Anthropic’s Project Glasswing confirmed what many security leaders already suspected: AI can find software vulnerabilities faster than any human team can fix them. Mythos discovered thousands of zero-days across every major operating system and browser, some undetected for decades.

The discovery is not the problem. What comes after is.

Fewer than 1% of the vulnerabilities Mythos found were patched at the time of disclosure. The average enterprise remediates just 15% of its vulnerabilities in a given month. Meanwhile, the median time from disclosure to exploitation has collapsed from over two years to single-digit hours. AI does not just accelerate the attacker. It widens the gap between what defenders know and what they can act on.

Visibility without operational speed is just a more detailed inventory of your exposure.

The response cannot be absorbing more findings into an already overwhelmed process. It requires a shift in how validation and remediation work together. Defenders need the ability to ingest a new threat signal, determine whether their controls would actually stop it in their specific environment, and close the gap before an adversary gets there first.

That means moving from periodic testing to real-time, signal-driven validation. It means closing the loop between finding and fixing without manual handoffs. And it means demanding proof of effectiveness from every layer of the stack, not assuming tools work because they were deployed.

The organizations that respond to Glasswing with operational speed, not just vulnerability awareness, are the ones that will stay ahead.