Final week, Anthropic introduced Undertaking Glasswing, an AI mannequin so efficient at discovering software program vulnerabilities that they took the extraordinary step of suspending its public launch. As a substitute, the corporate has given entry to Apple, Microsoft, Google, Amazon, and a coalition of others to discover and patch bugs earlier than adversaries can.
Mythos Preview, the mannequin that led to Undertaking Glasswing, discovered vulnerabilities throughout each main working system and browser. A few of these bugs had survived a long time of human audits, aggressive fuzzing, and open-source scrutiny. One had been sitting for 27 years in OpenBSD, typically thought of to be one of many world’s most safe working techniques.
It is tempting to file this below “AI lab says their AI is simply too harmful,” the identical playbook OpenAI ran with GPT-2.
Not so quick; there is a materials distinction this time.
Mythos did not simply discover particular person CVEs.
- It chained 4 impartial bugs into an exploit sequence that bypassed each the browser renderer and the OS sandboxing
- It carried out native privilege escalation in Linux by way of race situations
- It constructed a 20-gadget ROP chain concentrating on FreeBSD’s NFS server, distributed throughout packets.
Claude Opus 4.6, Anthropic’s earlier frontier mannequin, failed at autonomous exploit growth virtually completely.Mythos hit a 72.4% success fee within the Firefox JS shell.
This is not theoretical, nor some new three-to-five-year prediction. That is about to be a real-world engineering actuality.
Why Undertaking Glasswing Exposes the Actual Cybersecurity Hole
Here is the quantity that ought to hold security leaders awake at evening: fewer than 1% of the vulnerabilities discovered by Mythos have been patched.
Let that sink in for a second.
Essentially the most highly effective vulnerability discovery engine ever constructed ran towards the world’s most important software program, and the ecosystem could not soak up the output.
Glasswing solved the discovering drawback.
No person solved the issue of fixing.
Why Defenders Cannot Hold Up: Calendar Pace vs. Machine Pace
That is the structural problem the cybersecurity trade has been circling for years. AI simply made it inconceivable to disregard.
Defenders function on calendar pace. They:
- Collect intelligence
- Construct a marketing campaign
- Simulate the threats
- Mitigate
- Repeat
That cycle takes about 4 days on a very good day. Attackers, particularly these now leveraging LLMs at each stage of their operation, are shifting at machine pace.
For an up-to-the-minute take, David B. Cross, CISO at Atlassian, will likely be talking on the Autonomous Validation Summit on Could 12 about what this seems to be like from the within, why periodic testing cannot hold tempo with adversaries that function autonomously, and what defenders needs to be doing as a substitute.
AI-Powered Attacks Are Already Autonomous
Earlier this 12 months, a menace actor deployed a customized MCP server internet hosting an LLM as a part of their assault chain towards FortiGate home equipment.
The AI dealt with all the pieces:
- Automated backdoor creation
- Inside infrastructure mapping fed on to the mannequin
- Autonomous vulnerability evaluation, and
- AI-prioritized execution of offensive instruments for area admin entry.
The outcome? 2,516 organizations throughout 106 international locations have been compromised in parallel. Your complete chain, from preliminary entry by way of credential dumping to knowledge exfiltration, was autonomous. The one human involvement was reviewing the outcomes afterward.
AI-based Vulnerability Discovery Is Outpacing Remediation
The hole between attacker pace and defender pace is not new.
What’s new is {that a} small however worrisome hole simply grew to become a canyon.
- Autonomous techniques like AISLE found 13 out of 14 OpenSSL CVEs in current coordinated releases, bugs that had survived years of human assessment.
- XBOW grew to become the top-ranked hacker on HackerOne in 2025, surpassing all human individuals.
- The median time from disclosure to weaponized exploit dropped from 771 days in 2018 to single-digit hours by 2024.
- By 2025, the vast majority of exploits will likely be weaponized earlier than being publicly disclosed.
Now add Mythos-class discovery to this image.
You do not get a safer world routinely. You get a tsunami of reliable findings that also require human verification, organizational course of, enterprise continuity concerns, and patch cycles that have not basically modified in a decade.
Learn how to Construct a Mythos-Prepared Safety Program
The intuition after Glasswing is to ask: “How do we discover extra bugs?”
That is really the improper query.
The precise one is: “When 1000’s of exploitable vulnerabilities land in your desk tomorrow morning, can your program really course of them?“
For many organizations, the sincere reply is not any. And the rationale is not a scarcity of instruments or expertise; it is a structural dependency on periodic, human-initiated processes that have been designed for a world the place vulnerabilities trickled in, not one the place they arrived in a tsunami.
We won’t repair each vulnerability. We won’t apply each hardening choice.
That is not defeatism, that’s the pragmatic start line for any security program that really works. The query that issues is not “is that this CVE essential?” however “is that this vulnerability exploitable in my atmosphere, proper now, given what I’ve deployed?“
A Mythos-ready security program wants three basic items.
First: Sign-Pushed Validation Over Scheduled Testing
When a brand new menace emerges, when an asset adjustments, or when a configuration drifts, defenses must be examined towards that particular change in that second. Not through the subsequent quarterly pentest. Not when somebody can discover an open calendar slot.
Your complete idea of “scheduled validation” assumes a steady menace panorama, and at the moment, that assumption is useless on arrival.
Second: Surroundings-Particular Context Over Generic CVSS Scores
Glasswing will produce an avalanche of CVEs.
But most vulnerability administration applications are nonetheless prioritized by CVSS scores. This context-free metric tells you the way dangerous a bug may very well be in principle, not whether or not it is exploitable in your particular infrastructure, given your controls and enterprise danger.
When the amount of findings out of the blue goes from lots of to 1000’s, context-free prioritization will not simply gradual you down; it’ll break your course of completely.
Third: Closed-Loop Remediation And not using a Handbook Handoff
The present mannequin can’t survive in a world the place adversaries exploit CVEs inside hours of disclosure. You already know the drill:
- Scanner finds a bug
- Analyst triages it
- The ticket goes to a distinct crew
- Somebody patches it weeks later
- No person re-validates
That chain of guide handoffs is strictly the place the system disintegrates. If the cycle from discovering to repair to re-validation cannot run with out people shuttling tickets between queues, it clearly isn’t working anyplace close to machine pace.
This is not about shopping for extra instruments. It is about defenders leveraging their one uneven benefit: you realize your group’s topology, attackers do not.
That is a major benefit, however provided that you may act on it at machine pace.
How Autonomous Publicity Validation Closes the Hole — and The place Picus Is available in
That is the half the place I’m going to be actually clear about who’s scripting this.
At Picus Safety, we construct a platform for Autonomous Publicity Validation. So, full disclosure, I’ve a perspective right here that comes with an inherent bias. Take it accordingly.
What Glasswing crystallized for us, and for lots of the CISOs we have been talking with, is that the validation step inside any publicity administration program simply grew to become probably the most essential bottleneck.
- Discovering vulnerabilities is about to get radically simpler and extra environment friendly
- Patching them goes to stay painfully gradual.
The one lever you may pull in between is understanding which of them really matter to your atmosphere. That is validation.
From 4 Days to Three Minutes: How Agentic Workflows Change the Cycle
We constructed Picus Swarm, the AI crew powering autonomous, real-time validation, to compress the standard four-day cycle into minutes.
It is a set of AI brokers that work collectively to do what used to require handoffs between 4 separate groups:
- A researcher agent ingests and vets menace intelligence.
- A crimson teamer agent maps it towards your atmosphere to generate a safety-checked attacker playbook.
- A simulator agent executes throughout your precise endpoints and cloud, gathering telemetry and proof knowledge.
- A coordinator agent bridges findings to remediation, opening tickets, triggering SOAR playbooks, pushing indicators of assault to your EDR, and re-validating after fixes land.
Each motion is traceable and auditable, andevery agent operates inside guardrails you outline.
The entire chain, from a brand new CISA alert to validated, remediation-ready findings, runs in about three minutes.
When a Mythos-class mannequin drops 1000’s of findings in your group, you want one thing that may instantly inform you which of those are exploitable in your atmosphere. Which controls would maintain, which might fail, and what is the vendor-specific repair?
The Uncomfortable Fact
Undertaking Glasswing goes to be measured by one metric: what number of vulnerabilities get patched earlier than they get exploited. Not what number of are discovered, not how spectacular the exploit chains are, however whether or not the ecosystem can digest what AI is about to provide.
Visibility alone has by no means been sufficient, 83% of cybersecurity applications nonetheless present no measurable outcomes. What’s altering the equation is closing the hole between seeing and proving: understanding whether or not a possible vulnerability would really compromise your atmosphere.
That is validation.
And in a post-Glasswing world, it is the one factor standing between a flood of discoveries and a flood of breaches.
We’re internet hosting the Autonomous Validation Summit on Could 12 & 14 with Frost & Sullivan, that includes practitioners from Kraft Heinz and Glow Monetary Providers, together with our CTO, Volkan Erturk. Collectively, we’ll be taking a deeper dive into this particular drawback.
>> Register right here.
Word: This text was written by Sıla Özeren Hacıoğlu, Safety Analysis Engineer at Picus Safety.
