AI Just Broke One of Software’s Oldest Rules

Anthropic has unveiled a significant update to its Project Glasswing, an initiative leveraging AI to detect software vulnerabilities before they can be exploited by attackers. Utilizing its innovative Mythos AI, the company scanned over 1,000 open-source software projects, uncovering more than 23,000 potential vulnerabilities. Notably, over 6,200 of these were deemed “high” or “critical” severity, posing severe risks such as data theft and system crashes.

A key finding was that over 90% of the high- and critical-severity vulnerabilities identified were legitimate, mitigating concerns that AI tools might generate false alarms. This efficiency underscores a rapid shift in the cybersecurity landscape, where AI allows both defenders and attackers to identify weaknesses more swiftly than ever before.

Google has also highlighted the urgency of this issue, reporting on a criminal group that utilized AI to find and exploit a previously unknown software vulnerability. The increasing reliance on software across sectors such as finance, healthcare, and utilities raises concerns, particularly since software vulnerabilities now account for 31% of data breaches, according to Verizon’s 2026 Data Breach Investigations Report.

As AI transforms the detection of vulnerabilities from a human-based to a machine-driven process, cybersecurity practices must evolve accordingly. Developers are already feeling the pressure to address the vulnerabilities identified by AI swiftly, reinforcing the need for a more proactive approach to cybersecurity.

This shift indicates a potential future where cybersecurity functions more like an immune system—constantly active and responsive—rather than relying on scheduled updates.

Why this story matters: