Artificial Intelligence & Machine Learning
,
Next-Generation Technologies & Secure Development
,
The Future of AI & Cybersecurity
How We Respond Will Determine the Future Of Cybersecurity and the Digital World
•
April 16, 2026
There are moments in every industry when progress forces a pause – when the conversation shifts from what is possible to what must be done responsibly.
See Also: AI Impersonation Is the New Arms Race-Is Your Workforce Ready?
Having spent over three decades in cybersecurity, you accumulate more than just experience. You accumulate bruises, scars, and, perhaps most importantly, reference points. Those reference points matter because they give you a way to orient yourself when you encounter moments that feel unfamiliar: moments that signal a shift, but are not yet fully understood.
The introduction of Anthropic’s Mythos model is one such moment. But even more important, in my view, is the announcement of Project Glasswing: a coordinated effort where a select group of ecosystem partners have been given early access to this capability, with the responsibility to help prepare their organizations, their clients and, in turn, the broader community for what lies ahead.
That framing matters. Because this is not just about a model. It is about how we, as a community, respond to what is coming.
To understand where we might be heading, it is worth grounding ourselves in where we are, and how we got here.
1. The Shift Already Underway
Across every conversation, every gathering, every boardroom discussion over the past year, one theme has been impossible to ignore: artificial intelligence. What has changed recently is the nature of that integration, and the speed at which it is evolving. We are now entering a world of agentic AI: systems capable of making decisions and taking actions at machine speed, often with minimal human oversight.
That shift doesn’t just expand the attack surface. It complicates ownership, accountability and trust in ways that existing frameworks weren’t designed for. When an AI agent acts autonomously and something goes wrong, the question of who is responsible doesn’t have a clean answer. And when systems operate at machine speed, meaningful human oversight starts to strain. These aren’t edge cases. They are design features of the environment we are entering.
2. Two Moments, One Thread
When I think about Mythos and Glasswing, I find myself going back to two very different moments from earlier in my career.
The first was a conversation with a mentor – let’s call him Richard – who once told a group of us young practitioners that a future would emerge where one could effectively “shop” for vulnerabilities. If you did not know how to use them, those same providers would offer services to weaponize them, create custom attack scripts and even execute those attacks on your behalf. All you would need to do is provide the target, and, of course, the payment. He added, with a touch of humor, that these “stores” would likely have excellent customer service.
At the time, it sounded extreme. Even unsettling. But over the years, that prediction proved to be less a warning than a forecast.
By the early 2010s, exploit kits like Blackhole and Angler had turned vulnerability exploitation into a subscription model: packaged, updated and sold with tiered pricing. Forums on the darkweb evolved into full-service marketplaces where initial access brokers listed compromised network footholds the way a realtor lists properties: by industry, company size and revenue.
By the mid-2010s, ransomware-as-a-service had industrialized extortion itself, with affiliate programs, negotiation support desks and revenue-sharing arrangements that mirrored legitimate SaaS businesses. Groups like REvil, DarkSide and LockBit operated with the organizational discipline of mid-size enterprises, complete with PR strategies and, yes, responsive customer service.
Richard was right. He was simply early.
The second moment takes me back to April 5, 1995. That was the day Dan Farmer and Wietse Venema released SATAN (the Security Administrator Tool for Analyzing Networks), the industry’s first widely available automated open-source vulnerability scanner.
The reaction was fierce. The New York Times ran a front-page story warning that SATAN could “crash the internet.” The FBI reportedly monitored its distribution. Farmer lost his job at Silicon Graphics. The backlash was that swift and that intense.
And yet, with the benefit of hindsight, SATAN’s legacy is complicated in the best possible way. The controversy it sparked forced organizations to confront a question they had been avoiding: if we can’t see our own vulnerabilities, neither can we defend them. In the years that followed, vulnerability scanning became a foundational practice. The tools that came after SATAN, including Nessus, OpenVAS and Qualys, and eventually the modern vulnerability management platforms of today, owe a direct lineage to that release. What felt dangerous in 1995 became standard practice by the early 2000s.
These moments, separated by decades, share a common thread. They forced the community to confront uncomfortable questions about capability, access and responsibility. And each time, the path forward was not defined by any single actor, but by how the community chose to respond.
3. A Familiar Framework – and Its Limits
It is natural, in moments like the one we are in now, to look for familiar frameworks to help make sense of what we are seeing. In many ways, Project Glasswing resembles something we understand well in cybersecurity: coordinated vulnerability disclosure.
The concept has its roots in the mid-1990s and early 2000s, emerging from a period of sharp debate between “full disclosure” advocates, who argued that vulnerabilities should be released immediately and publicly to pressure vendors to act, and those who believed that responsible coordination between researcher and vendor was the more ethical path. Out of that tension, coordinated disclosure evolved as a structured middle ground: identify a vulnerability, notify the affected vendor privately, allow a defined remediation window (typically 90 days, a standard later codified by Google’s Project Zero) and then disclose publicly.
Project Glasswing echoes that logic. A capability is identified, access is controlled and a group of responsible actors works together to understand, mitigate and prepare before broader exposure. There is genuine value in that comparison. It reflects an instinct deeply embedded in our community: the instinct to coordinate, to act responsibly and to protect the broader ecosystem.
But this is also where the comparison begins to fall short.
Coordinated disclosure works because a vulnerability is discrete. It has a CVE number. It affects a defined set of systems. It can be patched, mitigated, or retired. The window between discovery and remediation, while imperfect, is bounded.
What we are dealing with here is not a vulnerability. It is a capability. It is not episodic; it is continuous. And it is not contained; it is systemic. The scale and speed at which these capabilities can operate introduce a fundamentally different dynamic, one that stretches the limits of the frameworks we have relied on in the past.
4. The Asymmetry Problem – Amplified
Cybersecurity has always been defined by asymmetry. Defenders must be right all the time, while attackers only need to be right once. That dynamic has shaped everything from how we architect security programs to how we measure their effectiveness.
What changes now is the magnitude of that asymmetry.
Consider what automated, AI-driven vulnerability discovery could mean in practice. Tasks that once required a skilled penetration tester weeks of focused effort (reconnaissance, enumeration, chaining together exploit sequences, identifying logic flaws in complex enterprise applications) could be accelerated by orders of magnitude. The skills floor drops. The throughput ceiling rises. And because these capabilities are not zero-sum, the same model that helps a defender identify gaps in their environment can, in principle, be directed at someone else’s.
This widening asymmetry is not something any single organization can solve. It is something the entire community must learn to navigate together.
5. A New Category of Responsibility
And this is where the conversation fundamentally changes, and where the role of frontier AI labs becomes central.
For the first time, we are seeing organizations that are not traditional cybersecurity vendors operating at the leading edge of capabilities that have direct and profound security implications. These labs are not just building models; they are shaping the boundaries of what is possible. With that comes a level of responsibility that extends beyond innovation into stewardship of the ecosystem itself.
This is a meaningful departure from historical norms. In the past, when a security company released a powerful offensive tool (whether a commercial exploitation framework, a vulnerability scanner, or a threat intelligence platform), there was at least an implicit assumption that the organization understood the security implications of what they were releasing. Their entire business was built around that domain.
AI labs operate under a different set of incentives and institutional norms. They are, in many cases, moving faster than the regulatory environment, faster than existing security frameworks, and faster than the broader community’s ability to understand and respond. Project Glasswing reflects an early acknowledgment of that reality. But responsibility is no longer confined to those who build security products or defend systems. It now extends to those who create the underlying capabilities that redefine the threat landscape.
6. Why This Moment Feels Different
It is, in many ways, a moment of truth for the cybersecurity ecosystem. Because it challenges an assumption we have long held: that shared responsibility, while important, can often be distributed, deferred, or compartmentalized. That assumption no longer holds. The interconnected nature of these capabilities means that the actions, and inactions, of one part of the ecosystem can have consequences for all.
In that context, the approach taken with Project Glasswing deserves recognition. It reflects an understanding that capability must be matched with responsibility, that access must be paired with accountability and that innovation must be accompanied by preparation.
But we should also be clear. This is only the beginning. This extends beyond any single model. It is about the emergence of a new class of capability that will shape the operating environment for years to come.
7. The Question That Actually Matters
The defining question is no longer what a model can do. It is how a community responds to what it enables.
That response cannot be fragmented. It must be collective. Researchers, product vendors, practitioners, developers, architects, analysts and regulators, and now, increasingly, frontier AI labs, each has a role to play. And more importantly, each must recognize that their role is part of a larger whole.
We have, as a community, built processes, frameworks and norms that have helped us navigate risk in the past. CVD. Threat intelligence sharing. ISACs. Red team/blue team disciplines. Bug bounty programs. Incident response playbooks. Each emerged not from a single mandate, but from the accumulated experience and collective will of a community that understood it could not solve hard problems alone.
Now we must extend that thinking, not by simply applying old models, but by evolving them to meet a new reality. Because the consequences of getting this wrong will not be isolated. They will be systemic.
8. The Weight of What We Don’t Know
But before we go further, there is something that deserves to be said plainly.
We don’t fully know what these models will bring.
That is not a hedge. It is not a disclaimer. It is, I would argue, the most important thing to hold onto right now. The instinct in moments like this is to reach for certainty. To map new territory onto familiar maps. To say: we have seen versions of this before, we know how the story ends and here is what we must do.
The history described earlier: Richard’s prediction, SATAN, the professionalization of adversarial infrastructure. These are reference points, not roadmaps. They tell us something about how capability diffuses, how communities respond and how norms eventually emerge. But they do not tell us what a model like Mythos will actually unlock, at scale, in the hands of actors we cannot fully anticipate.
We don’t know how quickly adversarial actors (nation-states, organized criminal enterprises, independent researchers working without ethical guardrails) will adapt these capabilities for offensive use. We don’t know what latent capabilities exist that haven’t yet been surfaced, deliberately or otherwise. We don’t know whether agentic AI combined with the attack surface of modern enterprise infrastructure will produce emergent threat patterns that no one has modeled for.
And perhaps most importantly: we don’t know whether coordination, even excellent, well-intentioned, broad coordination, will be enough.
There is an uncomfortable possibility that rarely gets named: that some of what is coming will not be containable through coordination alone. That the asymmetry between offense and defense, already structural and persistent, may widen in ways that coordination can slow but not stop. That the community doing everything right may still face a period of genuine instability before new equilibria emerge.
Acknowledging that is not defeatism. It is intellectual honesty. And intellectual honesty, in my experience, is a precondition for doing the hard work that actually makes a difference.
9. A Community Defined by How It Responds – to What It Cannot Fully See
The cybersecurity community has faced difficult moments before. It has done so with resilience, with curiosity and with a willingness to adapt. SATAN forced a conversation about the democratization of security tools. The commercialization of adversarial infrastructure forced a reckoning with the economics of cybercrime. The emergence of nation-state actors as persistent threats redefined what defenders had to prepare for.
Each time, the community found a way forward. Not easily. Not without disagreement. And never with full visibility into what was coming.
That last part matters. Because the community did not succeed in those moments because it had complete clarity about what the future held. It succeeded because it built the capacity to respond: quickly, collectively and with enough humility to keep revising its assumptions as new information emerged.
That is the posture this moment calls for. Not confidence that we know how this unfolds. Not reassurance that if everyone coordinates responsibly, the path forward will be manageable. But a clear-eyed acknowledgment that we are operating at the edge of what is understood, and that the willingness to act responsibly in the presence of uncertainty is itself a form of leadership.
Project Glasswing is a step in that direction. So is the broader conversation this moment is forcing. But steps are not destinations.
The work ahead will require more than coordination. It will require the courage to name what we don’t know, the discipline to keep asking hard questions even when the answers are inconvenient and the institutional will to build for a threat environment that we can only partially anticipate.
This moment is not just about technology. It is about trust. It is about responsibility. And it is about whether we, as a community, have the honesty to look at what we cannot fully see, and build for it anyway.
Moments like this do not just test an industry. They redefine it. And how we respond – together, and with open eyes – will determine not just the future of cybersecurity, but the resilience of the digital world we are all, still, trying to understand.
