The World is changing and we might not be ready for it… or are we?
By Heitor Benfeito
AI is going through a major up-tide, some call it even a major bubble, but the recent news that Anthropic's Claude found thousands of zero-day vulnerabilities, some of which had been hidden for 27 years, is more relevant than you might think. It did not take months of analysis to find them. It only took hours.
The response was a $100 million initiative called Project Glasswing. Amazon, Apple, Google, Microsoft and NVIDIA are working together to start patching these vulnerabilities before the models' capabilities become widely available. Those that could afford it jumped right to this critical issue.
There was also news that OpenAI is not far behind. GPT-5.4-Cyber and the Trusted Access for Cyber program give defenders autonomous vulnerability analysis tools. Their Aardvark agent is already scanning code, suggesting patches, with some reports talking about 3,000+ fixes on critical vulnerabilities.
So what does this actually mean for all other organisations trying to keep up? Two things stand out.
The first is that vulnerability management is broken in its current form — it's a catch-up exercise. Most security teams are still working from CVSS scores and ticket queues designed for a world where the pace of discovery was human-paced. When AI can find thousands of exposures in a session, the bottleneck is no longer finding vulnerabilities. It is knowing which ones to act on and getting remediation moving fast enough to matter. That is why we invested in Hackurity — it fundamentally tackles threats by thinking as the new threats do.
The second is the problem no one talks about enough: patching assumes you can patch. When you are talking about embedded systems, OT environments and connected devices, most of these cannot go offline on a Thursday afternoon because a CVE dropped. For those environments you need protection that works before a patch exists or reaches deployment. RunSafe Security has your back — it lets you immunise software without needing to change source code. Call it a vaccine for your attack surface.
The organisations that will matter in this space are the ones building infrastructure thinking that keeps evolving at a super-fast pace. Companies cannot rely on the threat landscape of the last quarter in an environment where discovery-to-exploit can happen faster than most security teams can hold a meeting.