For years, the conversation around cyber security has focused on one big question… “How quickly can organisations patch critical vulnerabilities?”.
And AI is sharply changing that question.
For most of the last decade, the threat landscape followed a fairly consistent rhythm. Attackers found vulnerabilities, defenders patched them, and both sides repeated. It was a race, but a manageable one, almost like a football match played in the spirit of fair play, where both sides shake hands, apologise for the odd foul, and head to the pub afterwards. Security teams could plan, triage, and respond within a window that, while uncomfortable, was at least humanly achievable.
As evidence of recent changes is the attention around Anthropic’s reported Project Glasswing and discussion surrounding advanced reasoning models such as Mythos 5, alongside growing concerns about how such powerful systems and similar emerging agentic platforms could fall into the wrong hands and potentially be leveraged by bad actors, highlighting how quickly both the technology and the surrounding conversation are evolving rapidly. And if you watched The Final Reckoning… Tom won’t be able to save you this time, as he’s busy watching World Cup matches with David Beckham.
Whether these projects ultimately deliver on every expectation is almost beside the point. They represent a future where AI can reason about code, infrastructure and security controls at a scale that humans simply cannot match.
And of course, most organisations are still running a security posture designed for the world that existed before it.
Speed Is the Obvious Problem. Chaining Is The Real One.
The conversation around AI and cybersecurity tends to focus on speed. AI can scan a codebase faster than any human team. It can identify known vulnerability patterns across thousands of systems in the time a security engineer would spend writing a single report.
But the more dangerous shift is subtler.
Traditional security operations are built on triage. With hundreds of new vulnerabilities published every month, organisations prioritise by severity score, CVSS ratings determine what gets patched immediately, what gets scheduled, and what gets quietly deferred to a backlog that never quite gets cleared. It’s an imperfect system, but it worked reasonably well when the assumption was that attackers were also working through lists, targeting the obvious high-value findings first.
AI breaks that assumption entirely.
A capable AI model doesn’t look at a low-severity finding and move on. For instance, It may look at three low-severity findings, understanding how they interact across a complex environment, and then constructing a chain that delivers a high-impact compromise. None of the individual vulnerabilities would have triggered an urgent action. Together, they’re a serious breach. The CVSS scoring model and the backbone of most vulnerability management programmes wasn’t designed to catch that, and right now, most still aren’t.
Combine this with the reality that the average enterprise still has significant patching backlogs… plenty of medium and low-severity findings sitting untouched for months, and the exposure becomes clear. The backlog that was manageable risk last year looks different when an AI can systematically work through it looking for combinations in a blink of an eye…
The Detection Gap Nobody Likes to Talk About
There’s another problem sitting underneath the patching conversation.
Most frontline security tooling is still largely signature-based. It’s trained to recognise threats it has seen before, like known malware patterns, established attack techniques, previously documented exploit signatures. This works reasonably well against the majority of commodity attacks that recycle familiar methods, like that midfield football player that’s not brilliant but does the job…
It doesn’t work against a zero-day. By definition, a previously unknown vulnerability has no signature to match. An AI-generated exploit built on novel vulnerability combinations has no historical pattern in any threat database. It walks straight past signature-based detection because there’s nothing to recognise or to stop it.
The answer is behavioural analysis, security that doesn’t ask “have I seen this before?” but instead asks “is this a normal behaviour?” A process behaving unexpectedly in memory, lateral movement that doesn’t match established baselines, protocol usage that turns from what’s typical for a given workload. These are signals that don’t require prior knowledge of the specific attack. They just require visibility and a good baseline.
Most organisations have some behavioural detection capability. Very few have it applied consistently across their full environment, particularly east-west traffic inside the datacentre, the corridor that matters most once an attacker already has a foothold.
Project Glasswing: When the Industry Confirms What Security Teams Already Suspected
Earlier this year, Anthropic did something that made the entire security industry pay attention.
They built an AI model so effective at identifying and exploiting software vulnerabilities that they decided not to release it at all. Instead, they stood it up as a controlled programme. Project Glasswing was available only to a small group of vetted technology companies for defensive research purposes. The model found tens of thousands of previously unknown vulnerabilities across major operating systems and browsers within its first weeks of use. Some of those vulnerabilities had been sitting undetected for over a decade.
Then, this month, the US government issued an export control directive forcing Anthropic to pull its latest models from global access entirely, citing the risk these capabilities pose if they land in the wrong hands.
That’s not a T&Cs footnote. That’s the industry’s own clearest signal yet that AI-assisted attack capability is no longer theoretical. When a government acts with that kind of urgency, and when a leading AI company decides a model is too dangerous to release commercially, the threat model has changed.
Okay, so what do organisations actually need to do?
The response has to be layered. No single tool covers this, and any vendor claiming otherwise isn’t being straight with you. Which in the security industry, it’s called defence in depth.
Behavioural detection needs to be a priority, not an upgrade item. The ability to catch anomalous activity without relying on known signatures is the fundamental gap AI-assisted attacks are designed to exploit.
Vulnerability prioritisation needs rethinking. Low-severity findings on highly connected systems… Particularly those sitting near other unpatched weaknesses which can no longer be automatically deprioritised. Automated tooling that surfaces combination risk, rather than individual Common Vulnerabilities and Exposures (CVE) scores, is becoming a necessity rather than a nice-to-have. This should be also viewed through the lens of attack path validation, a cybersecurity approach that tests whether an attacker can realistically chain together vulnerabilities, misconfigurations, and permissions to reach critical assets.
The gap between patch release and deployment needs to be covered. Virtual patching, applying protection at the network layer while a patch works through testing and change management bridging the window that AI-assisted attackers are increasingly targeting.
Rather than assessing security issues in isolation, it focuses on how an opponent could combine small weaknesses, such as a weak password, a misconfigured network share, and a high-privilege service account to achieve compromise.
Zero Trust architecture breaks the lateral movement problem at its root. Microsegmentation and least-privilege access mean that even a successful initial exploit lands an attacker in a contained environment with limited ability to traverse toward critical systems. It doesn’t stop every attack, but it significantly limits what an attacker can do with one. It’s like cutting off the passing lanes in football… you can’t always stop the attack, but you make it much harder to create chances.
Where VMware by Broadcom NSX vDefend Fits
For organisations running VMware Cloud Foundation, vDefend addresses several of these gaps in a single, natively integrated platform.
Virtual patching via IDPS gives security teams network-layer coverage against known vulnerabilities, including the ability to apply custom signatures before patches have cleared the change management process. Signatures update multiple times daily, keeping pace with emerging threats.
The distributed firewall and Network Traffic Analysis work together to establish behavioural baselines and flag anomalous east-west movement exactly the kind of lateral traversal that follows a successful chained attack. When it comes to Network Detection and Response maps, these detections automatically link to the MITRE ATT&CK framework, turning isolated alerts into a coherent attack narrative.
Zero Trust microsegmentation is enforced natively at the hypervisor layer, with policies that follow workloads automatically as environments change. It’s not a bolt-on. It’s built into the fabric of the platform.
vDefend won’t replace endpoint protection, code security scanning in the CI/CD pipeline, or a solid penetration testing programme. It’s one piece of the security stack, but it’s the piece that delivers virtual patching, behavioural detection, and lateral containment inside VCF environments. Right now, those are three of the most critical gaps to close. In other words, you must close spaces where the opponent is most likely to score.
The Bottom Line
Mythos and Project Glasswing didn’t create this problem. It made it undeniable.
AI is in the hands of defenders today, and it will be in the hands of attackers tomorrow… if it isn’t already… Don’t wait until you’re 7–0 down before deciding to change tactics. You might still get a goal back late on, but trust me… as a Brazilian, a 7–1 final score still hurts. The organisations that treat this as a reason to genuinely rethink detection, patching processes, and architecture will be far better placed than those waiting for a breach to make the business case.
The threat model changed. The security posture needs to follow.
