Artificial intelligence has proven it can find software vulnerabilities faster and at greater scale than any human team. Project Glasswing — and its AI system Mythos — demonstrated exactly that. But the uncomfortable truth exposed by this landmark research isn't about discovery at all. It's about what happens after: almost nothing. Fewer than 1% of the vulnerabilities Mythos uncovered were ever patched, laying bare one of the most pressing and underappreciated problems in modern cybersecurity.

What Is Project Glasswing?

Project Glasswing is an AI-driven vulnerability research initiative built around Mythos, a large-scale automated analysis system designed to identify security flaws across codebases at a speed and breadth no human researcher could match. The project targeted real-world software — including legacy systems carrying decades of technical debt — and systematically surfaced bugs that had gone undetected for years, in some cases for the better part of two decades.

The results were staggering in terms of raw discovery. Mythos didn't just find known classes of vulnerabilities in new places; it identified genuinely novel flaws buried deep in mature, widely deployed codebases. From memory corruption issues to logic errors with serious security implications, the AI proved capable of reasoning about code in ways that parallel — and in some respects exceed — skilled human auditors working under time constraints.

The Remediation Gap: A Crisis Hidden in Plain Sight

The headline finding of Project Glasswing isn't that AI can find bugs. That much was becoming apparent. The headline is that the broader ecosystem has no infrastructure to absorb what AI-scale discovery produces.

When fewer than 1% of discovered vulnerabilities result in patches, the math becomes alarming quickly. If a single AI system surfaces tens of thousands of previously unknown flaws, the unpatched remainder represents an enormous, newly documented attack surface — one that now exists in reports, databases, and potentially in the hands of threat actors who monitor such research, but does not exist in the form of mitigations.

• Maintainer bandwidth: Many affected projects are maintained by small teams or solo developers with no dedicated security personnel. A flood of inbound vulnerability reports — however accurate — can overwhelm triage capacity entirely.
• Legacy code ownership: Decades-old code often has no clear current owner. Responsible disclosure has nowhere to go when the original author is unreachable and no successor organization has assumed stewardship.
• Prioritization paralysis: When everything is urgent, nothing is. Organizations receiving simultaneous reports of dozens of flaws struggle to sequence remediation in a way that manages actual risk rather than just closing tickets.
• Economic incentives: Fixing old bugs in stable software rarely generates revenue, reduces churn, or earns bonuses. The incentive structures that govern software development do not naturally reward remediation of legacy security debt.

Why Decades-Old Vulnerabilities Are the Most Dangerous Discovery

It might be tempting to assume that old bugs are lower severity — that if they had been exploitable and serious, they would have been found and exploited already. Project Glasswing challenges that assumption directly.

Many of the vulnerabilities Mythos surfaced had been present in production code for fifteen to twenty years. They weren't benign; they were simply hidden. The difference between a vulnerability that has existed for twenty years without exploitation and one that gets weaponized is often nothing more than knowledge — specifically, who knows it exists. Once an AI system documents these flaws at scale, the knowledge asymmetry shifts. Defenders may have the report, but so might anyone else monitoring public vulnerability disclosures.

A vulnerability that went unnoticed for two decades does not become less dangerous once it is discovered and published. In many cases, it becomes more dangerous — because publication is the moment it enters the operational planning of threat actors.

AI as a Force Multiplier for Discovery — and for Attackers

The dual-use dimension of Project Glasswing cannot be ignored. The same AI techniques that Mythos uses to find vulnerabilities defensively can be adapted offensively. If a well-resourced threat actor — a nation-state APT group, a sophisticated ransomware syndicate, a well-funded criminal organization — deploys equivalent capability, the output is not a responsible disclosure report. It is an exploit kit.

This asymmetry is a defining feature of the current moment in security. AI lowers the cost and raises the throughput of vulnerability discovery for everyone. The question of who benefits depends entirely on whether the defensive side can build a remediation pipeline that keeps pace with the discovery pipeline — something Project Glasswing proves does not yet exist.

What a Functional Remediation Pipeline Would Require

Closing the gap exposed by Project Glasswing isn't simply a matter of hiring more developers or allocating more time to patching. It requires rethinking the entire downstream architecture of vulnerability management.

• AI-assisted triage and patch generation: The same AI capability used to find bugs should be applied to generating candidate fixes, reducing the burden on human maintainers to start from scratch on every remediation.
• Coordinated disclosure infrastructure: Centralized or federated systems that can route AI-generated vulnerability reports to the correct maintainers — including for orphaned and legacy projects — don't exist at the required scale. Building them is an unsolved organizational problem.
• Funded remediation for critical open source: Initiatives like the Open Source Security Foundation represent early attempts to fund security work on widely used open source components. Project Glasswing's findings make the case that this funding needs to scale by orders of magnitude.
• Regulatory incentives: Emerging software liability frameworks and secure-by-design mandates from bodies like CISA create at least a partial economic case for remediation that didn't exist before. Whether these incentives are sufficient remains to be seen.

The Human Element That AI Cannot Replace

Project Glasswing demonstrates AI's exceptional capability in the discovery phase of the vulnerability lifecycle. What it equally demonstrates is that discovery is only one phase — and arguably not the hardest one. Remediation requires human judgment: understanding business context, assessing exploitability in a specific deployment environment, managing the risk of a patch introducing new instability, and communicating urgency to stakeholders who may not have a technical background.

These are not tasks that current AI systems perform reliably or autonomously. They require skilled security engineers, developers with deep familiarity with the affected systems, and organizational processes that treat security remediation as a first-class engineering priority rather than an afterthought.

Conclusion: Discovery Without Remediation Is Just Inventory

Project Glasswing's legacy should not be the impressive capability of Mythos as a vulnerability discovery engine. Its legacy should be the structural problem it forced into the open: the security industry has invested heavily in finding problems and almost nowhere near enough in fixing them.

A world where AI can produce an exhaustive catalog of software vulnerabilities faster than any human team but fewer than 1% of those vulnerabilities get patched is not a more secure world. It is a more thoroughly documented insecure one. Closing that gap — building the remediation infrastructure, incentive structures, and human capacity that AI-scale discovery demands — is the defining security challenge of the next decade. Project Glasswing proved AI can find the bugs. The rest is on us.