Compositional SaaS is not just complexity.
It is risk.

Every SaaS application your organization runs may be individually secure, compliant, and audited. It doesn't matter. Security does not compose cleanly. Anthropic's Mythos model proved it — and the proof is permanent.

The Dunbar Perimeter.

In the 1990s, anthropologist Robin Dunbar observed that humans can maintain stable relationships with roughly 150 people at once. Beyond that number, the cognitive load becomes unmanageable. We lose track. We lose context. We lose the ability to reason about the whole.

The same limit applies to complex systems.

A CISO can hold one application's architecture in their head with clarity. Maybe two. By the time you're reasoning about five or ten interconnected enterprise platforms simultaneously — their APIs, their data flows, their trust relationships, their shared identity layers — you are at the edge of what human cognition can manage. So organizations did what humans always do when they hit a cognitive limit: they partitioned.

The Salesforce teamsecured Salesforce. Knew its surface. Owned its vulnerabilities.

The SAP teamsecured SAP. Knew its surface. Owned its vulnerabilities.

The identity teamsecured Active Directory. Knew its surface. Owned its vulnerabilities.

The finance teamsecured their ERP. Knew its surface. Owned its vulnerabilities.

Each silo felt like a boundary. Each team felt like a perimeter. The organization felt secure because every domain had an owner and every owner had a handle on their domain.

We call this the Dunbar Perimeter — the implicit security boundary created not by architecture, but by the cognitive limit of the humans responsible for it.

The Dunbar Perimeter was never a real control plane. It was a limit of perception. The systems were always connected. The connections just weren't fully seen.

Why the SaaS business model is built on Dunbar Perimeters.

The modern enterprise SaaS ecosystem didn't create the Dunbar Perimeter — it industrialized it.

Every SaaS vendor sells a best-of-breed solution for a specific domain. CRM. ERP. HRIS. ITSM. Finance. Procurement. Collaboration. Each one is optimized, supported, and secured within its own boundary. Each one has its own compliance certifications, its own security team, its own penetration testing program.

And each one connects to all the others.

The average enterprise now runs hundreds of SaaS applications. Each integration — each API call, each SSO connection, each shared data flow — creates an edge between two nodes. That edge crosses a Dunbar Perimeter. It belongs to neither team. It is secured by no single owner. It lives in the gap between two cognitive domains that were never designed to reason about each other.

Individually secure SaaS systems can create collectively insecure architectures. The SaaS business model sells you perimeters. It does not sell you the connections between them.

This was always true. The reason it wasn't catastrophic was simple: the attacker had a Dunbar limit too. Human attackers, even sophisticated ones, could only hold so many systems in their heads simultaneously. They picked targets. They worked domains. The cognitive partitioning that limited defenders also limited attackers.

That symmetry is gone.

What Mythos revealed.

Anthropic's Mythos model does not have a Dunbar limit. It does not partition systems into cognitive domains. It does not fatigue. It does not privilege one context over another.

It constructs and traverses the full dependency graph — across identity systems, SaaS platforms, internal services, and data flows — simultaneously, autonomously, and without the cognitive overhead that made siloed security feel adequate.

The connections that were previously invisible to defenders are now first-class attack paths. Not new connections. The ones that were always there — running through every integration boundary, every API edge, every cross-system workflow that was owned by nobody because it crossed a Dunbar Perimeter.

The inversion is complete:

Defendersstill evaluate systems one domain at a time.

Adversariesnow traverse them as one unified graph.

Architectureassumed separation between systems.

Attackersexploit their composition.

SaaS vendorssecure their perimeter.

Nobodyowns the edges between them.

You can no longer evaluate Salesforce's attack surface independently from SAP's. They are not separate surfaces. They are nodes in a single traversable graph. They always were. The difference is that now, something can see and exploit that graph in its entirety — and it works overnight while your team sleeps.

The CRC response.

The Dunbar Perimeter is gone. Hardening individual applications inside individual Dunbar silos is no longer a viable strategy. The response is not more controls inside each silo. It is elimination of the silos — and the edges between them.

Consolidate, Reduce, Close. Three directives. In order. Each one removes material that a Mythos-class adversary requires to traverse your stack.

Consolidate

Collapse the graph.

General Reasoning's DXMachine brings regulated workflows — the functions that today span Salesforce, SAP, Workday, ServiceNow, and a dozen integration layers — onto a single governed platform. Every application eliminated removes a node. Every integration boundary eliminated removes an edge. The traversable graph shrinks to one. There are no cross-domain connections to chain across because there are no domains.

Reduce

Eliminate the execution surface.

The execution environment is a purpose-built OS running exactly one thing: the application. No shell. No package manager. No browser. No unnecessary kernel subsystems. No legacy daemons. When a Mythos-class model finds a vulnerability in this environment, there is nothing to chain it to. The bug exists. The chain does not. Purpose-built infrastructure running Chandra Protocol and DXMachine — nothing else.

Seal the network.

Circular network topology. Each node communicates only with other known, authenticated nodes in the governed boundary. Inbound and outbound rules permit only traffic between Chandra and DXMachine instances. One auditable egress point — a single, certificate-pinned external endpoint, logged as a first-class audit event on every call. There is no public surface to fingerprint. There is no lateral path to traverse. Mythos has no entry point.

Boundary

Govern every external AI inference endpoint.

Every external AI inference endpoint is named, certificate-pinned, logged, and formally attested. Computer-use AI agents require explicit GABA attestation separate from inference-only endpoints. Residual risks -- provider infrastructure, key management, personnel, government relationships -- are named and signed by an authorized human before go-live.

If Mythos cannot reach it, Mythos cannot chain it. That is the objective. Every CRC control exists to ensure that when a vulnerability is found, there is nothing adjacent to exploit.

The Governed Server Boundary Prerequisite.

A CRC assessment applies exclusively to governed server deployments under formal organizational control. End-user devices, developer workstations, and any environment where AI agents with computer-use capability operate outside a governed boundary are outside CRC scope. If the Governed Server Boundary prerequisite is not met, the MSS is not zero -- it is inapplicable.

This is the Minimum Surface Standard.

Not hardening. Elimination. Four pillars. Total score 0 to 16. Regulated deployment certification requires 13 or higher. The era of the Dunbar Perimeter is over. Any architecture that depended on human cognitive limits to feel secure is now exposed — because the adversary no longer shares those limits.

CRC is published as an open standard. Score your own stack. Read the framework. The goal is not General Reasoning's business — it is a regulated infrastructure posture that can actually survive the adversary that now exists.

Read the CRC Standard Score your stack ↗

General Reasoning, Inc. · Birmingham, Alabama · MIT License · 2026
Enterprise inquiries: inquiries@genreason.com

Compositional SaaS is not just complexity.It is risk.