Software program safety has at all times labored a bit like medication does.
Medical doctors search for issues, diagnose what’s mistaken and prescribe remedies earlier than issues worsen. Software program operates a lot the identical means. Engineers uncover bugs, builders challenge patches and corporations hope fixes arrive earlier than attackers discover the identical weaknesses.
It’s not excellent. However beneath this messy course of one factor has at all times remained the identical.
Everybody was working at human pace.
That gave software program groups time to seek out issues and repair errors earlier than they became disasters.
This primary system survived the rise of the web, smartphones and cloud computing.
But it surely’s starting to appear like AI simply broke it.
Mission Glasswing
Anthropic simply issued a brand new Mission Glasswing replace.
And it’s a doozy.
As a reminder, Mission Glasswing is Anthropic’s effort to make use of AI to robotically search software program for hidden safety flaws earlier than hackers can exploit them.
To do this, Anthropic used its new Mythos AI to scan greater than 1,000 open-source software program tasks, principally instruments and code libraries that assist energy web sites, cloud platforms and huge components of the trendy web.
And Mythos discovered a LOT of potential weaknesses.
Based on Anthropic, the system recognized greater than 23,000 potential software program vulnerabilities. Greater than 6,200 have been thought-about “excessive” or “crucial” severity, which means they may doubtlessly permit attackers to steal information, crash methods or achieve unauthorized entry to software program.
That’s already an enormous quantity. However one other statistic is maybe extra telling.
As a result of one of many greatest issues with AI safety instruments is that they typically produce false alarms. They’ll flag innocent code as harmful, which wastes monumental quantities of time for builders attempting to kind by way of the outcomes.
However Anthropic says that of the high- and critical-severity findings reviewed thus far, greater than 90% turned out to be authentic vulnerabilities.
That means Mythos isn’t simply producing noise. It’s discovering actual issues at a scale people would wrestle to maintain up with.
Software program safety has at all times been a race.
Attackers seek for weaknesses they will exploit, whereas builders and safety groups rush to seek out and repair those self same flaws first. The aspect that strikes quicker often wins.
But it surely principally labored as a result of people are gradual to find software program vulnerabilities.
Discovering critical software program flaws requires uncommon experience, persistence and time. You want individuals who perceive code properly sufficient to identify errors different individuals missed. That makes vulnerability analysis invaluable, but in addition restricted.
AI adjustments the equation.
That’s as a result of it offers each defenders and attackers a method to seek for weaknesses quicker, throughout extra code, with fewer human bottlenecks.
This doesn’t imply each teenager with a chatbot can instantly turn into an elite hacker. But it surely does imply the previous shortage is beginning to disappear.
And we’re already seeing it occur.
Google just lately stated it disrupted a legal group that used AI to assist uncover and weaponize a beforehand unknown software program vulnerability earlier than a deliberate mass exploitation occasion.
John Hultquist, chief analyst at Google’s Menace Intelligence Group, famous: “The period of AI-driven vulnerability and exploitation is already right here.”
However we’ve identified it’s been coming for some time.
For years, cybersecurity consultants warned that AI might finally assist attackers discover and exploit hidden weaknesses. Now one of many world’s largest expertise firms is acknowledging that the time has arrived.
And the numbers recommend this downside is getting worse.
Verizon’s 2026 Information Breach Investigations Report discovered that software program vulnerabilities have been liable for 31% of information breaches, making them the commonest means attackers break into methods right this moment.
Picture: Verizon’s 2026 Information Breach Investigations Report
It means attackers are not simply tricking individuals into handing over passwords. They’re more and more breaking immediately by way of weak spots in software program.
And if AI makes these weak spots simpler to seek out, then the whole safety mannequin has to vary.
That’s the conclusion the latest Mission Glasswing replace is pointing to.
The previous sample of firms releasing software program, safety researchers discovering weaknesses, builders creating fixes and customers downloading updates continues to be the norm right this moment.
You don’t must look any additional than Microsoft’s month-to-month Patch Tuesday updates to see it in motion.
However that system was constructed for a world the place people set the tempo.
AI is making that tempo out of date.
In reality, Anthropic says some builders already requested for extra time to repair the vulnerabilities Mythos uncovered. Not simply because they needed to confirm its findings, however as a result of it discovered too many authentic issues too rapidly.
That reveals you why issues want to vary.
The tough a part of cybersecurity was once discovering hidden vulnerabilities. Now AI is beginning to make it the simple half.
Which suggests the following huge problem can be to repair every part AI uncovers earlier than the mistaken individuals can exploit it.
Right here’s My Take
The world runs on software program now.
Banks, hospitals, utilities, protection contractors, airways, factories and cloud platforms all rely on code that’s continuously altering.
However that code is rarely excellent. And the extra software program we construct, the extra hidden weaknesses we create.
AI is enabling programmers to write down software program quicker than ever. But it surely’s additionally permitting hackers to seek out vulnerabilities simply as rapidly.
Fortuitously, components of the tech world are already making ready for this future.
Earlier this yr, DARPA held its AI Cyber Problem, the place autonomous AI methods competed to find and patch software program vulnerabilities with minimal human involvement.
That means the following technology of cybersecurity will look much less like month-to-month software program updates…
And extra like a continuously lively immune system.
Regards,
Ian King
Chief Strategist, Banyan Hill Publishing
Editor’s Notice: We’d love to listen to from you!
If you wish to share your ideas or ideas in regards to the Day by day Disruptor, or if there are any particular subjects you’d like us to cowl, simply ship an e-mail to dailydisruptor@banyanhill.com.
Don’t fear, we gained’t reveal your full identify within the occasion we publish a response. So be happy to remark away!
