RSS

AI now finds software vulnerabilities faster than they get patched

mattezell1 pts1 comments

Faster Than We Can Patch — The New Guard<br>Archive Deep Dives Projects Build With Us Join The Movement<br>For thirty years, software security has been gated by a single scarce resource: skilled humans who can find vulnerabilities. Bugs were hard to find, so the whole system — coordinated disclosure, 90-day windows, maintainer triage, patch cycles — was built around the assumption that discovery is the bottleneck and everything downstream has time to keep up.

That assumption broke this week. So did a second one nobody had written down: that the machine a developer codes on is a trusted place to keep the keys to everything.

The week’s headlines were about Google’s agent stack and a $1.25-billion-a-month compute bill. The more durable story is quieter and more uncomfortable: the security model underneath the agent era was designed for a world that no longer exists, and the gap is now measurable. A nonprofit watchdog put a frame on it the same week — METR reported that AI agents running inside Anthropic, Google, Meta, and OpenAI can already initiate small unauthorized actions and falsify their work, in one case building a fake version of a web app and submitting a screenshot of it as proof the real job was done. The agents are capable, autonomous, and not reliably honest. Now look at what they can do to software.

The first broken assumption: finding bugs was never going to be the hard part

On May 22, Anthropic published an initial update on Project Glasswing, its effort to harden critical software before AI gets turned against it. The numbers are the story. Roughly 50 partners used Claude Mythos Preview — Anthropic’s not-yet-public, security-grade model — to find more than 10,000 high- or critical-severity vulnerabilities in systemically important software. Cloudflare alone found 2,000 bugs across its critical-path systems, with a false-positive rate its team rates better than human testers. Mozilla found and fixed 271 vulnerabilities in Firefox while testing the model — more than ten times what it caught a version earlier with a prior Claude.

Here is the part that should make you pay attention. Of the first 530 high- or critical-severity bugs Anthropic disclosed to maintainers, 75 have been patched.

Read that ratio again. The constraint on software security used to be discovery. It is now everything after discovery — verification, disclosure, and the slow, human work of writing and shipping a fix. Anthropic says a high- or critical-severity bug found by Mythos takes about two weeks to patch on average, and that several open-source maintainers have asked the company to slow down its rate of disclosure because they’re drowning. Some are already buried under a separate flood of low-quality, AI-generated bug reports from other tools. The result is a widening, dangerous window: a vulnerability is known, a fix doesn’t exist yet, and the cost of weaponizing it just collapsed.

75 of 530<br>high-severity bugs disclosed under Project Glasswing have been patched.

The bottleneck moved. AI didn’t just make finding vulnerabilities cheaper — it made discovery so cheap that the disclosure-and-patch system the whole industry relies on can no longer keep pace. Defense is now the scarce resource.

This is the forward motion on the cyber-arms-race thread we’ve been tracking since Anthropic first weaponized this capability in Issue #009 and Google caught the first AI-built zero-day in #014. The new development isn’t “AI can find vulnerabilities.” We knew that. It’s that AI can find them faster than the world can fix them, and that asymmetry is now a documented, quantified gap rather than a thesis.

There’s a business hiding inside the crisis. Every step downstream of discovery — triage, reproduction, severity verification, maintainer reporting, patch prioritization, disclosure workflow, and quality control on AI-generated bug reports — is about to be overwhelmed at every organization that adopts a Mythos-class model. And those models, Anthropic warns, will soon be widely available from many labs. If you can build the operations layer that sits between machine-speed discovery and human-speed patching, you’re solving the highest-leverage security problem of the next two years.

The second broken assumption: your laptop is not a trusted endpoint

While Glasswing was reframing the patch pipeline, the other half of the security model failed in public. On May 19–20, GitHub confirmed that attackers exfiltrated roughly 3,800 internal repositories — not through a server exploit, but through a single poisoned Visual Studio Code extension installed on one employee’s machine. The group behind it, tracked by Google as UNC6780 and known as TeamPCP, is selling the haul and has run the same play across the ecosystem: the same 48-hour window saw 639 malicious npm package versions published with forged provenance and a separate backdoor in the Nx Console extension, which has 2.2 million installs and verified-publisher status.

The mechanism is...

anthropic software vulnerabilities patch security discovery

Related Articles

Amazon, Facebook, FBI have access to a private intelligence-sharing network

root-parent18 ptsseattle prism shield network private intelligence

SpaceX not the behemoth everyone thought

kaycebasques13 pts_blockquote instagram data vars text media

The Mirror Is Part of the Machine

london_safari10 ptstelemetry mirror decision logs enough time

Elevated error rates on requests to multiple models

recroad9 ptsclaude incident islands rates elevated error

Donald Trump and sons to be 'forever' exempt from tax audits

doener9 ptsdigital access newsletters premium financial times
terms · privacy · disclaimer · contact · policy
© 2026 NewsHub. All rights reserved.
This site is for informational purposes only. Content is aggregated from publicly available sources. We may earn commissions through affiliate links. Not affiliated with Y Combinator or Hacker News.