top of page

Project Glasswing: AI‑Enabled Vulnerability Exploitation and Its Security Implications

  • 6 days ago
  • 4 min read

SamurAI MDR Intelligence Brief


The Situation

Project Glasswing from Anthropic and its Claude Mythos Preview model have demonstrated that AI can autonomously discover previously unknown vulnerabilities in complex software including flaws that were missed for decades. Access to Mythos is still tightly restricted, but the threat does not depend on Mythos being widely available.


Similar capability class already exists in practice. Open-weight models available today can perform autonomous vulnerability research with the correct tooling. Publicly available platforms such as PentAGI and PentestGPT already combine open-weight models with security tooling into functional autonomous attack pipelines, accessible to anyone. Mythos is notable for its proficiency, but the underlying threat is present regardless of whether Mythos itself is ever released publicly. The skill floor for attackers has already dropped significantly.


A specific risk concerns software supply chains. Open-source software underpins virtually all modern infrastructure, and the ecosystem is a net positive, but not every component in a dependency tree receives the same maintenance attention. A vulnerability in a less-actively maintained package may sit unpatched for an extended period, and AI dramatically accelerates the discovery side without accelerating the remediation side.


This is particularly relevant for deep dependency chains, common in ecosystems like npm where transitive dependencies can number in the hundreds. A flaw buried several layers down can still provide a path to significant access. The vulnerability may have existed for years; what changes now is how quickly an attacker can find and trace it through the chain.


What is now possible

Open-Weight LLMs

Models like Llama 3.3 and DeepSeek-R1 run locally on consumer hardware, with no API logging, no audit trail, and no safety guardrails.

MCP Tool Integration

Standardised tool-calling lets LLMs control network scanners, exploit frameworks, and credential crackers in an automated, adaptive loop.

Agentic Orchestration

Frameworks like LangChain and AutoGen chain these tools into multi-step autonomous campaigns - from initial scan to credential harvest - with no human input after target specification.

Speed context: Against targets with unpatched services and default credentials, an autonomous AI agent achieves full credential harvest in under 30 minutes. A traditional attacker doing the same manually takes two days.


Your Risk - Priorty Factors


RISK FACTOR
WHY IT MATTERS
PRIORITY

Unpatched internet-facing services

AI tools correlate every discovered service version against the full CVE inventory automatically. Anything over 90 days behind is a systematic target.

CRITICAL

Default or weak credentials

Known default pairs are tested within minutes of service discovery. No reasoning required, pure automation.

CRITICAL

Open-source dependency exposure

Vulnerabilities in less-maintained components deep in dependency trees may not be patched quickly. AI assisted discovery can surface and exploit these faster than maintainers can respond. Ecosystems with large transitive dependency graphs such as npm, are particularly exposed.

CRITICAL

Exposed management interfaces

Tomcat manager, Kubernetes dashboard, VPN portals and database admin panels are high-priority targets for direct privileged access.

HIGH

Flat or under-segmented networks

A single perimeter entry leads to full lateral propagation in flat networks. AI tools plan and execute this autonomously.

HIGH

Cyber insurance policy terms

Insurers are introducing exclusions for AI discovered vulnerabilities not remediated within defined windows. Review policy language now.

MEDIUM



Detection in an AI-Assisted Threat Landscape


While AI systems such as Mythos may change how vulnerabilities are discovered and initial access is obtained, they do not fundamentally change what happens next.


Once access is established, attacker behaviour remains consistent:

  • Rapid or unusual process execution chains

  • Credential access attempts (e.g., LSASS interaction, token abuse)

  • Privilege escalation activity

  • Use of system tools for execution (PowerShell, bash, built-in utilities)

  • Lateral movement via RDP, SMB, or SSH

  • Persistence mechanisms and scheduled task creation

  • Command-and-control (C2) communication

  • Data staging and exfiltration


These activities generate detectable signals. The underlying techniques, tools, and protocols used post-compromise remain largely unchanged.


What This Means for Detection


The effectiveness of detection does not depend on how a vulnerability was discovered— whether manually or by AI. It depends on visibility and coverage. Organisations with strong telemetry and monitoring in place are well positioned to detect and respond to these activities, regardless of how initial access was achieved.


Five Actions to Take Now


  1. Patching/Vulnerability Management: Ensure timely patching of publicly facing infrastructure e.g. web servers, VPN concentrators, email gateways, and remote access infrastructure. AI tools will target anything more than 90 days behind latest patch status.


  2. Remote access: Nothing with admin access should be reachable from the public Internet.  Where external access is operationally necessary, restrict to named source IPs only. This is the single most effective control against AI-driven credential attacks.


  3.  Monitoring: Ensure monitoring coverage for VPN portals, webmail, cloud consoles, and remote desktop gateways, covering your ingress.


  4. Prepare and validate: AI-augmented attacks achieve objectives faster than quarterly review cycles.  Validate alerting thresholds, escalation paths and overall response plan.


  5. Cover your liability: Insurance carriers are repricing. Document your patching cadence with dates and scope so remediation timelines can be evidenced in a claim.


Bottom Line


The threat is real and present today. AI-driven tools are highly effective at identifying vulnerabilities across modern software environments, particularly where patching is delayed and dependency chains are complex.


The most effective controls remain unchanged: timely patching, strong authentication, network segmentation, and continuous monitoring, including visibility into third-party dependencies.


AI may accelerate how attackers gain initial access, but it does not eliminate the signals they generate. Complete and consistent telemetry remains the foundation for effective detection — especially as attack speed increases.


Contact your SamurAI MDR account manager to request a threat-led detection coverage review.

 
 
bottom of page