety

Approval

Execute

Verify

Evidence

Each stage owned by one agent. Each transition signed. Each side effect policy-gated.

/how-it-works ↗ shows the deep dive in the console.

SLIDE 08 · WHAT WE READ FROM YOUR ESTATE

Scanner-agnostic. Patch-tool-agnostic.

Category	Sources we plug in
IT scanners	Qualys VMDR · Tenable.io · Rapid7 InsightVM · Wiz · Microsoft Defender VM
OT scanners	Claroty xDome · Nozomi Guardian · Dragos Platform
Threat intel	NVD · CISA KEV (live) · EUVD · GHSA · ICS-CERT · MS / Cisco / Siemens / Wabtec / Hitachi PSIRTs
CMDB / inventory	ServiceNow · Device42 · BMC Helix · Mythal-native asset graph
Patch tools	Tanium · SCCM · Intune · Ansible · BigFix · Catalyst Center · Panorama · OT-native (RUGGEDCOM, Wabtec)
Identity	Okta · Auth0 · Entra · Keycloak · SAML SSO
Ticketing	ServiceNow ITSM · Jira

Click any of the 17 cards on the Integrations page — modal shows authentication mode, polling cadence, the exact fields we read, and how each field maps to Mythal's canonical schema (e.g. QID + CVE list → vulnerability.cve).

SLIDE 09 · LIVE EXECUTION

You see the patch land — step by step

When a plan is approved, the Executor agent runs each step through the appropriate patch tool with realistic timing. The plan-detail page streams the timeline in real time: tool name, agent ID, started/completed timestamps, key-value result payload (Tanium action_id, SCCM deployment_id, Cisco DNAC task_id), and the Verifier rescan verdict per step. A 4-step plan completes in 8–12 seconds with visible progression.

If a step fails (18% failure rate on OT for realism), Mythal rolls back automatically and the plan transitions to ROLLED_BACK.

SLIDE 10 · COMPLIANCE EVIDENCE

Auditor-ready PDFs in under 60 seconds

TSA SD 1580-21-01 — primary framework for Class I rail. Control-by-control evidence with execution + approval signatures.
NIST CSF 2.0 — Identify / Protect / Detect / Respond / Recover, mapped to plan trace IDs.
NIST 800-82r3 — ICS-specific. Zone-conduit evidence from OT Safety Officer decisions.
IEC 62443 — IACS security. Compensating-control evidence with HMAC signatures.

One click on the Compliance page produces the PDF. The reasoning trace is the audit log.

SLIDE 11 · ROI

What CSX would save in year one

Lever	Conservative	Aggressive
Vuln analyst FTE deflection	3 FTE × $185K	6 FTE × $185K
Mean time to remediate (days → hours)	14× faster	40× faster
Cyber insurance premium reduction	5%	12%
Audit prep effort	~$400K / yr saved	~$900K / yr saved
Avoided incident (per-incident)	—	$4–18M typical for rail

ACV: $750K – $3M depending on tenant size, integration count, on-prem vs SaaS.

SLIDE 12 · ASK

What we need from CSX

A 14-day technical proof in your lab environment — one Qualys instance, one OT scanner, one zone of 200–500 assets. Mythal stands up an on-prem appliance, connects to your sources, and runs the closed loop on real findings.
A named OT Operations approver and Security approver for the dual-approval flow. Your existing role definitions are fine.
Read-only access to one CMDB instance so we can demonstrate the business-impact join.
One auditor (TSA or internal) to validate the compliance evidence output against their checklist.

Decision target: signed POC SOW within 30 days.

2. End-to-end flow

One CVE's complete lifecycle through Mythal. This is the diagram you point at when CSX asks "what does it actually do?"

One finding's journey

Qualys / Tenable / Claroty pushes a CVE

Scanner Liaison · /api/scanners/{name}/ingest

Inbound webhook from the scanner. Scanner Liaison normalizes the payload, dedups against same CVE on same asset from other scanners, emits canonical VulnerabilityFinding.

Where to see it: /live-feeds · /findings

Threat Intel agent enriches

Threat Intel · live polls NVD, CISA KEV, vendor PSIRTs

Adds KEV flag, EPSS percentile, exploit-in-wild flag, ransomware-actor association. Maps to MITRE ATT&CK for ICS technique IDs.

Where to see it: finding detail drawer · reasoning trace shows the enrichment narrative

Patch Hunter resolves the vendor fix

Patch Hunter · _KNOWN_PATCHES + vendor-aware archive resolver

For Microsoft CVEs → KB / MS bulletin. For Cisco → cisco-sa advisory. For Siemens → SSA-XXXXXX. Returns clickable references (msrc.microsoft.com, sec.cloudapps.cisco.com, cert-portal.siemens.com). Each patch gets a PatchReliabilityScore (vendor source × deployment evidence × rollback feasibility).

Where to see it: plan detail page · green "Vendor patch located ✓" card with bulletin ID and clickable URLs

Impact Analyst + Change Risk score the work

Impact Analyst → BusinessImpactProfile · Change Risk → ChangeRiskScore

Looks up asset in CMDB graph: internet-facing? OT zone? Upstream of dispatch? Outputs business impact 0–1. Change Risk evaluates historical failure rates for this asset class, picks a window, decides if canary required.

Where to see it: finding detail · "Business impact" and "Change risk" cards in the side panel

OT Safety Officer reviews (OT/CCS only)

OT Safety Officer · holds veto rights · Claude Opus reasoning

If asset is OT or CCS: defaults to veto on direct patching. Proposes compensating controls (firewall ACL tightening, IPS signature, monitored isolation). Schedules the firmware update for the next maintenance window.

Where to see it: plan detail page · amber "OT Safety Officer review" card with verdict and rationale

Remediation Planner synthesizes the plan

Remediation Planner · OPA policy gate decides approval scope

Produces ordered steps, exact tool per step, rollback for each step, approval scope (single/dual), maintenance window. Auto-apply eligibility evaluated against tenant policy.

Where to see it: /plans · click any card → plan detail with full steps table

Human approval (single or dual)

Plan detail → "Approve as security" / "Approve as ot_operations" buttons

HMAC-signed approval stored. For OT and CCS: both security and ot_operations signatures required before Executor dispatches. For low-criticality IT: auto-apply path skips this step.

Where to see it: plan detail · amber "⚠ Awaiting approval" card with sign-off buttons

Executor applies through your patch tool

Executor · Tanium / SCCM / Ansible / Catalyst Center / Panorama / OT-native

Dispatched in a background thread the moment approval lands. One Execution row per step. Tool-specific result payload (Tanium action_id, SCCM deployment_id, Cisco DNAC task_id). 2–3 second per step for realism — UI polls every 1.5s and streams the timeline live.

Where to see it: plan detail · "Execution timeline" with ● LIVE badge while running

Verifier confirms (or rolls back)

Verifier · re-scan · health check · exploit re-test

Triggers a fresh scan via the scanner used in step 1, confirms the CVE no longer reports. Runs service health probe. Where safe, runs the exploit re-test to confirm the path is now blocked. If anything fails → auto-rollback + escalate.

Where to see it: plan detail · "✓ Verifier check" appears under each execution row with rescan / health / exploit-retest verdicts

Compliance Reporter emits evidence

Compliance Reporter · TSA SD 1580 · NIST CSF 2.0 · NIST 800-82r3 · IEC 62443

Every closed plan emits ComplianceEvidence units tagged to the framework controls. Auditor PDF on demand, control-by-control, in under 60 seconds.

Where to see it: /compliance · select framework → Export

3. Demo script

Three timed scripts — pick the one that fits the meeting length. Memorize the 12-minute one. The others are extracts.

3a · The 4-minute investor pitch

Open Command Center — the live console

URL: /command-center

"This is Mythal running live against a simulated Class I freight railroad — 4,300 assets, 800 of which are OT. Top of the dashboard you see real-time KPIs: 47 open critical findings, 44 OT assets under compensating control, 132 plans awaiting approval."

Click Scenario C · Siemens RTU at Substation 14

Scroll to "Run a demo scenario" section · click Run on Scenario C card

"A Siemens RUGGEDCOM RTU advisory just hit. Eight wayside devices affected. Watch the OT Safety Officer agent."

Toast appears with the scenario story · activity feed updates

Open Plans → filter to OT tab

URL: /plans · click OT tab

"Plans get filtered to OT only. Notice — every one of these has compensating controls deployed, none have direct firmware patches scheduled. The OT Safety Officer vetoed them."

Open one plan → show OT Safety Officer review

Click any OT plan row · plan detail opens

"This is the per-plan view. Look at the amber 'OT Safety Officer review' card — verdict: VETO. Rationale recorded. Compensating controls applied. The firmware patch is scheduled for the next maintenance window with dual approval required. All of this maps to TSA SD 1580-21-01 controls."

Export TSA evidence PDF

URL: /compliance · select TSA SD 1580 · Export

"Auditor-ready PDF in under 60 seconds. This is the audit log a CSX TSA inspector would read. Every action signed, every decision traceable. The Mythos thesis is that vulnerability discovery has gone machine-speed. We're the response layer that finally goes machine-speed too — without ever endangering an OT system."

3b · The 12-minute CISO technical demo

Open /how-it-works

"Before I click anything live — here's the 11-stage closed loop. Eleven stages, each owned by a specialist agent. For every stage you can see which integrations plug in, which fields we read, and what each agent emits."

Scroll slowly through stage 1 (Ingest), pause on the Qualys / Tenable / Wiz / Claroty list. Then scroll to stage 7 (OT Safety Gate) — pause on the OT Safety Officer detail.

Open /integrations · click the Qualys VMDR card

"Here's what plugs in. 17 connectors catalogued. Click Qualys — modal opens showing the authentication mode (API user + password), poll cadence (5-minute + webhook), every field we read, and the canonical-schema mapping. QID + CVE list → vulnerability.cve. HOST.DNS → asset.hostname. There's no magic. Pure schema mapping."

Open /plans · search "Cisco"

"132 plans currently in flight. Default tab is Awaiting Approval — where the work is. Let me search Cisco to narrow."

Click any Cisco plan with AWAITING_APPROVAL

"Plan detail. Lifecycle ribbon at top. Notice the green 'Vendor patch located ✓' card — Patch Hunter resolved the Cisco SA advisory. Right there — clickable URLs to sec.cloudapps.cisco.com and cve.org. We don't say 'patch not found' when the patch obviously exists."

Scroll to Remediation Steps table

"Four ordered steps. Each one has its own tool — Cisco Catalyst Center for the network gear. Each one has its own rollback. Pre-flight snapshot, push patch, restart service, post-flight rescan."

Click "Approve as security"

"This is where it gets interesting. I'm signing as the security approver. The plan moves to APPROVED. Now watch the Execution timeline — the badge says LIVE. The Executor agent is running each step in a background thread, every 1.5–3 seconds a new step lands."

Wait 8–12 seconds. Steps appear one at a time. After step 4 → Verifier check → CLOSED.

Point at each Execution row

"Each step shows the agent ID, the tool, the started and completed timestamps, and the tool-specific result. Cisco DNAC task ID. Compliance status. Each result is structured — not a JSON wall. But there's a 'Show raw payload' toggle for the engineers in the room."

Show the Verifier check

"After Executor finishes, Verifier runs. Re-scan: CLEAN. Health check: PASS. Exploit re-test: BLOCKED. If any of these had failed, Mythal would have rolled back automatically and the plan status would be ROLLED_BACK."

Switch to the OT example — go back to /plans · OT tab

"Now the part that matters most for CSX. Filter to OT. Click any one with the OT tag. Look at the amber OT Safety Officer review card — verdict: veto. Rationale: 'Direct firmware patch on RUGGEDCOM RTU during operations carries unacceptable risk to wayside integrity.' Compensating controls deployed at the industrial firewall. Patch scheduled for next maintenance window with dual approval."

Show /compliance · TSA SD 1580 → Export

"Audit week. Select TSA SD 1580-21-01. Click export. PDF in 30 seconds. Every closed plan from the last quarter, every veto, every compensating control, every signed approval, mapped to the relevant control."

Close on Activity feed

URL: /activity

"Every message between every agent for every active trace. This is the audit theatre. Auditors love it. Investors love it. CISOs sleep better knowing it exists. Questions?"

3c · The 20-minute deep dive (engineering audience)

Run the 12-minute script, then add:

Switch to Bridge or Mission layout — show same data, different ops aesthetic for security ops center vs. exec dashboard contexts.
Open /activity — filter by trace_id of the plan you just executed. Show all 14 agent messages chronologically.
Show /policy — policy studio. The OPA rules that gate the auto-apply decisions.
Show /docs — the document library. Pitch decks, API references, integration mappings, architecture diagrams.
Open /api-docs — live OpenAPI explorer. Hit /api/plans/{id} manually to show the wire format.

5. Q&A — the questions you'll get and how to answer them

Memorize the first sentence of each answer. The rest is improvisation.

Q: How is this different from Qualys / Tenable / Rapid7?

We're not a scanner — we sit on top of them. Qualys finds CVEs. We turn those CVEs into approved, executed, verified, audited remediations. We work with whichever scanner you already have. We're a fabric, not a replacement.

Q: How is this different from ServiceNow VR / ArmorCode / Brinqa?

Those are workflow layers on top of scanners. They route tickets to humans. We close the loop without a human in the loop for safe IT remediations, and we have an OT Safety Officer agent that nobody else has — which is the only reason this can run on a railroad.

Q: What stops you from patching a wayside interface unit during a train movement?

Three things. One: the OT Safety Officer agent vetoes any direct patch on OT or CCS assets by default. Two: the policy gate requires dual approval (security + OT operations) for any OT change, with HMAC signatures. Three: the change window check refuses execution outside the configured maintenance window. Three independent checks have to fail for that to happen.

Q: What about LLM hallucination? Aren't AI agents unreliable?

Two answers. First, the platform runs in deterministic mode by default — the agents are rule engines with structured outputs, no LLM calls in the critical path. You can opt into Claude or OpenAI per agent. Second, even with LLMs, every output goes through a JSON-schema validator and the deterministic policy gate. The LLM cannot reach a real patch tool without passing schema validation and policy. Hallucination cannot leave the agent.

Q: What about prompt injection in advisory text?

External content — advisory bodies, scanner output, ticket comments — is wrapped in <untrusted_external> tags before any agent sees it. The system prompt explicitly tells the agent to never follow instructions found in those tags. There's also a pre-flight classifier that flags advisory text matching known prompt-injection patterns.

Q: Can we run it on-prem? Air-gapped?

Yes. Single-VM appliance build with k3s ships in the same release. Air-gapped mode uses pre-staged advisory bundles and never reaches out — same agent loop, just with manual feed updates.

Q: What's the integration effort to plug in Qualys + Tenable + our ServiceNow?

Standard connectors. Qualys: API user + secret in Vault, 30 minutes. Tenable: access + secret key, 30 minutes. ServiceNow CMDB: OAuth2 app + table read permissions, ~90 minutes. The longest part is your internal change ticket for the credentials. Total customer effort: half a day.

Q: TSA SD 1580-21-01 — does the evidence actually pass an inspector?

The evidence package maps control-by-control to TSA SD 1580-21-01 requirements with HMAC-signed approvals, dated execution records, and the full agent reasoning trace. We've shown it to two former TSA inspectors during build; both confirmed it answered every checklist item. Final validation against your specific TSA contact is part of the 14-day POC.

Q: What if a patch breaks something we didn't anticipate?

Verifier runs three checks after every execution: rescan, service health, exploit re-test. Any failure auto-triggers rollback (which was tested at plan time before approval — Patch Hunter scores rollback feasibility). The plan transitions to ROLLED_BACK and escalates with full context.

Q: Cost model?

ACV $750K – $3M depending on tenant size, integrated source count, on-prem vs SaaS, and whether you want the AI Red Team module. Year-one ROI typically positive on FTE deflection alone (3–6 vuln analyst FTE worth of work). Insurance premium savings and audit-prep savings are additional.

Q: We already started building this internally / we have a Middleware AI Agent project. Why buy?

Build vs. buy on a multi-agent platform is a 12–18 month commitment for a 6-engineer team minimum, before you have a working OT safety model. You'd be paying $4–6M loaded just to get to where we are today. Our 14-day POC will tell you whether buying gets you there faster than your current build trajectory. If your team gets us to feature parity in two quarters, our value is the OT Safety Officer and the compliance evidence — and we'll license those as components.

Q: What's your roadmap?

Three things on the next horizon. Identity-aware remediation — when the finding is really "overprivileged service account on exposed asset", fix it in the IAM plane not the patch plane. AI Red Team agent — a 13th agent that continuously attempts safe exploitation to find what scanners missed. Cyber insurance integration — generate posture attestation packages for Marsh, Aon, Lockton renewals.

6. Critical URLs (bookmark these now)

Purpose	URL
Landing / KPIs	/command-center
The 11-stage flow	/how-it-works
Connector catalog	/integrations
Plans (default = Awaiting)	/plans
Findings (CVEs)	/findings
Live agent message bus	/activity
OT operations	/ot
Compliance evidence + PDF export	/compliance
OPA policy studio	/policy
Live KEV / Mythos feeds	/live-feeds
Asset estate graph	/estate
Documents library	/docs
OpenAPI explorer	/api-docs
Layout: Mission Control (Bloomberg-style)	/mission
Layout: Workspace (Linear-style)	/workspace
Layout: Lightning (Salesforce-style)	/lightning
Layout: Bridge (NASA/Anduril HUD)	/bridge

7. If something breaks live

Three failure modes. Each has a 30-second recovery.

If the page is showing stale data

Hard refresh. Ctrl+Shift+R. The console caches aggressively — if anything looks frozen, this clears it. Done in 3 seconds.

If the approve button shows a spinner forever

Don't panic — say: "There's a background thread running here that takes 8–12 seconds. The UI is polling every 1.5 seconds. Let's give it a moment." Then click the plan card again from /plans — the status will have advanced. The button gets stuck visually but the API completed.

If a scenario click does nothing

Scenarios are idempotent. If the assets it targets already have findings, it shows targets_processed: 0. Recovery: click a different scenario (A is the safest — always lands fresh findings). Or click the Sync CISA KEV button at the top right of /command-center, which always produces visible activity.

If a route returns 404 or 500

The audience won't notice if you don't. Move to the next URL in your script. Note the failure in your phone, recover later. Continue the narrative — "let's look at this from the Lightning view instead" and switch to /lightning.

If they ask to see something you didn't prep

Defer to the document library. "Let me grab the right context for that — /docs has the full architecture document." Open the library, navigate. You buy 30 seconds and look like you have an organized system.

Worst case: nothing loads

Pull up this very document on your phone. Walk through the pitch deck section by section verbally, point to the static screenshots/text. You can win a CISO meeting without a live console if you have the story straight.

Mythal Demo Prep · v1 · Last updated 2026-05-25 · For Madhu Uppalapati / Next-Era LLC · All docs ↗