10,000+
high/critical severity vulnerabilities identified by Glasswing; traditional programs handle dozens per quarter
2,100+
vulnerabilities patched by Claude Security in its first 3 weeks in public beta
12 minutes
to first working Firefox exploit in Mythos N-days testing; IR playbooks assuming day-scale timelines are structurally wrong
6-12 months
Anthropic's timeline projection for Mythos-class capability being widely available to adversaries

SponsoredRetool

Retool's new app builder is where AI-generated code ships safely

Building apps with AI is easy. Getting them to production safely is another story.

Start building for free today

Project Glasswing has identified more than 10,000 high/critical severity vulnerabilities across partner organizations' software. Most traditional vulnerability management programs handle dozens of high/critical findings per quarter. They are not designed for this throughput, and the operational gap between what AI-scale vulnerability discovery produces and what conventional security operations can absorb is the central challenge facing security teams right now.

The vulnerabilities Glasswing is finding are also structurally different from standard CVEs. A 17-year FreeBSD NFS bug and a 27-year OpenBSD TCP SACK flaw survived decades of expert audit, fuzzing campaigns, and security-focused code review. They are not bugs that existing vulnerability management processes would have caught, which means they are not bugs that existing patch prioritization frameworks are calibrated to handle.

Anthropic's red team has published four specific defensive actions for security teams operating in this environment. This guide walks through each one with operational specificity -- not as a general framework, but as a set of concrete changes to patch SLAs, tool integration, IR automation, and disclosure posture that security teams can implement against actual practice gaps.

Why AI-Discovered Vulnerabilities Require a Different Response

The Glasswing findings differ from traditional CVEs in two structural ways that matter for operational response. First, scale: more than 10,000 high/critical vulnerabilities identified, most still unpatched. Traditional vulnerability management processes handle dozens of high/critical per quarter. A program calibrated for that throughput will fail under Glasswing-scale disclosure volume. Triaging, assigning, tracking, and verifying patch status for high/critical CVEs at this volume requires automation at stages that most programs still rely on human analysts to manage.

Second, novelty: Mythos is finding bugs in old, rarely-audited subsystems that traditional scanning, fuzzing, and code review never reached. The 17-year FreeBSD NFS bug and the 27-year OpenBSD TCP SACK flaw survived decades of expert security review. They represent a class of vulnerability that is not on any existing CVE radar and that existing vulnerability management processes would never have prioritized for audit -- because the systems were old and therefore assumed to be well-understood.

The combination means security teams are facing both a volume problem and a novelty problem simultaneously. The four defensive actions below address each directly.

Action 1: Shorten Your Patch Cycle for Legacy Systems

Mythos's capability to find multi-decade-old bugs means age is no longer a proxy for audited status. A software component that has not received a security-focused audit in more than five years should be treated as potentially vulnerable regardless of its CVE history -- the absence of CVEs in old code is evidence that no one has looked carefully, not evidence that there are no bugs to find.

Practical implementation steps: (a) Inventory operating system and library versions with explicit age tracking -- when was each component last the subject of a security-focused audit or formal review? Most vulnerability management platforms track CVE counts but not audit history. Build the age dimension explicitly. (b) Apply expedited patch SLAs to CVEs affecting components older than five years. A 24-48 hour SLA for high/critical in legacy components is defensible given Mythos N-days research showing working exploits within hours of vulnerability information becoming available. (c) Prioritize network-accessible services in legacy subsystems: NFS, SMB, LDAP, and similar protocol implementations. These are precisely the code paths Mythos targets, and they are the most exposed to exploitation without lateral movement being required.

Free daily briefing

Briefings like this, every morning before 9am.

Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.

Action 2: Use Frontier AI Defensively Now, Not Later

Anthropic's explicit recommendation to the security community is direct: integrate frontier AI into your defensive workflows immediately, not after the tooling matures. The same capability that found 10,000+ vulnerabilities in partners' software can be directed at your own codebase, your own infrastructure, and your own threat hunting workflows. Claude Security (public beta) patched 2,100+ vulnerabilities in its first three weeks. That rate is only possible because AI can operate continuously across a codebase at a depth and breadth that human reviewers cannot match.

The competitive dynamics argument is specific. Anthropic projects that Mythos-class capability will be accessible to adversaries within 6-12 months. Organizations that have already built AI into their vulnerability research, code review, and threat hunting workflows by that point will have a structural advantage -- they will have baseline familiarity with the tooling, established workflows, and accumulated institutional knowledge about how AI findings integrate into their specific security operations. Organizations waiting for tooling to mature are ceding that runway.

The practical starting point for most teams is integrating AI-assisted code review into the CI/CD pipeline for high-risk components, starting with network-facing services in the legacy subsystem categories that Glasswing has shown are most productive. The incremental investment is low. The baseline familiarity it builds is high.

Actions 3 and 4: Automate IR and Revisit Disclosure Posture

Action 3: Automate incident response triggers. Mythos N-days research found first working exploits in 12 minutes for Firefox and 31 minutes for Windows kernel vulnerabilities. IR playbooks that assume days of analyst review before a threat is weaponized are structurally wrong for a world where working exploits exist within an hour of vulnerability information becoming available. The fix is pre-staged automated containment: network isolation for critical systems triggered by EDR behavioral detection, automated quarantine rules in SIEM that fire on known-bad behavioral patterns without waiting for analyst approval, and response playbooks that execute on high-confidence signatures. The goal is not to remove human judgment from IR -- it is to remove human latency from the containment decision when the threat pattern is unambiguous.

Action 4: Review disclosure posture. The 90-day coordinated vulnerability disclosure window was calibrated for a world where exploit development is expensive and measured in weeks of senior researcher time. That assumption is no longer valid. If your organization participates in coordinated disclosure as a reporter, push vendors for shorter patch commitments and treat non-response past 30 days as grounds for disclosure rather than grounds for extension. If your organization receives disclosures, treat Day 1 as the start of an active race. The embargo window is not a 90-day buffer -- it is the window before a Mythos-class system can produce a working exploit from the public vulnerability description. That window may be shorter than the disclosure timeline your vendor policy assumes.

The bottom line

The four defensive actions -- shorten patch cycles for legacy systems, integrate AI defensively now, automate IR triggers, and recalibrate disclosure posture -- are not generic security recommendations. They are direct responses to the specific structural changes that AI-scale vulnerability discovery creates. Security teams that implement them will be operating in alignment with the threat environment. Teams that defer will face a growing operational gap as Glasswing CVEs enter coordinated disclosure through H2 2026 and Mythos-class capability becomes more widely accessible. For a deeper technical assessment of what AI cybersecurity capabilities mean for your specific environment, read the free Mythos Brief at /mythos-brief.

This analysis is generic — the platform version scores threats like this against your own stack.

Frequently asked questions

What are the four defensive actions Anthropic recommends against AI-discovered vulnerabilities?

Anthropic's red team recommends: (1) Shorten patch cycles, especially for legacy systems, treating age as no longer a proxy for audited status. (2) Integrate frontier AI into defensive workflows now -- vulnerability research, code review, and threat hunting. (3) Automate IR pipeline triggers for known-bad behavioral patterns. (4) Review coordinated disclosure posture, since 90-day windows assume slow exploit development that no longer holds.

Should I change my patch SLAs because of AI exploit development?

Yes. The practical recommendation is to apply expedited patch SLAs (24-48 hours) to CVEs affecting components older than five years, and to treat any network-accessible service in a legacy subsystem -- NFS, SMB, LDAP, and similar protocol implementations -- as a priority target. Age is no longer a proxy for audited. Mythos found a 17-year FreeBSD bug and a 27-year OpenBSD flaw that survived decades of expert review.

What is Claude Security and how does it help defend against AI-discovered vulnerabilities?

Claude Security is Anthropic's public-beta commercial product built on Claude Opus 4.7. It is available to organizations outside of Project Glasswing. In its first three weeks of public beta, it patched 2,100+ vulnerabilities. It provides a direct path for security teams to direct the same class of AI capability that is finding vulnerabilities at scale against their own codebases.

How should coordinated vulnerability disclosure timelines change given AI exploit speed?

90-day disclosure windows were calibrated for a world where exploit development is expensive and takes weeks of senior researcher time. Mythos N-days research produced first working Firefox exploits in 12 minutes and Windows kernel exploits in 31 minutes. Organizations disclosing to vendors should push for faster patch timelines. Organizations receiving disclosures should treat Day 1 as the start of an active race, not the start of a 90-day countdown.

What does 'automate IR pipeline' mean in practice?

It means pre-staging automated containment triggers that execute without analyst approval for known-bad behavioral patterns: network isolation for critical systems on EDR behavioral detection, automated quarantine rules in SIEM, and response playbooks that fire on specific behavioral indicators. The goal is to remove analyst review latency from the initial containment decision when the threat pattern matches a pre-defined high-confidence signature.

How do I prioritize patching when thousands of new vulnerabilities are being found?

Prioritize by component age and network exposure. Legacy subsystems (NFS, SMB, LDAP, OS networking stacks) that are network-accessible and have not received a security-focused audit in five or more years are the most likely targets for AI-discovered vulnerabilities. Apply 24-48 hour SLAs to high/critical CVEs in those components. For the broader volume, Glasswing CVEs will be disclosed through CISA KEV and NVD as embargo windows close through H2 2026.

Sources & references

  1. Assessing Claude Mythos Preview cybersecurity capabilities, Anthropic
  2. Project Glasswing: An initial update, Anthropic
  3. Anthropic N-Days research
  4. Expanding Project Glasswing, Anthropic
  5. Anthropics Project Glasswing Exposes the Next Challenge for Vulnerability Management, IANS Research

Free resources

25
Free download

Critical CVE Reference Card 2025–2026

25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.

No spam. Unsubscribe anytime.

Free download

Ransomware Incident Response Playbook

Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.

No spam. Unsubscribe anytime.

Free newsletter

Get threat intel before your inbox does.

50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.

Unsubscribe anytime. We never sell your data.

Eric Bang
Author

Founder & Cybersecurity Evangelist, Decryption Digest

Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.

Black Hat Giveaway

Win a $2,495 Black Hat pass.

Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.

Joins Decryption Digest daily briefing. Unsubscribe anytime.

Giveaway: Black Hat USA 2026 Full-Access Pass ($2,495 value)

Details →
Daily Briefing

Subscribe to enter the giveaway

Every subscriber is automatically entered. You also get daily threat intel every morning: zero-days, ransomware, and nation-state campaigns. Free. No spam.

Already subscribed? You're already entered.

Giveaway

Win a $2,495 Black Hat USA 2026 pass.