The butterfly that just changed cybersecurity.

A new AI model from Anthropic has just exposed thousands of security flaws hiding inside the world’s most trusted software, some for over two decades. The age of the once a year security audit is over, and every founder needs to know why.

I read something this morning that made me put my coffee down, and I am not talking about the ceasefire in the Middle East.

Anthropic, the makers of Claude, has announced Project Glasswing, a joint effort with AWS, Apple, Google, Microsoft, Cisco, JPMorgan Chase, NVIDIA, Broadcom, the Linux Foundation, and 30 others. The name comes from the glasswing butterfly, Greta oto, whose transparent wings let it hide in plain sight. A fitting image, because that is exactly how software vulnerabilities live among us. Quietly. Unnoticed. For years.

The reason these companies have come together is a new, unreleased model called Claude Mythos Preview. In just a few weeks of testing, it found thousands of previously unknown security flaws across every major operating system and web browser. One vulnerability had been sitting quietly inside OpenBSD for 27 years. Another lived inside FFmpeg for 16 years, in a piece of code that automated tools had tested over five million times without catching it. The model found most of these on its own, without anyone holding its hand.

I have been around software long enough to know how rare this kind of moment is. It reminded me of an experience I shared in my book, Founder Catalyst. Years ago, during a Cricket World Cup, my team was running one of the largest online marketing campaigns of that era for a client. A small oversight in terms of securing our app during a deployment cost us an entire day of customer data. Thousands of leads gone. We owned the mistake, rebuilt the safeguards, and learned that resilience is something you design for, not something you hope for.

That memory came rushing back as I read about Project Glasswing. If a careless deployment can do that much damage, imagine what an undiscovered flaw, hidden for two decades, could do in the hands of someone looking for it.

The hopeful side of this announcement is that defenders finally have a tool that can keep up with the scale of the problem. The worrying side is that the same capability, in the wrong hands, will shrink the gap between a flaw being found and being exploited from months to minutes.

So here is the real shift I want every founder and business leader to sit with. The era of auditing your enterprise software once a year with a consultant and a checklist is over. Your digital estate is far larger than you think. Old integrations. APIs nobody owns anymore. That internal dashboard, a developer built in 2019 and quietly left behind. A login flow that has not been touched in years. Each of these is now a doorway, and the cost for an attacker to find them has just collapsed.

It is time to start using AI tools to look at your own software the way attackers soon will. Not someday. This month. Run AI-assisted reviews on your codebase. Map every digital asset you own, including the forgotten ones. Ask your security partners what their AI augmented testing roadmap looks like, and if they do not have a clear answer, that itself is your answer. This is no longer a job for one annual audit. It is a continuous practice, and AI is now both the threat and the shield.

I wrote about this very angle last week, after the Mexico data breach, in which one person, likely working alone, walked away with data on 195 million people using Claude, ChatGPT, and a thousand prompts. That was the warning shot. Project Glasswing is the confirmation that the ground has shifted permanently. If you missed that earlier post, it is worth a read before this week ends.

Like the glasswing butterfly, what hides in plain sight is often the greatest risk.


Discover more from The Founder Catalyst

Subscribe to get the latest posts sent to your email.

Leave a Reply

About Venkatarangan

Venkatarangan Thirumalai is a Technology Visionary, Author, and Keynote Speaker on Generative AI with 30+ years in software. An Honorary Microsoft Regional Director since 1999, he advises CXOs on tech-driven growth.

Founder of Vishwak Solutions and co-founder of a US AI fintech startup, he predicted mobile computing in 2003 and built an ML news app long before GenAI. He mentors startups and promotes responsible AI through his book The Founder Catalyst.

Guiding Founders & Enterprises to Lead the Change with AI

From Gen-AI to digital transformation, my talks give your leadership team the frameworks to work smarter and make things happen.

Discover more from The Founder Catalyst

Subscribe now to keep reading and get access to the full archive.

Continue reading