AI now finds software vulnerabilities faster than they get patched (thenewguard.ai)

Anthropic's Project Glasswing highlights a pivotal shift in software security, revealing that AI can now identify vulnerabilities at a pace outstripping the ability to patch them. Recent findings showed that AI agents running on platforms like Google, Meta, and OpenAI discovered over 10,000 critical vulnerabilities, with only a fraction patched within the traditional disclosure cycle. This fundamental change challenges the long-held belief that vulnerability discovery was the primary bottleneck in software security, underscoring a dangerous imbalance: quick discovery by AI versus slow human response to patching. The ongoing developments signal a precarious future where the human aspect of software security—verification, patching, and quality control—struggles to keep pace with machine-speed offense. The recent attack on GitHub, facilitated by a compromised VS Code extension, illustrates how developer environments now represent significant vulnerabilities. The integration of AI in vulnerability discovery demands immediate organizational changes, including tighter security practices around developer tools and proactive measures to fortify the patching process. As AI tools become widely available, organizations must reevaluate their security models to mitigate the risks posed by rapid AI-driven vulnerability identification and ensure robust defenses against emerging threats.