TL;DR: Anthropic’s Project Glasswing shows AI can autonomously scan production software, write working exploits, and chain flaws into full attack sequences with an 83% first-attempt success rate, intensifying an already strained CVE pipeline, according to Illumio. The security model is shifting from patch-first thinking to containment, segmentation, and least-privilege control because remediation cannot keep pace with discovery.
NHIMG editorial — based on content published by Illumio: What Project Glasswing means for the people running cybersecurity
By the numbers:
- An average enterprise takes 60-150 days to remediate a critical vulnerability.
- 32% of exploited CVEs in the first half of 2025 showed exploitation activity on or before the day of disclosure.
Questions worth separating out
Q: What breaks when AI can find exploitable software flaws faster than teams can patch them?
A: Patch-centric security breaks because remediation assumes there is time to test, approve, and deploy fixes before attackers act.
Q: Why do vulnerable systems become more dangerous when containment is weak?
A: A vulnerability becomes more dangerous when attackers can move laterally, reuse trust relationships, or inherit broad privileges after initial access.
Q: How do security teams know if containment is actually working against fast-moving exploits?
A: Containment is working when a realistic compromise cannot reach critical assets, cannot escalate privileges easily, and cannot move freely between segments.
Practitioner guidance
- Define your protect surface Identify the systems whose compromise would materially change business risk, then map the access paths into those systems.
- Reduce standing authority around critical systems Review service accounts, admin roles, and automated workflows that can reach high-value assets.
- Test containment against realistic exploit paths Validate segmentation policies and access boundaries using the paths an attacker would actually use, not only policy diagrams.
What's in the full article
Illumio's full blog covers the operational detail this post intentionally leaves for the source:
- The specific containment workflow used to prioritise systems by reachability rather than by CVE count.
- The practical segmentation sequence for protecting high-value assets first, including how policies are validated against real traffic.
- The identity-control examples behind least privilege and just-in-time access in a containment-led resilience model.
- The article's framing on how to turn response planning into isolation, continuity, and recovery decisions.
👉 Read Illumio's analysis of how Project Glasswing changes cybersecurity →
AI vulnerability discovery at machine speed: are controls keeping up?
Explore further
AI vulnerability discovery is turning patch-first security into a control-timing problem. Once exploit creation is compressed into minutes or hours, the limiting factor is no longer whether a team can identify the flaw. It is whether the environment already restricts movement, privilege, and trust. That changes the governance question from remediation speed to exposure tolerance. Practitioners should treat control timing as a first-class risk metric.
A question worth separating out:
Q: What should organisations do first when exploit discovery is moving faster than remediation?
A: Start by ranking exposure paths, not by trying to eliminate every vulnerability equally. Define the systems that matter most, reduce standing privilege around them, and validate segmentation against real traffic. Then tie incident response to isolation and continuity of operations, because speed of containment now matters more than the speed of patch completion.
👉 Read our full editorial: AI-powered vulnerability discovery is forcing containment-first security