

























When Anthropic launched Project Glasswing in April 2026 – a consortium of eleven major companies deploying its Claude Mythos Preview model to find vulnerabilities in critical open-source software − the cybersecurity industry applauded. And rightfully so: Mythos discovered bugs that had hidden in heavily-audited codebases for decades.
But Glasswing’s focus on open source, while valuable, addresses the most visible part of the problem. Open-source software has always benefited from community review, etc. The software that nobody has been looking at – proprietary binaries, embedded firmware, legacy protocols, even chip microcode – carries a far larger and more dangerous accumulation of undiscovered vulnerabilities. And the same AI capabilities that make Glasswing possible are about to expose all of it.
Code that nobody looks at accumulates hidden bugs. Proprietary software operates under a fundamentally different model. Its security posture has historically relied on a simple premise: if attackers can’t read the source code, they’ll have a harder time finding bugs. This isn’t better security – it’s security by obscurity.
The traditional answer was it doesn’t matter because attackers can’t read proprietary source code. They only get compiled binaries – stripped of variable names, comments, and structure. That answer is becoming obsolete.
What wasn’t solved was the human bottleneck. A typical security audit covers only a fraction of a codebase – auditors triage by intuition, focus on high-risk surfaces, and leave vast swaths of code untouched. LLMs eliminate this bottleneck. Claude Mythos Preview can take a closed-source, stripped binary, reconstruct plausible source code, and systematically analyze it for vulnerabilities.
This isn’t a theoretical risk. That exposure is already being collected – violently – on one category of proprietary software: network edge devices. Firewalls, VPN gateways, load balancers, and secure access appliances have experienced an unprecedented wave of critical zero-day discoveries. According to Verizon’s 2025 DBIR, exploitation of edge device vulnerabilities increased eight-fold in a single year. The median time from vulnerability disclosure to active exploitation is now zero days. The median time to patch: 30 days.
These devices were the poster children for security-through-obscurity: proprietary firmware, closed-source code, no ability to install endpoint detection agents, and internet-facing by design. They were considered secure in part because their code was hard to analyze. That assumption has collapsed. Perhaps most alarming: over 40% of exploited vulnerabilities in 2025 involved end-of-life products –devices that will never receive a patch.
The edge device crisis is a preview.
Software vulnerabilities, however dangerous, can at least be patched. Protocol vulnerabilities are a different problem entirely – because the flaws are in the specification itself, not in any particular implementation. Fixing them means replacing the protocol.
AI changes that calculus. An LLM that can read protocol specifications, cross-reference network scan data, and understand deployment topology does not need to discover new protocol weaknesses. It needs to operationalize known ones against specific targets at scale. The economics shift from “one attacker, one target” to “one AI system, thousands of targets”
The layer beneath software presents an even more daunting challenge. And here, the common assumption – that chip-level vulnerabilities require access to chip design files — is demonstrably wrong. Every major CPU vulnerability discovered in the past decade was found without access to the manufacturer’s hardware design.
These approaches – reasoning about architectural documentation, behavioral observation, intelligent fuzzing – are precisely the tasks that LLMs accelerate. The critical difference from software: you cannot simply patch a chip. Microcode updates are partial mitigations that often carry performance penalties. Silicon-level flaws cannot be fixed without a new chip revision.
Each layer of vulnerability – software, protocols, hardware – is concerning on its own. The compounding danger emerges when AI systems begin chaining vulnerabilities across layers. The next frontier is chains that span layers entirely:
Human exploit developers rarely achieve this because cross-domain expertise is rare.
Project Glasswing is a good start. But it addresses the most visible and already best-defended category of software. The industry’s response needs to be broader:
The era in which hidden code meant hidden bugs is ending. The edge device crisis of 2024-2026 is the early tremor. Project Glasswing illuminates one corner of the landscape. The rest of the iceberg – proprietary firmware, legacy protocols, chip microcode, and the cross-layer chains that connect them – is still underwater, and it is considerably larger than what’s visible above the surface.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。