What Project Glasswing Means for the People Running Cybersecurity
Anthropic’s Project Glasswing launched a few weeks ago, and you've probably seen the headlines.
Twelve partners, including tech and cyber leaders like Microsoft, Apple, Amazon, Google, CrowdStrike, and Palo Alto Networks, have agreed to use Claude's Mythos Preview AI model for defensive security purposes. Anthropic has committed $100 million to usage credits for the effort.
Mythos Preview has already uncovered thousands of high-severity zero-day vulnerabilities, including flaws across every major operating system and web browser. It's discovered vulnerabilities in weeks that the entire security research community missed for decades.
Illumio CEO and founder Andrew Rubin put it plainly in a recent blog post that this isn’t an incremental change. When attackers move at machine speed while defenders continue to move at human speed, it’s game over.
The old model of attempting to block threats at the perimeter is finished, perfect prevention has always been a pipe dream – even more so now - and resilience has to replace prevention as the core mission of cybersecurity.
The Anthropic announcement is a big deal, and I want to talk about what happens next. Specifically, I want to explore what this means for the people who run IT and cybersecurity in organizations that aren't on the project's partner list.
The CVE flood is coming
Let’s be specific about the capability shown by Mythos.
Mythos Preview scans existing production software, such as the operating systems, browsers, and open-source libraries that billions of people rely on daily.
It finds vulnerabilities autonomously, writes working exploits, and chains multiple flaws into full attack sequences. And it does this with an 83% success rate on first attempt.
Right now, this capability sits behind a controlled release. About 40 organizations have access, with strict rules about defensive use and coordinated disclosure.
Anthropic reports vulnerabilities to maintainers first before going public to give them time to patch. It only publishes technical details after fixes are deployed.
But here's the thing Anthropic themselves acknowledged in its announcement: “The work of defending the world's cyber infrastructure might take years. Frontier AI capabilities are likely to advance substantially over just the next few months.”
These capabilities will spread. If Anthropic built it, others will too. The controlled release buys time, but it doesn’t change where this is going.
We’re heading toward a world where vulnerability discovery happens at machine speed, continuously, across every piece of software in existence.
And the CVE ecosystem is already straining. GitHub saw a 224% increase in vulnerability reports over a recent 90-day period. Maintainers are drowning, and that's before Mythos’ findings start flowing through the disclosure pipeline in volume.
What does this mean for CISOs, IT directors, and security teams?
It’s helpful to think about this from the perspective of a person who gets a notification on a Tuesday morning that 40 new critical CVEs have dropped for software running in their environment.
Patching was already impossible at scale. Now, it's a fantasy.
The problem with patching has never been the patch itself. It’s the dependency chains, regression testing, and change approval windows. You can't just update a critical production system without guaranteeing it still works afterwards.
An average enterprise takes 60-150 days to remediate a critical vulnerability. When Mythos-class AI models are generating hundreds of critical CVEs per week across the software stack, that math doesn't just break but becomes absurd.
Your vulnerability management program just became a triage exercise
Every security team already has a backlog of thousands of unpatched vulnerabilities. That backlog is about to multiply.
The question is no longer “can we patch everything critical?” but “can we figure out which 2% of these actually matter in our specific environment?”
Scanners and exposure management tools become more valuable than ever, not just for finding vulnerabilities but for prioritization. Security teams need to know which of those 500 new CVEs actually sits on a path an attacker could exploit in your network.
Time-to-exploit will collapse further
We're already seeing attackers’ time-to-exploit drop.
According to recent research, 32% of exploited CVEs in the first half of 2025 showed exploitation activity on or before the day of disclosure. Vulnerability exploits have overtaken phishing as the number one initial access vector.
Now add AI models that can generate working exploits in 10-15 minutes for roughly a dollar. The window between “vulnerability published” and “exploit in the wild” is approaching zero.
Your 90-day patching cycle isn't just a plan anymore but a liability.
Will Mythos change how software is built?
Right now, the participants in Glasswing are using Mythos to scan existing production software. It’s not embedded into the software development life cycle (SDLC).
But it’s naive to think that stays the case in the future. Once you have a model that can find zero-day exploits in production code at this scale, the obvious next step is running it during development, in CI/CD pipelines, before code ships.
That’s the optimistic scenario. If Mythos-class scanning becomes part of the SDLC, software gets more secure before it reaches production. This means vendors ship fewer vulnerabilities, and the flood of CVEs eventually stabilizes.
But that transition will take years. Every major software vendor has to integrate this capability, retool their development processes, and fix what the model finds before releasing.
In the meantime, we live in the gap. AI finds vulnerabilities faster than anyone, vendor or customer, can fix them.
Why breach containment grounded in segmentation is the answer
If you can't patch at machine speed (and you really can’t) you need controls that are already in place before the exploit arrives. This is where the conversation has to shift from breach remediation to containment.
Segmentation becomes the primary control rather than a nice-to-have
If an attacker can weaponize a vulnerability within hours of disclosure, the only thing that limits damage is whether they can move laterally after the initial compromise.
Real-time, enforced microsegmentation with tools like Illumio Segmentation limits the blast radius regardless of which specific vulnerability was exploited. It’s vulnerability-agnostic.
And that's exactly what you need when the volume of vulnerabilities exceeds your ability to track them individually.
The question changes from “what's vulnerable?” to “what's reachable?”
A critical zero-day on an isolated system with no lateral movement paths is a low priority.
But a medium-severity flaw on a system that sits on the shortest path between your perimeter and your critical assets? That’s a real emergency.
Teams need to understand not just where vulnerabilities are, but how attackers can move laterally through their environment. Solutions like Illumio Insights help them prioritize containment where it matters most.
Identity and access controls compound the effect
Segmentation limits attackers from moving through your network. Strong identity controls limit what an attacker can do even within a segment. This enables least-privilege access, just-in-time credentials, and continuous verification.
Every layer of containment you add makes the attacker’s job harder, regardless of how fast they got in.
Five things to do next
So what can you actually do about it? Here’s where to start.
- Make this a business resilience decision rather than a security project. Segmentation is an ongoing discipline tied directly to how your business operates under stress. Start by framing the conversation at the leadership level: if a credential is compromised tomorrow, what actually stops the attacker from reaching critical systems? If that answer isn’t clear, you’re carrying unquantified operational risk. Apply policy, test it, and expand it over time. The goal is a continuously shrinking set of lateral movement paths.
- Define your protect surface. Identify the workloads whose compromise would be genuinely catastrophic: domain controllers, payment systems, patient data, OT environments. Every decision should map back to one question: does this reduce the paths an attacker can take to reach these assets?
- Identify risk by mapping how attackers can move. You need to understand not just what’s vulnerable, but what’s reachable. Map the paths that exist from a potential foothold to your critical assets. Every implicit trust relationship you haven’t explicitly defined is a path an attacker can use.
- Prevent lateral movement by segmenting the core first. Start where the impact is highest. Apply segmentation policies around your most critical systems, validate them against real traffic, then enforce and expand outward. The value compounds as you remove more paths.
- Build a response model around containment. Assume attackers will get in. Your response plan should focus on how quickly you can isolate affected systems, limit spread, and maintain operations. Containment isn’t a last step. It’s the control that determines outcome.
Why patch-first security no longer works
Mythos isn't bad news. The coordinated disclosure model is exactly the kind of responsible AI deployment we need.
But it accelerates a reckoning the cybersecurity industry has been avoiding.
The patch-centric model of security is broken. It was already bending under the weight of 30,000+ CVEs per year. AI-powered discovery at scale will break it entirely.
The organizations that come through this well won't be the ones that patch fastest. They’ll be the ones that accepted they can’t patch everything. They’ll built their environments accordingly, with breach containment grounded in segmentation and path-based risk prioritization.
This kind of infrastructure was already best practice. Anthropic’s Claude Mythos Preview has just made it urgent.
See how Illumio Segmentation enables real-time breach containment across your environment.
.webp)
.webp)
_(1).webp)
