Software program safety has all the time labored a bit like drugs does.
Docs search for issues, diagnose what’s incorrect and prescribe remedies earlier than issues worsen. Software program operates a lot the identical means. Engineers uncover bugs, builders problem patches and corporations hope fixes arrive earlier than attackers discover the identical weaknesses.
It’s not excellent. However beneath this messy course of one factor has all the time remained the identical.
Everybody was working at human pace.
That gave software program groups time to search out issues and repair errors earlier than they became disasters.
This fundamental system survived the rise of the web, smartphones and cloud computing.
However it’s starting to appear like AI simply broke it.
Undertaking Glasswing
Anthropic simply issued a brand new Undertaking Glasswing replace.
And it’s a doozy.
As a reminder, Undertaking Glasswing is Anthropic’s effort to make use of AI to robotically search software program for hidden safety flaws earlier than hackers can exploit them.
To try this, Anthropic used its new Mythos AI to scan greater than 1,000 open-source software program tasks, principally instruments and code libraries that assist energy web sites, cloud platforms and huge components of the fashionable web.
And Mythos discovered a LOT of potential weaknesses.
Based on Anthropic, the system recognized greater than 23,000 doable software program vulnerabilities. Greater than 6,200 had been thought-about “excessive” or “vital” severity, that means they might probably permit attackers to steal information, crash techniques or acquire unauthorized entry to software program.
That’s already an enormous quantity. However one other statistic is probably extra telling.
As a result of one of many largest issues with AI safety instruments is that they typically produce false alarms. They’ll flag innocent code as harmful, which wastes monumental quantities of time for builders attempting to kind via the outcomes.
However Anthropic says that of the high- and critical-severity findings reviewed up to now, greater than 90% turned out to be reputable vulnerabilities.
That implies Mythos isn’t simply producing noise. It’s discovering actual issues at a scale people would battle to maintain up with.
Software program safety has all the time been a race.
Attackers seek for weaknesses they will exploit, whereas builders and safety groups rush to search out and repair those self same flaws first. The facet that strikes quicker often wins.
However it principally labored as a result of people are gradual to find software program vulnerabilities.
Discovering severe software program flaws requires uncommon experience, persistence and time. You want individuals who perceive code effectively sufficient to identify errors different individuals missed. That makes vulnerability analysis worthwhile, but in addition restricted.
AI adjustments the equation.
That’s as a result of it offers each defenders and attackers a strategy to seek for weaknesses quicker, throughout extra code, with fewer human bottlenecks.
This doesn’t imply each teenager with a chatbot can all of a sudden turn out to be an elite hacker. However it does imply the previous shortage is beginning to disappear.
And we’re already seeing it occur.
Google lately stated it disrupted a felony group that used AI to assist uncover and weaponize a beforehand unknown software program vulnerability earlier than a deliberate mass exploitation occasion.
John Hultquist, chief analyst at Google’s Menace Intelligence Group, famous: “The period of AI-driven vulnerability and exploitation is already right here.”
However we’ve recognized it’s been coming for some time.
For years, cybersecurity specialists warned that AI may ultimately assist attackers discover and exploit hidden weaknesses. Now one of many world’s largest know-how corporations is acknowledging that the time has arrived.
And the numbers recommend this downside is getting worse.
Verizon’s 2026 Information Breach Investigations Report discovered that software program vulnerabilities had been accountable for 31% of knowledge breaches, making them the most typical means attackers break into techniques at this time.
Picture: Verizon’s 2026 Information Breach Investigations Report
It means attackers are now not simply tricking individuals into handing over passwords. They’re more and more breaking immediately via weak spots in software program.
And if AI makes these weak spots simpler to search out, then your entire safety mannequin has to vary.
That’s the conclusion the current Undertaking Glasswing replace is pointing to.
The previous sample of corporations releasing software program, safety researchers discovering weaknesses, builders creating fixes and customers downloading updates continues to be the norm at this time.
You don’t must look any additional than Microsoft’s month-to-month Patch Tuesday updates to see it in motion.
However that system was constructed for a world the place people set the tempo.
AI is making that tempo out of date.
In actual fact, Anthropic says some builders already requested for extra time to repair the vulnerabilities Mythos uncovered. Not simply because they needed to confirm its findings, however as a result of it discovered too many reputable issues too shortly.
That exhibits you why issues want to vary.
The troublesome a part of cybersecurity was once discovering hidden vulnerabilities. Now AI is beginning to make it the straightforward half.
Which suggests the subsequent huge problem will likely be to repair every thing AI uncovers earlier than the incorrect individuals can exploit it.
Right here’s My Take
The world runs on software program now.
Banks, hospitals, utilities, protection contractors, airways, factories and cloud platforms all depend upon code that’s continuously altering.
However that code isn’t excellent. And the extra software program we construct, the extra hidden weaknesses we create.
AI is enabling programmers to jot down software program quicker than ever. However it’s additionally permitting hackers to search out vulnerabilities simply as shortly.
Fortuitously, components of the tech world are already getting ready for this future.
Earlier this yr, DARPA held its AI Cyber Problem, the place autonomous AI techniques competed to find and patch software program vulnerabilities with minimal human involvement.
That implies the subsequent technology of cybersecurity will look much less like month-to-month software program updates…
And extra like a continuously lively immune system.
Regards,
Ian King
Chief Strategist, Banyan Hill Publishing
Editor’s Word: We’d love to listen to from you!
If you wish to share your ideas or strategies in regards to the Day by day Disruptor, or if there are any particular subjects you’d like us to cowl, simply ship an e mail to [email protected].
Don’t fear, we received’t reveal your full identify within the occasion we publish a response. So be at liberty to remark away!
