The 4-minute cut for venture and executive audiences. The 12-minute cut for technical buyers and CISOs. Both lean on the live console at http://localhost:3090. Confirm the CSX theme is active in the top bar before you start.
"What you're looking at is the live console of Mythal running against a simulated Class I freight railroad — Meridian Continental Railway, 6,500 IT and OT assets."
"Open critical findings, KEV-listed open, MTTR, patches applied in 24h, OT under compensating control, assets in scope. Live, refreshing every four seconds."
Click Run. Move to Agent Activity. Show the 12-agent chain filling: scanner_liaison → threat_intel → patch_hunter → impact_analyst → change_risk → planner → policy gate → executor → verifier → compliance_reporter.
"A Siemens RTU advisory hit OT. Our OT Safety Officer agent vetoed direct patching, proposed an ACL tightening + IPS signature as compensating controls, scheduled firmware update for the next planned window. All logged. All maps to TSA SD 1580-21-01."
"Beyond CVE scanners. EOL, version sprawl, shadow IT, CCS-without-owner. The inventory layer most platforms miss."
Compliance page → Export evidence PDF. "TSA SD package, control by control, in under sixty seconds."
"Mythos sent discovery machine-speed. We are the response layer that finally goes machine-speed too — without endangering an OT system. Ninety-day pilot."
State the Mythos thesis crisply. Acknowledge TSA / CISA pressure and the OT maintenance-window constraint.
Open Integrations. Walk the row: Qualys · Tenable · Rapid7 · Wiz · Defender · Claroty · Nozomi · Dragos. "Fabric, not a scanner." Show the agent backends card.
Open Agent Activity. Filter by supervisor. "Twelve agents, one trace per finding, every message HMAC-signed."
Open Policy Studio. Walk seven default rules. Run evaluator with asset_env=OT, is_ccs=true, maintenance_window_open=false. Show dual_approval · rule SG-POL-001.
Run Patch Tuesday. Cross to Plans Kanban. Watch columns fill: AWAITING_APPROVAL → APPROVED → EXECUTING → CLOSED. Approve one IT plan live, watch it walk through executor → verifier → compliance_reporter.
Run Scenario C. Drop into OT Operations. Open any plan row. Read the veto rationale aloud — the three compensating controls (ACL, IPS signature, monitored isolation) and the scheduled change window. Show evidence under Compliance.
Click any finding from Findings. Walk the agent-by-agent trace on the right. Note any prompt-injection flag if an advisory body tripped the scanner.
Walk Inventory Insights. Sort by severity. Open a version_sprawl rec and a ccs_no_owner rec. "Scanners tell you about known CVEs. This tells you what you own and where you're exposed."
Open Compliance. Click each framework card. Export PDF for TSA SD 1580. Open it in the browser. Walk the structure.
Open the leadership .pptx (Command Center top-right). Slides 11 (Roadmap) and 12 (Ask). Close with the 90-day pilot ask.
A TSA SD evidence PDF already in your Downloads, in case live export hits a hiccup.
Keep POST /api/admin/reset ready if the demo runs long and you want to start clean.
If the room reacts to dark mode, press T to flip to Salesforce.
http://localhost:3090 — Command Center pre-loaded.
http://localhost:8090/docs — for the technically curious.
$750K–$3M ACV scoped by estate size + integration breadth. On-prem M9+1.
The SIMULATED watermark is on every PDF, console pill, and evidence artifact for a reason. Production tenants are clean; demo tenants are watermarked.
"To make the demo faster" is the wrong reason. The veto path is the differentiator that wins OT operators.
Identity-aware remediation, Glasswing, AI Red Team agent #13 are Q3 2026 → Q1 2027. Stay disciplined on dates.
The console is the product. If something glitches, switch theme (T) and continue.