How to Defend Against AI-Discovered Vulnerabilities: A Practitioner Guide

Retool's new app builder is where AI-generated code ships safely
Building apps with AI is easy. Getting them to production safely is another story.
Project Glasswing has identified more than 10,000 high/critical severity vulnerabilities across partner organizations' software. Most traditional vulnerability management programs handle dozens of high/critical findings per quarter. They are not designed for this throughput, and the operational gap between what AI-scale vulnerability discovery produces and what conventional security operations can absorb is the central challenge facing security teams right now.
The vulnerabilities Glasswing is finding are also structurally different from standard CVEs. A 17-year FreeBSD NFS bug and a 27-year OpenBSD TCP SACK flaw survived decades of expert audit, fuzzing campaigns, and security-focused code review. They are not bugs that existing vulnerability management processes would have caught, which means they are not bugs that existing patch prioritization frameworks are calibrated to handle.
Anthropic's red team has published four specific defensive actions for security teams operating in this environment. This guide walks through each one with operational specificity -- not as a general framework, but as a set of concrete changes to patch SLAs, tool integration, IR automation, and disclosure posture that security teams can implement against actual practice gaps.
Why AI-Discovered Vulnerabilities Require a Different Response
The Glasswing findings differ from traditional CVEs in two structural ways that matter for operational response. First, scale: more than 10,000 high/critical vulnerabilities identified, most still unpatched. Traditional vulnerability management processes handle dozens of high/critical per quarter. A program calibrated for that throughput will fail under Glasswing-scale disclosure volume. Triaging, assigning, tracking, and verifying patch status for high/critical CVEs at this volume requires automation at stages that most programs still rely on human analysts to manage.
Second, novelty: Mythos is finding bugs in old, rarely-audited subsystems that traditional scanning, fuzzing, and code review never reached. The 17-year FreeBSD NFS bug and the 27-year OpenBSD TCP SACK flaw survived decades of expert security review. They represent a class of vulnerability that is not on any existing CVE radar and that existing vulnerability management processes would never have prioritized for audit -- because the systems were old and therefore assumed to be well-understood.
The combination means security teams are facing both a volume problem and a novelty problem simultaneously. The four defensive actions below address each directly.
Action 1: Shorten Your Patch Cycle for Legacy Systems
Mythos's capability to find multi-decade-old bugs means age is no longer a proxy for audited status. A software component that has not received a security-focused audit in more than five years should be treated as potentially vulnerable regardless of its CVE history -- the absence of CVEs in old code is evidence that no one has looked carefully, not evidence that there are no bugs to find.
Practical implementation steps: (a) Inventory operating system and library versions with explicit age tracking -- when was each component last the subject of a security-focused audit or formal review? Most vulnerability management platforms track CVE counts but not audit history. Build the age dimension explicitly. (b) Apply expedited patch SLAs to CVEs affecting components older than five years. A 24-48 hour SLA for high/critical in legacy components is defensible given Mythos N-days research showing working exploits within hours of vulnerability information becoming available. (c) Prioritize network-accessible services in legacy subsystems: NFS, SMB, LDAP, and similar protocol implementations. These are precisely the code paths Mythos targets, and they are the most exposed to exploitation without lateral movement being required.
Briefings like this, every morning before 9am.
Threat intel, active CVEs, and campaign alerts, distilled for practitioners. 50,000+ subscribers. No noise.
Action 2: Use Frontier AI Defensively Now, Not Later
Anthropic's explicit recommendation to the security community is direct: integrate frontier AI into your defensive workflows immediately, not after the tooling matures. The same capability that found 10,000+ vulnerabilities in partners' software can be directed at your own codebase, your own infrastructure, and your own threat hunting workflows. Claude Security (public beta) patched 2,100+ vulnerabilities in its first three weeks. That rate is only possible because AI can operate continuously across a codebase at a depth and breadth that human reviewers cannot match.
The competitive dynamics argument is specific. Anthropic projects that Mythos-class capability will be accessible to adversaries within 6-12 months. Organizations that have already built AI into their vulnerability research, code review, and threat hunting workflows by that point will have a structural advantage -- they will have baseline familiarity with the tooling, established workflows, and accumulated institutional knowledge about how AI findings integrate into their specific security operations. Organizations waiting for tooling to mature are ceding that runway.
The practical starting point for most teams is integrating AI-assisted code review into the CI/CD pipeline for high-risk components, starting with network-facing services in the legacy subsystem categories that Glasswing has shown are most productive. The incremental investment is low. The baseline familiarity it builds is high.
Actions 3 and 4: Automate IR and Revisit Disclosure Posture
Action 3: Automate incident response triggers. Mythos N-days research found first working exploits in 12 minutes for Firefox and 31 minutes for Windows kernel vulnerabilities. IR playbooks that assume days of analyst review before a threat is weaponized are structurally wrong for a world where working exploits exist within an hour of vulnerability information becoming available. The fix is pre-staged automated containment: network isolation for critical systems triggered by EDR behavioral detection, automated quarantine rules in SIEM that fire on known-bad behavioral patterns without waiting for analyst approval, and response playbooks that execute on high-confidence signatures. The goal is not to remove human judgment from IR -- it is to remove human latency from the containment decision when the threat pattern is unambiguous.
Action 4: Review disclosure posture. The 90-day coordinated vulnerability disclosure window was calibrated for a world where exploit development is expensive and measured in weeks of senior researcher time. That assumption is no longer valid. If your organization participates in coordinated disclosure as a reporter, push vendors for shorter patch commitments and treat non-response past 30 days as grounds for disclosure rather than grounds for extension. If your organization receives disclosures, treat Day 1 as the start of an active race. The embargo window is not a 90-day buffer -- it is the window before a Mythos-class system can produce a working exploit from the public vulnerability description. That window may be shorter than the disclosure timeline your vendor policy assumes.
The bottom line
The four defensive actions -- shorten patch cycles for legacy systems, integrate AI defensively now, automate IR triggers, and recalibrate disclosure posture -- are not generic security recommendations. They are direct responses to the specific structural changes that AI-scale vulnerability discovery creates. Security teams that implement them will be operating in alignment with the threat environment. Teams that defer will face a growing operational gap as Glasswing CVEs enter coordinated disclosure through H2 2026 and Mythos-class capability becomes more widely accessible. For a deeper technical assessment of what AI cybersecurity capabilities mean for your specific environment, read the free Mythos Brief at /mythos-brief.
This analysis is generic — the platform version scores threats like this against your own stack.
Frequently asked questions
What are the four defensive actions Anthropic recommends against AI-discovered vulnerabilities?
Anthropic's red team recommends: (1) Shorten patch cycles, especially for legacy systems, treating age as no longer a proxy for audited status. (2) Integrate frontier AI into defensive workflows now -- vulnerability research, code review, and threat hunting. (3) Automate IR pipeline triggers for known-bad behavioral patterns. (4) Review coordinated disclosure posture, since 90-day windows assume slow exploit development that no longer holds.
Should I change my patch SLAs because of AI exploit development?
Yes. The practical recommendation is to apply expedited patch SLAs (24-48 hours) to CVEs affecting components older than five years, and to treat any network-accessible service in a legacy subsystem -- NFS, SMB, LDAP, and similar protocol implementations -- as a priority target. Age is no longer a proxy for audited. Mythos found a 17-year FreeBSD bug and a 27-year OpenBSD flaw that survived decades of expert review.
What is Claude Security and how does it help defend against AI-discovered vulnerabilities?
Claude Security is Anthropic's public-beta commercial product built on Claude Opus 4.7. It is available to organizations outside of Project Glasswing. In its first three weeks of public beta, it patched 2,100+ vulnerabilities. It provides a direct path for security teams to direct the same class of AI capability that is finding vulnerabilities at scale against their own codebases.
How should coordinated vulnerability disclosure timelines change given AI exploit speed?
90-day disclosure windows were calibrated for a world where exploit development is expensive and takes weeks of senior researcher time. Mythos N-days research produced first working Firefox exploits in 12 minutes and Windows kernel exploits in 31 minutes. Organizations disclosing to vendors should push for faster patch timelines. Organizations receiving disclosures should treat Day 1 as the start of an active race, not the start of a 90-day countdown.
What does 'automate IR pipeline' mean in practice?
It means pre-staging automated containment triggers that execute without analyst approval for known-bad behavioral patterns: network isolation for critical systems on EDR behavioral detection, automated quarantine rules in SIEM, and response playbooks that fire on specific behavioral indicators. The goal is to remove analyst review latency from the initial containment decision when the threat pattern matches a pre-defined high-confidence signature.
How do I prioritize patching when thousands of new vulnerabilities are being found?
Prioritize by component age and network exposure. Legacy subsystems (NFS, SMB, LDAP, OS networking stacks) that are network-accessible and have not received a security-focused audit in five or more years are the most likely targets for AI-discovered vulnerabilities. Apply 24-48 hour SLAs to high/critical CVEs in those components. For the broader volume, Glasswing CVEs will be disclosed through CISA KEV and NVD as embargo windows close through H2 2026.
Sources & references
Free resources
Critical CVE Reference Card 2025–2026
25 actively exploited vulnerabilities with CVSS scores, exploit status, and patch availability. Print it, pin it, share it with your SOC team.
Ransomware Incident Response Playbook
Step-by-step 24-hour IR checklist covering detection, containment, eradication, and recovery. Built for SOC teams, IR leads, and CISOs.
Get threat intel before your inbox does.
50,000+ security professionals read Decryption Digest for early warnings on zero-days, ransomware, and nation-state campaigns. Free, daily, no spam.
Unsubscribe anytime. We never sell your data.

Founder & Cybersecurity Evangelist, Decryption Digest
Cybersecurity professional with expertise in threat intelligence, vulnerability research, and enterprise security. Covers zero-days, ransomware, and nation-state operations for 50,000+ security professionals every morning.
Win a $2,495 Black Hat pass.
Full-access to Black Hat USA 2026 in Las Vegas. Subscribe free to enter.
