Anthropic’s Project Glasswing has changed the math on vulnerability discovery, and software teams need to sit with the implications.
Project Glasswing is an industry coalition, including Amazon, Apple, Google, Microsoft, Cisco, and others, built around Anthropic’s most capable AI model, Claude Mythos Preview, with the explicit goal of finding and patching critical software vulnerabilities before attackers can exploit them.
Chief Technology Officer at RunSafe Security.
In Anthropic’s own testing, Mythos scanned major operating systems and browsers and found vulnerabilities at a scale and depth that manual auditing and fuzzing have missed.
One bug in OpenBSD had been in production code for 27 years. OpenBSD is not an obscure, unexamined codebase. It has been audited and fuzzed by world-class researchers countless times across more than two decades. Mythos found an exploitable bug anyway. If that is possible there, it is possible anywhere.
The unsettling number for security teams is that Anthropic says more than 99% of what Mythos found has not yet been patched.
AI is eliminating the patch window
The traditional security model assumes defenders have time to find a vulnerability, build a patch, and deploy it before an attacker can exploit it. AI-assisted vulnerability discovery is collapsing that assumption, as AI is finding vulnerabilities faster than defenders can patch them.
What Mythos surfaced in a single research effort would require thousands of labor years to fix and validate across every affected organization.
The pressure on defenders is coming from both directions. The same AI capabilities that surface vulnerabilities at scale are also generating working exploits against those same vulnerabilities.
Attackers who gain access to comparable models will know where the holes are, and they will have tools to quickly develop exploits. That compresses the window further and raises the stakes on every vulnerability that remains unpatched.
As AI accelerates vulnerability discovery, teams will spend more time on remediation, disrupting product roadmaps and delivery schedules. Security teams that were already stretched thin are now facing a queue that will not clear in the near term. And Anthropic has said plainly that this capability will only continue to advance.
Why memory safety bugs are the sharpest edge of this problem
Memory safety vulnerabilities are a particularly dangerous part of this picture. They are prevalent across legacy codebases and reliably exploitable, and AI has now demonstrated its ability to find these bugs and chain them into a working exploit.
Buffer overflows, use-after-free errors, and out-of-bounds writes are found across compiled code in the energy grid, defense systems, transportation, and more.
Notably, among the bugs cited in the Mythos announcement, many were memory-safety-related. For example, Mythos Preview identified and then exploited a 17-year-old remote code execution vulnerability in FreeBSD. Mythos also identified memory safety flaws in the Linux kernel and prominent web apps.
Patching alone cannot keep up
The volume of what AI tools can now surface changes the math on patching as a primary defense. No security team can outrun a continuous flow of zero-days across critical software.
The organizations best positioned to weather this are the ones that have already shifted their thinking from eliminating all bugs to building resilience into software itself.
By building software in ways that reduce exploitability, even when bugs remain, organizations can reduce the patching burden. One example is runtime protections, which prevent the exploitation of certain bugs even before a patch is available.
A vulnerability only matters to an attacker if they can reach it and create a working exploit. Hardening software at the binary level shrinks that possibility, not by fixing the bug, but by pulling away the footholds needed to turn it into a breach. The bug stays.
The path to exploiting it narrows significantly. When remediation backlogs run into years, that gap between “bug exists” and “bug is usable” is where organizations can buy time.
What to do now
The practical response starts with accepting that the backlog is real and that patching alone will not clear it on any useful timeline. Audit legacy codebases for memory-unsafe components and prioritize those that are network-exposed or process untrusted data.
Deploy binary hardening and runtime protections for software that cannot be rewritten or replaced quickly. Build remediation workflows that triage by exploitability, not just severity score.
The deeper shift is in how organizations think about risk. A system that has not been patched is not necessarily one that will be breached, provided it has been hardened at the binary level and protected against what an attacker can do with a vulnerability. That posture fits the current environment.
Resilience and remediation work together, and organizations that treat them that way will be better positioned as AI-assisted discovery continues to scale. Project Glasswing is giving defenders a head start. The organizations that move now to harden what they cannot yet patch will be in a stronger position when that access expands.
We’ve featured the best encryption software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit
