The Vulnerability Singularity,

Last week, Anthropic announced that its new model, Claude Mythos, had autonomously identified thousands of critical zero-day vulnerabilities across every major operating system and web browser - some of them undetected for decades. The model found a 17-year-old remote code execution flaw in FreeBSD that gives an unauthenticated attacker complete root access to any machine running NFS. Fully autonomously. No human in the loop after the initial prompt.

Anthropic responded by withholding the model from public release and forming Project Glasswing - a coalition of technology giants tasked with using Mythos defensively, to find and patch vulnerabilities before malicious actors do the same.

It is a serious, well-funded, genuinely well-intentioned initiative. It will not work. Not because of lack of capability or commitment, but because it is built on a mathematical impossibility.

Before Mythos, the security industry operated on an implicit assumption: that the rate at which vulnerabilities are discovered and the rate at which they can be patched were - if not equal - at least in the same order of magnitude. Imperfect balance, yes. A race, yes. But a race between contestants of roughly comparable speed.

That assumption is now structurally false, and the numbers make it indisputable.

Enterprises currently remediate approximately 16% of known vulnerabilities per month (NIST). The median time to close half of all internet-facing vulnerabilities is 361 days. For healthcare it is 519 days. For education, 577. Known Exploited Vulnerabilities - the ones CISA flags as actively weaponised - take a median of 174 days to remediate. The non-critical ones: 621 days.

This is not negligence. It is physics. Patching a vulnerability in an enterprise stack requires identifying every system where the vulnerable component exists, across the entire supply chain - every open source library incorporated into every service, every vendor dependency, every embedded system, every legacy component that cannot simply be ripped out. It requires testing the patch in staging, coordinating change control, scheduling deployment windows, validating in production, and documenting for compliance. In a regulated environment with hundreds of services and thousands of dependencies, this process takes months to years per vulnerability class.

Now consider the other side of the equation. Before Mythos, vulnerability discovery was already accelerating: over 37,000 new CVEs were published in 2025, a 22% increase from 2024. The time-to-exploit after disclosure had already collapsed to five days for known vulnerabilities, and 72 hours in cloud environments. The backlog was already mathematically unpayable - enterprises remediate 16% per month of a pool that grows faster than they can drain it.

Mythos changed the order of magnitude on the discovery side. A model that finds thousands of critical vulnerabilities in weeks - autonomously, in parallel, at effectively zero marginal cost - is not moving faster in the same race. It is changing the race into something else entirely.

Anthropic's own offensive cyber lead said it plainly: capabilities like this will be broadly available within six to twelve months, from actors not committed to responsible disclosure.

This is the vulnerability singularity. The rate of discovery has crossed the rate of remediation asymptotically and irrecoverably. There is no version of Project Glasswing - however well-resourced, however well-intentioned - that escapes this event horizon. You cannot patch your way out of a singularity. The physics do not permit it.

Project Glasswing's logic is: use AI to find vulnerabilities faster, so defenders can patch before attackers exploit. It is the right reflex for the world that existed before Mythos. It is the wrong solution for the world Mythos created.

The problem is not that defenders lack AI assistance. The problem is that the patch cycle - with its inherent coordination overhead, testing requirements, change management processes, and supply chain dependencies - has a structural floor below which it cannot go. That floor is measured in weeks and months. The discovery cycle, once AI-assisted, is measured in hours.

When the fastest possible remediation is orders of magnitude slower than the fastest possible discovery, the gap does not close. It compounds. Every cycle, the backlog grows. Every cycle, the window of exposure widens. Glasswing accelerates the discovery side of an equation where the bottleneck is the remediation side. It is solving for the wrong variable.

Anthropic knows this. Their own red team wrote it, almost precisely: "Mitigations whose security value comes primarily from friction rather than hard barriers may become considerably weaker against model-assisted adversaries."

Patch cycles are friction. They have always been friction. They were survivable friction when discovery was slow. They are fatal friction when discovery is instant.

There is only one class of defence that remains valid when the attacker can find vulnerabilities faster than defenders can patch them: make the vulnerabilities unreachable.

This is not a new idea. It is the oldest idea in security, stated precisely: a vulnerability that cannot be reached cannot be exploited. The question has always been whether you could establish identity and trust at the connection layer - before any application logic executes, before any vulnerable surface is exposed - reliably, at scale, across an enterprise with thousands of services and an autonomous workforce that outnumbers humans 80 to 1.

We built Identity Plus to answer that question. Not in response to Mythos - the architectural work began a decade ago, when the observation was simply that the internet's identity model was built for a human actor that was already disappearing. The answer we arrived at was Identity Gated Execution: cryptographic verification of the connecting entity at the transport layer, before any application logic is reachable.

When every actor - human, automated, or AI - carries a cryptographically bound identity that is verified at connection time, the attack surface is not the entire application stack. It is the set of verified entities that can connect. For a service with 300 authenticated B2B integrations, that means the reachable attack surface is 300 verified agents, not 10 billion unknown internet devices. Mythos can find every vulnerability in your stack. It cannot reach them.

This is not a claim about making software bug-free. Vulnerabilities will always exist. The vulnerability singularity does not change that. What changes is the relevance of the question. In a world where unknown actors are structurally excluded before connection, the exploitability of an application vulnerability is contingent on the attacker having an identity that your perimeter recognises. The attack surface is not your codebase. It is your trust boundary.

Glasswing will find vulnerabilities. Some will be patched. Many will not - the mathematics guarantee it. The ones that are not patched will be found again, by models that are not committed to responsible disclosure, on a timeline that Anthropic's own researcher put at six to twelve months.

The security industry is at the same inflection point that the identity industry passed a decade ago, when machines began to outnumber humans and every human-centric control started to degrade. The instinct then was to build better credential management - NHI platforms, secrets vaults, rotation automation. The correct answer was to remove the credential architecture entirely.

The instinct now is to build better vulnerability management - AI-assisted discovery, faster patching, continuous scanning. The correct answer is to remove the assumption that vulnerabilities need to be reachable.

Friction-based defenses had a good run, but the singularity ended it. Identity Plus is building the connection-layer identity infrastructure that makes vulnerability reachability a design choice, not a risk management problem. If this argument resonates let us talk.