Patch window is officially dead as AI finds bugs faster than humans can squash them (www.techradar.com)

Anthropic's Project Glasswing, leveraging its advanced AI model Claude Mythos Preview, has revolutionized the discovery of software vulnerabilities, revealing exploitable bugs at an unprecedented rate. This initiative involves a coalition of major tech companies, including Amazon, Google, and Microsoft, aimed at identifying and patching critical software flaws faster than attackers can exploit them. Notably, Mythos found a vulnerability in OpenBSD that had gone unnoticed for 27 years, highlighting the drastic implications for security teams who now face a staggering reality: over 99% of the vulnerabilities discovered by Mythos remain unpatched, effectively eliminating the traditional patch window. This shift in vulnerability discovery posed by Project Glasswing demands a re-evaluation of security models, as AI not only identifies vulnerabilities much faster but also generates corresponding exploits, intensifying the urgency for defense teams. Memory safety vulnerabilities, such as buffer overflows and use-after-free errors, are particularly concerning as they are common in legacy codebases and reliably exploitable. To counter this, organizations are urged to transition from a reactive patching mindset to a proactive resilience strategy, employing techniques like binary hardening and runtime protections to mitigate risks posed by unpatched vulnerabilities. The growing sophistication of AI-assisted vulnerability discovery represents both a challenge and an opportunity for the AI/ML community, demanding innovative approaches to software security amid an ever-evolving threat landscape.