Beyond the Scanner: Does Project Glasswing indicate the end of security industry’s discovery obsession?

Anthropic’s recent announcements about Project Glasswing and Claud Mythos Preview is grabbing a lot of attention within the cybersecurity community. There is excitement on one side about what this transformative leap in AI and automation could mean for defenders. But there are also growing concerns on the other: questions about the suitability and relevance of current security tools and practices once capabilities like Claude Mythos become generally available. The window to act, for security vendors building the right solutions and for businesses adopting them, is narrow and closing fast, because the attackers will not be waiting for the next budget cycle or the next regulatory deadline.

TL;DR

• Project Glasswing will pave the way forward for autonomous discovery of zero-day vulnerabilities, going way beyond what humans have been or haven’t been able to identify traditionally.
• This permanently shifts the security imperative: finding vulnerabilities is no longer the hard part.
• The organizations that survive the next wave of AI-driven attacks will be those that can contextualize, prioritize, validate, and remediate at machine speed.
• CTEM is no longer a framework to aspire to. It becomes an operational necessity.

The Rules Just Changed

For years, the security industry has organized itself around a simple premise: find vulnerabilities before attackers do. Build better scanners. Run more penetration tests. Patch faster. The program that discovers the most, wins.

Did Project Glasswing change that premise – permanently?

Anthropic’s Claude Mythos autonomously discovered thousands of zero-day vulnerabilities in weeks – including in code that had sat in production for 16 to 27 years, scanned five million times by automated tools without detection. With this, it didn’t just demonstrate the power of frontier AI; it also invalidated the foundational assumption that discovery is the hard part of security. If an AI model can surface what decades of scanning missed, in weeks, then the competitive advantage of finding vulnerabilities faster than your adversaries is gone.

The question facing security leaders today is not how do we find more? It is how do we know what matters and how do we prove we can stop it?

When Finding Vulnerabilities Becomes the Easy Part

Security teams are already challenged with an overwhelming volume of findings, a CVE ecosystem struggling under the weight of thousands of new disclosures every year, and a persistent gap between what scanners flag as critical and what is genuinely exploitable in any given environment.

The average organization has more vulnerabilities than it will ever have the capacity to remediate.

Now consider what happens when capabilities like Claude Mythos reach general availability. A model that can autonomously surface thousands of credible, high-severity vulnerabilities in weeks – no longer a capability reserved for elite research teams or nation-state actors. It will make the volume problem exponentially worse.

The organizations that will navigate this shift successfully are not those with the best scanners. Its those with the best answer to the question that follows every finding: does this actually put us at risk, and can we prove we can stop it? And being able to do it at scale. When AI-powered discovery becomes accessible and abundant, the value migrates entirely to what comes next: contextualization, prioritization, validation, and remediation.

Prioritization Becomes Necessary More Than Ever Before

Mythos-like capabilities are showing us that traditional vulnerability management workflows won’t be able to sustain for much longer. The question of how organizations decide which vulnerabilities to process, prioritize, and act on becomes a strategic imperative. Capacity to remediate is finite, and without context around exploitability, business impact, and threat actor intent, more data quickly becomes more noise. Decisions would need to made based on what the threat landscape actually demands rather than what the tools tell them.

Contextual, structured threat intelligence that maps exposures to active adversary behavior, known campaigns, and your specific environment is how you cut through the noise. Specify Priority Intelligence Requirements (PIRs) and make threat-informed decisions that can be defended. For us, this is the foundation of what OpenCTI provides: not a feed of indicators, but a structured, continuously updated intelligence platform that turns raw data into actionable context and gives security teams the prioritization clarity that a vulnerability scanner tool alone can no longer provide.

Adversaries Are Accelerating And Project Glasswing Is The Accelerant

Nation-state actors and sophisticated threat groups have long operated on a model of scarcity: stockpiling zero-days as strategic assets, deploying them selectively for maximum impact. Project Glasswing showed how quickly this model can erode. It presents a structural change in adversary behavior, shifting the bottleneck from finding vulnerabilities to exploiting them.

The response has to match the speed of the threat. Staying ahead of this requires more than threat feeds and IOC matching. It requires a structured, continuously updated understanding of adversary behavior, mapped to real TTPs, active campaigns, and the specific sectors and environments attackers are targeting.

OpenCTI is built for exactly this: giving practitioners and security leaders a living, structured view of the threat landscape that reflects what adversaries are actually doing – not what they were doing six months ago but on a ‘now’ and ‘continuous’ basis.

Validation Is the New Value And Mythos Makes It Urgent

AI’s near-infinite discovery capability makes the concept of “continuous” and proactive security non-negotiable. Gartner Continuous Threat Exposure Management (CTEM) becomes not only a nice-to-have framework, but a practical must-have. Project Glasswing makes this urgent in a specific way. Organizations can no longer rely on annual penetration tests, point-in-time risk assessments, and perimeter defenses.

The answer truly lies in continuous validation and specifically, adversary-aligned exposure validation. Not theoretical risk scoring. Not annual red team exercises. Continuous, intelligence-driven simulation of real attack techniques against your actual controls, with structured feedback on what holds and what fails.

Discovery without validation creates noise. Intelligence without validation creates stress. Validation is what turns both into action and into measurable, continuous improvement in security posture.

OpenAEV, Filigran’s open-source adversarial exposure validation platform, operationalizes this continuously. By drawing live intelligence directly from OpenCTI and mapping simulations to MITRE ATT&CK, it enables security teams to move from knowing about a threat to proving they can withstand it; at the speed and scale that a post-Glasswing threat environment would demand. AI-powered remediation guidance accelerates the path from finding to fix, ensuring that validation drives continuous improvement rather than periodic reporting.

Mobilization: AI vs AI

If AI can autonomously discover thousands of vulnerabilities in weeks, the same capability will inevitably be in the hands of adversaries. Threat actors will not wait for security teams to manually triage findings, schedule validation exercises, or work through remediation backlogs one ticket at a time. They will move at machine speed and we as defenders need to do the same. This is where the AI vs. AI dynamic becomes the defining challenge of modern security.

The security industry is converging on CTEM as the operational framework for proactive defense and Claude Mythos’ potential capabilities warrant urgency in CTEM’s adoption. Today, most organizations struggle to operationalize it end-to-end because of disparate tools and manual processes. Discovery, prioritization, validation, and remediation still live in separate tools with no continuous feedback loop between them. But, at Filigran, this is where we have been already focusing on in terms of automation and agentic AI capabilities. XTM One (available soon) is the AI-native layer purpose-built to close this loop. By connecting OpenCTI’s threat intelligence capabilities with OpenAEV’s adversary validation capabilities, utilizing remediation guidance while also connecting it with your own AI capabilities across other security tools, it shows true potential to enable an autonomous CTEM cycle via a unified AI orchestration layer.

Conclusion

The rules are changing. The question is whether your security program is ready for change or not!

Disconnected tools create disconnected programs. Discovery without intelligence context creates noise. Intelligence without validation creates anxiety. Project Glasswing didn’t introduce a new category of threat, it accelerates and makes concrete a tradition that was already underway.

Prove that your defenses actually hold against the threats that are actually coming for you.

We need to close the loop; where threat intelligence directly drives what gets validated, and validation results feed back into what gets prioritized. If that loop is not closed in your environment today, closing it is the highest-leverage investment you can make.

Discover how we can help you streamline your threat management or CTEM initiatives. Request a demo, we will be happy to show you.

Enjoy and feel free to ask any questions about it on our Slack community channel !