Project Glasswing Shows That AI Will Break The Vulnerability Management Playbook

Anthropic, along with 11 other companies, recently announced Project Glasswing, an initiative that aims to secure software in the wake of advances in AI capabilities, most notably Anthropic’s Claude Mythos Preview frontier model.

Project Glasswing is made up of a who’s who of tech companies, cybersecurity vendors, and others: Amazon Web Services (AWS), Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The project’s stated goal is “to secure the world’s most critical software.”

This effort was started after Anthropic published its claims that the Claude Mythos Preview model can find previously unknown zero-day vulnerabilities in software in record time, exceeding the efforts of current scanners and other technologies. Recognizing the potential for good — and evil — uses of this capability, Anthropic assembled a coalition to use these capabilities to find and fix problems before adversaries can exploit them.

If true (and we have little reason to doubt the veracity of the claims), this will break the vulnerability management playbook — and perhaps the cybersecurity approaches of today. It will force organizations to drastically rethink their approaches to vulnerability management and patching, moving from today’s often-glacial pace to something much, much faster.

With the current CVE ecosystem already running on fumes, Glasswing sets the stage for a potential new vulnerability discovery and cataloguing system closed and controlled by approved partners and software maintainers. This will disrupt the way signature-based network and application vulnerability scanners fundamentally operate, giving way to AI-based tools.

From Breakthroughs To Breakdowns

The technical breakthroughs promised by Claude Mythos Preview give security pros the opportunity to discover vulnerabilities — and attackers the ability exploit them — at unprecedented speed and scale. The real work begins once those vulnerabilities are known. Then, organizations will have to quickly test and patch systems at a speed today’s processes won’t support. Organizations will face challenges:

The vulnerability discovery and remediation pipeline you know is no more. Zero-day discovery at this scale pushes us out of today’s CVE disclosure process and a need to reindustrialize. Patch Tuesday will no longer be marked on the calendar. A 30-day waiting period for patching won’t be acceptable in an environment when attackers can go from discovery to exploit in minutes.
Tech debt will continue to haunt us. Like the COBOL crisis brought on us by Year 2000 projects, vulns found in aging OSes and systems will require the knowledge of folks who built those systems decades ago. Claude Code (and other models) are good at writing greenfield software, but may not be as effective at patching ancient code without breaking things.
Discovery accelerates, but inventory lags behind reality. Many organizations still do not have an accurate, continuously updated inventory of what they run, where it runs, and how it is built. AI-driven disclosure cycles will outrun your ability to identify exposure. Static asset inventories fail when discovery and patching happen continuously.
Autonomous remediation is required but is still emerging. Anthropic did not specify the remediation motion in its announcement. It also did not highlight how Claude Mythos Preview can help write patches, and instead referred to patch development advances in Opus 4.6. Regardless of model used, the LLM needs context about the code, the flaw, and guidance on fixing — all context that exists in siloes and still requires human insight. AI code fix agents that are able to handle any input, beyond what scanners output, are still emerging. Enterprises should continue experimenting with AI coding agents and prepare to expand that capability in production.
The economics still do not favor CISO budgets. CISOs will need to choose to either: 1) run these models themselves and pay the same or more in tokens (provided they’re given access); 2) use a pentest provider that will run the same models and pass on the costs of the tokens to customers (provided they’re given access); or 3) select a non-AI-led pentest that fails to find bugs AIs are not capable of discovering (in cases where access to these models is prohibited or too expensive). None of these are ideal scenarios.
Adversaries will (obviously) use this capability to their advantage. Technical leaps forward are double-edged. They introduce plenty of opportunities for defenders but can also be a boon to adversaries. As patches are released, attackers will be able to reverse-engineer them to create exploits at scale. Organizations that are slow to patch and remediate will be vulnerable to attackers using automated capabilities to exploit them. Adversaries may also develop or acquire their own models that rival Claude Mysthos Preview’s capabilities, giving them powerful tools for finding and exploiting known and unknown vulnerabilities.

What Security Teams Should Do Now

If organizations do not take advantage of this new model and the automation between discovery and patching, they will fall behind in vulnerability patching efforts. Attackers will exploit that gap, and security teams have to be ready. Forrester recommends that security pros:

Use this announcement as a forcing function. Cybersecurity often requires a compelling event to demonstrate that risk is real. The speed at which these capabilities are moving doesn’t give security pros the luxury of waiting. Act now and educate your stakeholders about why changing your vulnerability identification and remediation process is an imperative — now. Don’t wait. Don’t pass go. Do it now.
Automate regression testing. Make the case to automate regression tests for your most critical applications, even the legacy ones, that going offline would have significant impact to the business. In the case where the code is no longer available, determine what controls would be necessary to prevent an attack.
Base proactive and application security on decisions, not findings. AI should support prioritization, clustering, and impact analysis as much as discovery. Your proactive security approach needs to be remediation centric, not one that lists CVE after CVE. Modern proactive security programs incorporate attack path modeling, reachability of exploits (including efficacy testing of existing and temporary compensating controls), and the exploit’s impact. Use these insights to conduct choke point analyses — where a patch or control must be implemented and the steps that must be taken across each stakeholder as your playbook.
Make SBOMs table stakes, not compliance artifacts. As vulnerabilities are found in open-source software and OSes, SBOMs become critical to understand what vulnerable software may exist in your environment and inventory where open-source and third-party vulnerable software exist. Without usable SBOMs, fixes arrive faster than organizations can map impact.
Use the home field advantage. Security engineers must decide what to fix first based on reachability, exploitability, blast radius, and business impact — not merely the presence of a vulnerability. This is the security team’s advantage versus weaponized exploits. You’re on your home field. While Mythos, and future AI-led exploit discovery models, can objectively detect zero days and write exploits, they do so without knowledge of your control environment and what is most important to your organization.
Implement compensating controls as a short-term Band-Aid. Security teams must introduce controls like virtual patching in WAFs, automated detection and response, and asset containment for assets that exceed risk thresholds as temporary measures while they wait for remediations to be completed. Apply Zero Trust principles to segment applications on the network or, in the worst case, take the application offline.

The cybersecurity vendors will respond predictably. Every vendor will claim AI powered zero-day discovery capabilities. Much of it will be faster automation relabeled as innovation.

Practitioners should ignore the acronyms and ask harder questions like:

Does this help us understand exposure faster than attackers can weaponize fixes?
Does it help us decide what to patch first?
Does it reduce uncertainty, or just increase backlogs?

The limiting factor in security is no longer the ability and knowledge to find problems. It is the ability to absorb, prioritize, and act on them before adversaries do.

AI is making this painfully clear. More insight does not automatically mean better security.