READMEHow to use this script
This is your read-aloud script for the 10-slide client deck. Every slide has a section below with:
- OPEN WITH — the first sentence to start the slide. Memorize this one line.
- TALK TRACK — the natural-language explanation in your own voice.
- ANCHOR PHRASES — the memorable lines you wanted (machine speed, attackers reverse-engineer).
- WHAT TO POINT AT — what's on screen as you talk.
- TRANSITION — one sentence to the next slide.
RULE: Read each section out loud once before the meeting. The first sentence and the anchor phrases are the only parts to memorize verbatim. Everything else is yours to say in your own words.
OPENERHow to start the meeting before slide 1
OPEN WITH
"Thanks for taking the time today. I want to walk you through what we built, then show it to you live. The thing I want you to walk out remembering is this: after Mythos, vulnerability discovery became a machine-speed activity, and applying the fix did not. Everything else we'll talk about is a consequence of that one sentence."
WHY THIS OPENER WORKS: Tells them what to remember, gives them a hook, sets a confident tone. No timing commitments. No agenda padding.
SLIDE 1Cover
What's on screen
Mythal cover slide. Gold mark, headline "From vulnerability to applied fix", tagline about twelve agents and humans-in-loop-where-needed.
Say this
"This is Mythal. It's an AI fabric that goes from a vulnerability appearing in your environment to the fix being applied and verified. Built specifically to fit into environments like CSX, where every part of the platform is configurable to match how your teams actually work."
Transition
"Before I show you what it does, let me tell you why it exists."
SLIDE 2The Mythos thesis — the key slide
This is the most important slide
What's on screen
Title naming Mythos. A paragraph at top explaining the Mythos event and 163-CVE Patch Tuesday. Then "hours" vs "weeks" cards. Bottom paragraph on reverse-engineering. Final paragraph names this as the Mythos thesis.
Open with
"Here's the asymmetry — and remember this. After Mythos, vulnerability discovery became a machine-speed activity. Applying the fix did not. The whole reason we built Mythal is to close that gap."
Talk track
"In early 2026, Anthropic released a model called Mythos. Other AI labs released similar models around the same time. What they collectively did was collapse the cost of finding vulnerabilities. What used to take a researcher weeks now takes an AI minutes.
The downstream effect is that the volume of disclosures has exploded. Microsoft alone patched 163 CVEs in one Patch Tuesday this April. Vendors are shipping patches faster than ever. And attackers are running parallel AI-assisted patch diffing the moment fixes appear.
Here's the part most people miss — the moment a vendor releases that patch, attackers reverse-engineer it. They diff the binary before-and-after, see exactly what changed, build a proof-of-concept exploit against the un-patched version, and start scanning the internet for systems that haven't applied the fix yet. They're working with the patch as a roadmap.
So every hour you delay applying that patch is an hour the attacker has the advantage on you. That asymmetry is the Mythos thesis — and you cannot hire your way out of it. The work has to be automated, with your humans in the loop only where judgment is needed."
Anchor phrases (memorize)
1. "After Mythos, vulnerability discovery became a machine-speed activity, and applying the fix did not."
2. "The moment a vendor releases a patch, attackers reverse-engineer it within hours and build a proof of concept."
3. "Every hour you delay is an hour the attacker has the advantage. That's the Mythos thesis."
Transition
"Before we go deeper — let me make sure we're on the same page about what a vulnerability is and where it lives."
SLIDE 3What's a CVE and where it lives
What's on screen
Three steps along the top: Discovered → Catalogued → Patched. Three "where they live" cards along the bottom: Corporate IT, Network & cloud, Rail systems.
Open with
"Quick context — a vulnerability is a known flaw in software or firmware. The lifecycle is simple: a researcher or vendor discovers it, it gets a CVE number that goes into the public database where everyone can see it including attackers, and then the vendor issues a patch. Until you apply that patch, you're exposed."
Talk track — point at the three zones
"In a railroad environment, vulnerabilities show up in more than just corporate servers. You've got corporate IT — Windows, Active Directory, Exchange, financial apps. Standard scanners cover these well. You've got network and cloud — Cisco switches, firewalls, your AWS or Azure workloads. That's the plumbing. And then you've got rail systems — dispatch platforms, telematics gateways, scheduling, the EDI for shipping. That's where IT meets your operations side. A vulnerability on a dispatch server can affect freight movements just like a vulnerability on a finance server can affect quarterly close."
Transition
"So that's the playing field. Now let me tell you what Mythal does."
SLIDE 4What Mythal does — the one-sentence answer
Open with
"In one sentence — Mythal is a team of twelve AI agents that watch every scanner, find every fix, and apply it — with your humans only in the loop where it matters."
Talk track
"When a vulnerability appears anywhere — Mythal takes it through every step.
It finds the right fix from the vendor's official source. It decides what's safe to apply directly and what needs to be flagged for your team instead. It builds a plan with exact steps and a tested rollback. It routes the plan to your team for approval when your policy requires it. It applies the fix through whatever patch tool you already run — Tanium, SCCM, Ansible — we don't replace what you have. It verifies the fix worked — rescan, check service health, roll back if anything's off. And it produces audit evidence as a side-effect of every action."
Important — read this verbatim at the end of the slide
SAY: "For sensitive operational systems, Mythal never applies directly. It always builds the plan and proposes it. Your team applies, on your schedule."
Transition
"Let me walk you through the workflow more carefully."
SLIDE 5The six-step workflow
Open with
"Six steps. Five are done by AI agents in the background. One step — approval — is where your team signs off. Look at the gold-highlighted box. That's the human-in-the-loop step."
Talk track — walk left to right
"Discover. A scanner reports a new finding. Mythal pulls it in. If three different scanners report the same finding on the same asset, we dedupe to one record.
Investigate. Agents look up the vendor fix, check whether this is being actively exploited, score the business impact based on your CMDB.
Plan. Build the exact ordered steps. Which tool runs which step. Rollback for every step.
Approve. This is your human step. The plan is routed to the right approver based on rules you configure. Low-risk fixes might auto-apply. Anything sensitive, anything during business hours — your policy decides. Mythal never takes an action your policy didn't authorize.
Apply. Once approved, the Executor agent pushes the fix through your existing patch tool. Or — and this matters — for systems your operations team owns, Mythal hands the plan over and your team applies it.
Verify. Rescan confirms the vulnerability is gone. Service health check passes. Audit evidence emitted. If anything fails verification, Mythal rolls back automatically."
The line to land
SAY: "You control where the line falls. Low-risk fixes can flow through Mythal end-to-end. For anything sensitive, Mythal builds the plan and hands it to your team. Mythal never acts outside the rules you set."
Transition
"That's the workflow at a high level. Now let me show you what each of the twelve agents actually does."
SLIDE 6The twelve agents at a glance
What's on screen
A 4×3 grid of agent tiles. Two have gold stars — Supervisor and Safety Officer. Each tile has the agent name and one-line role.
Open with
"Twelve agents. Each one has one narrow job. Let me walk through them quickly so you see the scope."
Talk track — group them logically
"At the top — the Supervisor orchestrates the workflow and holds the state of each finding.
The Scanner Liaison pulls findings from your scanners. The Threat Intel agent checks public threat feeds — is this being exploited right now? The Patch Hunter finds the vendor's official fix.
Then we get into prioritization. The Impact Analyst joins findings to your CMDB to score importance. The Change Risk agent looks at historical change failures and recommends a window.
The Safety Officer — the second starred agent — is the one I mentioned earlier. For sensitive operational systems, it builds plans but never applies directly. It's the gate.
Then execution. Remediation Planner produces the ordered runbook. Executor drives the patch through your tools. Verifier rescans and triggers rollback if needed.
And on the audit side, Compliance Reporter captures the evidence and produces the auditor-ready PDF. Inventory Insights is optional — for surfacing gaps in your estate beyond the CVE flow."
The line to land
SAY: "Twelve agents, one shared message bus, every decision recorded. They don't share memory — they talk to each other through signed messages. That trace is your audit log."
Transition
"Who actually touches this platform day to day? Several different teams, each for a different reason."
SLIDE 7Who uses Mythal (generic teams)
What's on screen
Six cards: Leadership, Security Team, Operations Team, Engineers, Audit/Governance, External Auditors. Generic role labels — nobody named.
Open with
"Mythal isn't one team's tool. Six different groups would touch it for different reasons."
Talk track — walk top-left to bottom-right
"Leadership watches KPIs on the Command Center and receives the auto-generated leadership PDF. Posture trends, work absorbed, no diving into individual findings.
The security team is the daily operator. They open Mythal first thing. Review plans needing attention. Sign approvals. Investigate the reasoning trace when something looks off.
The operations team is the most important user on the operational side. For sensitive systems, Mythal builds the plan and sends it to them. They review it, apply it on their schedule, and Mythal closes the loop on verification.
Your engineers connect Mythal to your scanners, your CMDB, your patch tools, and configure which agents are active.
Audit and governance get one-click PDF export for whichever framework the auditor is asking about. And your external auditors receive that signed PDF with control-by-control mapping — they don't have to assemble anything by hand."
The line to land
SAY: "Note especially — for the systems your operations team owns, Mythal hands over the plan and steps back. Your team stays in control."
Transition
"Everything I just described is configurable. Let me show you how much."
SLIDE 8Configurable — tailored to CSX
Open with
"Mythal is not a one-size-fits-all SaaS. Every one of these knobs is yours to set. If your team doesn't want certain capabilities — they're off. If you need certain behavior tuned to your operational reality — we configure it. The platform adapts to you, not the other way around."
Talk track — point at the table
"Scanner sources — Mythal only reads the scanners you operate. Nothing else.
Approval policy — you decide what auto-applies, what needs single approval, what needs dual approval.
Patch tool routing — your existing tools, no new ones imposed.
Hands-off zones — and this is the big one — parts of your environment where Mythal will never apply directly, even if approved. For those, Mythal builds a plan and hands it to your team.
Maintenance windows — when can fixes be applied, when can't they.
Audit frameworks — only the ones you're audited against. Others off by default.
Agent backends — and importantly, you can run the agents deterministically with no LLM at all. The agents are rule engines. You can opt in LLM per agent if you want richer reasoning, but it's not required."
Transition
"All this work generates one valuable side-effect that I want to highlight. Audit evidence."
SLIDE 9Audit evidence — one click
What's on screen
Two panes. Left — how the audit trail builds itself. Right — a mock PDF showing what an auditor would see.
Open with
"Audit is a side-effect of doing the work — it's not a separate project. Here's how the trail builds itself."
Talk track
"Every agent decision is written to the reasoning trace as it happens. Every approval is signed with the approver's identity and timestamp. Every applied fix records the tool used, the target, the result, and the rollback path. Every verification result is preserved. And the Compliance Reporter agent maps each finding to the relevant control framework automatically.
What you get on the right — a live posture dashboard you can pull up at any time. One-click PDF export per framework — signed, dated, auditor-ready. A machine-readable bundle for ingestion into your GRC tool. And coverage for the major frameworks across rail, ICS, federal, financial, and healthcare."
The line to land
SAY: "When an auditor walks in, you don't go hunting through ticket systems and email chains. You hit Export, hand them the PDF, and the reasoning trace answers every checklist item with a signed action record."
Transition
"And here's what we'd propose as the next step."
SLIDE 10The ask — proof in your environment
Open with
"We're not asking for a commercial commitment today. We're asking for a proof — in your lab, with your data, your scanners, your approvers."
Talk track
"One zone, one scanner pair. Pick one segment of your environment and one scanner you already operate. We connect Mythal to it.
Mythal runs inside your network. Single-VM appliance. No cloud dependency. No data leaves your environment.
Real findings, real plans. The platform runs the closed loop on your actual environment with your team in the approval workflow.
You evaluate against your own criteria. Leadership, security team, operations team, and your auditor — all four review and decide.
No commitment until the proof is green. If anyone has reservations, we step back. The risk to you is zero."
The actual ask
SAY: "The only thing we need to start is a connection with the right people at CSX. We handle the rest."
Then stop talking
THE HARDEST PART: After the ask, shut up. The silence is where the answer lives. Resist the urge to keep selling.
DEMOThe live demo — when to switch from slides
After slide 9 (Audit), switch to the live console. Press Alt+Tab to your browser tab on /command-center.
Demo flow — four moments
① The Command Center. Point at the KPIs at the top. "4,310 assets in scope. 47 critical findings open. 44 systems under active compensating control. The Live Activity feed on the right is the twelve agents talking to each other."
② One plan, end to end. Click Plans in the sidebar. Search "Cisco". Click any row. The plan detail opens.
- Point at the green "Vendor patch located" card. "Patch Hunter found the Cisco advisory. Here's the bulletin ID — clickable URL to Cisco's official security page."
- Click "Approve as security". Watch the toast appear.
- Wait for the steps to land. "This is the Executor agent applying through your patch tool. Each step lands as it completes. Verifier rescans at the end."
③ The plan-only handoff. Open another plan from a sensitive zone. "Notice — for this one, Mythal built the plan but didn't apply directly. The compensating controls are documented. The patch itself is scheduled for the next maintenance window with your operations team in the loop. This is what the hands-off configuration looks like."
④ Audit evidence. Click Compliance in the sidebar. Pick a framework from the dropdown. Click Export. "Auditor-ready PDF on demand. Every closed plan, every approval, every veto, every compensating control, mapped to the framework. This is what your auditor or your regulator would read."
Return to slides
Press Alt+Tab back to the deck. "That's the demo. One more slide and then your questions."
Q&AThe questions you'll definitely get
Q: How is this different from Qualys / Tenable / our scanner?
"We're not a scanner — we sit on top of yours. Your scanner finds vulnerabilities. Mythal turns those into approved, executed, verified, audited fixes. We work with whichever scanner you already have."
Q: What stops Mythal from doing something we didn't approve?
"Multiple gates. The policy gate is deterministic — it evaluates every action against the rules you configured. Hands-off zones mean Mythal never applies directly to systems you mark — it only builds plans. Approvals are signed with the approver's identity. Without all the right signatures, the action cannot be executed."
Q: What if the AI hallucinates?
"Two answers. First, the agents run deterministically by default — no LLM in the critical path. Second, even when you opt-in LLMs for specific agents, every output goes through a schema validator and the deterministic policy gate before any side effect. The LLM cannot reach a real patch tool without passing both."
Q: Can you run on-prem? Air-gapped?
"Yes. Single-VM appliance. Air-gapped mode uses pre-staged advisory bundles. Same agent loop, manual feed updates instead of live."
Q: How do I trust the audit evidence?
"Every action carries a signed record. Every approval is HMAC-signed. The reasoning trace is the audit log — read it top to bottom and you see exactly which agent did what, when, and why. We've shown the format to former auditors and they confirmed it answered every checklist item."
BACKPOCKETIf you forget everything else, remember these three lines
LINE 1 · THE PROBLEM
"After Mythos, vulnerability discovery became a machine-speed activity, and applying the fix did not."
LINE 2 · WHY IT'S DANGEROUS
"The moment a vendor releases a patch, attackers reverse-engineer it within hours and build a proof of concept. Every hour you delay, you're vulnerable."
LINE 3 · WHAT MYTHAL DOES
"Mythal is a team of twelve AI agents that watch every scanner, find every fix, and apply it — with your humans only in the loop where it matters."