What Project Glasswing Means for the People Running Cybersecurity

Anthropic’s Project Glasswing launched this week, and you've probably seen the headlines.  

Twelve partners, including tech and cyber leaders like Microsoft, Apple, Amazon, Google, CrowdStrike, and Palo Alto Networks, have agreed to use Claude’s Mythos Preview AI model for defensive security purposes. Anthropic has committed $100 million to usage credits for the effort.  

Mythos Preview has already uncovered thousands of high-severity zero-day vulnerabilities, including flaws across every major operating system and web browser. It’s discovered vulnerabilities in weeks that the entire security research community missed for decades.  

This announcement is a big deal. Here’s what it means for the people who run IT and cybersecurity in organizations that aren't on the project’s partner list.  

The CVE flood is coming

Let’s be specific about what Project Glasswing does.  

Mythos Preview scans existing production software, such as the operating systems, browsers, and open-source libraries that billions of people rely on daily.  

It finds vulnerabilities autonomously, writes working exploits, and chains multiple flaws into full attack sequences. And it does this with an 83% success rate on first attempt.  

Right now, this capability sits behind a controlled release. About 40 organizations have access, with strict rules about defensive use and coordinated disclosure.  

Anthropic reports vulnerabilities to maintainers first before going public to give them time to patch. It only publishes technical details after fixes are deployed.  

But here's the thing Anthropic itself acknowledged in its announcement: “The work of defending the world's cyber infrastructure might take years. Frontier AI capabilities are likely to advance substantially over just the next few months.”  

These capabilities will spread. If Anthropic built it, others will too. The controlled release buys time, but it doesn’t change where this is going.  

We’re heading toward a world where AI discovers vulnerabilities at machine speed, continuously, across every piece of software in existence.  

And the CVE ecosystem is already straining. GitHub saw a 224% increase in vulnerability reports over a recent 90-day period. Maintainers are drowning, and that's before Glasswing’s findings start flowing through the disclosure pipeline in volume.  

What does this mean for CISOs, IT directors, and security teams?

Imagine getting a notification on a Tuesday morning: 40 new critical CVEs just dropped for software running in your environment.  

Patching was already impossible at scale. Now, it's a fantasy.

The problem with patching has never been the patch itself. It’s the dependency chains, regression testing, and change approval windows. You can't just update a critical production system without guaranteeing it still works afterward.  

An average enterprise takes 60‒150 days to remediate a critical vulnerability. When Mythos-class AI models are generating hundreds of critical CVEs per week across the software stack, that math doesn't just break. It becomes absurd.  

Your vulnerability management program just became a triage exercise

Every security team already has a backlog of thousands of unpatched vulnerabilities. That backlog is about to multiply.  

The question is no longer “can we patch everything critical?” but “can we figure out which 2% of these actually matter in our environment?”  

Scanners and exposure management tools become more valuable than ever, not just for finding vulnerabilities but for prioritizing them. Security teams need to know which of those 500 new CVEs actually sits on a path an attacker could exploit in your network.  

Time-to-exploit will collapse further

We're already seeing attackers’ time-to-exploit drop.  

In the first half of 2025, nearly a third of new CVEs were exploited on or before disclosure day. Exploits have overtaken phishing as the top initial access vector.  

Now add AI models that can generate working exploits in 10‒15 minutes for roughly a dollar. The window between “vulnerability published” and “exploit in the wild” is approaching zero.  

Your 90-day patching cycle isn't just a plan anymore but a liability.  

Will Glasswing change how software is built?

Right now, Glasswing focuses on scanning existing production software. It’s not embedded into the software development life cycle (SDLC).  

That won’t last. A model that finds zero-day exploits in production code at this scale will inevitably move upstream into CI/CD pipelines, running during development, catching flaws before code ships.

That’s the best-case scenario. If Mythos-class scanning becomes part of the SDLC, software gets more secure before it ships. This means vendors ship fewer vulnerabilities, and the flood of CVEs eventually stabilizes.  

But that transition will take years. Every major software vendor would need to integrate this capability, retool their development processes, and fix what the model finds before releasing.  

In the meantime, we live in the gap. AI finds vulnerabilities faster than anyone, vendor or customer, can fix them.  

If you can't patch at machine speed (and you can’t), you need controls in place before the exploit arrives. This is where the conversation has to shift from remediating breaches to containing them.  

Segmentation becomes the main control rather than a nice-to-have

If an attacker can exploit a weakness within hours of its disclosure, the only thing that limits damage is whether they can move laterally after the initial breach.  

Real-time, enforced microsegmentation with tools such as Illumio Segmentation limits the blast radius regardless of which vulnerability was exploited. It’s vulnerability-agnostic.  

And that's exactly what you need when the volume of vulnerabilities exceeds your ability to track them individually.  

The question changes from “what's vulnerable?” to “what's reachable?”  

A critical zero-day flaw in an isolated system with no lateral movement paths is a low priority.  

But a medium-severity flaw on a system that sits on the shortest path between your perimeter and your critical assets? That’s a real emergency.  

Teams need to understand not just where vulnerabilities are, but how attackers can move laterally through their environment. Tools like Illumio Insights help them prioritize containment where it matters most.  

Identity and access controls compound the effect

Segmentation limits attackers from moving through your network. Strong identity controls limit what an attacker can do, even within a segment. This enables least-privilege access, just-in-time credentials, and continuous verification.  

Every layer of containment you add makes the attacker’s job harder, regardless of how fast they got in.  

Why patch-first security no longer works

Glasswing isn't bad news. The coordinated disclosure model is exactly the kind of responsible AI deployment we need.  

But it accelerates a reckoning our industry has been avoiding.  

The patch-centric model of security is broken. It was already bending under the weight of 30,000+ CVEs per year. AI-powered discovery at scale will break it entirely.  

The organizations that come through this well won't be the ones that patch fastest. They’ll be the ones that have accepted they can’t patch everything. They’ll have built their environments accordingly, with breach containment grounded in segmentation and path-based risk prioritization.  

This kind of infrastructure was already best practice. Project Glasswing has just made it urgent.  

See how Illumio Segmentation enables real-time breach containment across your environment.