For decades, cyber attackers were limited by human speed. Finding vulnerabilities required skilled researchers, expensive tooling, and significant time. Security teams operated under the assumption that they could discover and patch vulnerabilities before attackers found them.
That assumption is breaking down.
In April 2026, Anthropic launched Project Glasswing, a cybersecurity initiative involving some of the world's largest technology companies. One month later, Anthropic reported that its AI systems had identified more than 10,000 high- and critical-severity vulnerabilities across widely deployed software systems.
The significance of Glasswing is not the number itself.
The significance is what the number represents.
Attackers no longer need to manually search for weaknesses. AI can do it continuously, globally, and at a speed no human team can match.
The Internet is becoming a Dark Forest.
The TCP/IP protocols that power today's Internet were designed in the 1970s with one primary goal: connectivity.
| Layer | What's Exposed | What Attackers Learn |
|---|---|---|
| Network | IP addresses | Location, hosting provider, network topology |
| DNS | Domain names | Services, subdomains, infrastructure map |
| Transport | Open ports | Running services, software versions |
| Application | Service banners | Software stack, patch levels, configurations |
Anyone can discover anything. This openness helped create the modern Internet, but it also created an unintended consequence: visibility became the prerequisite for attack.
Before an attacker can exploit a system, they must first find it.
Historically, that discovery process was expensive.
Glasswing is a defensive initiative. Its purpose is to help software vendors discover vulnerabilities before adversaries do.
But cybersecurity history shows that defensive capabilities rarely remain exclusive.
| Defensive Tool | Original Purpose | Attacker Usage |
|---|---|---|
| Nmap, Nessus | Network auditing | Reconnaissance and target discovery |
| Metasploit | Penetration testing | Exploit development and delivery |
| Cobalt Strike | Red team operations | Command and control infrastructure |
| AI vuln discovery | Proactive patching | Coming soon |
Project Glasswing is effectively demonstrating the future capabilities that both defenders and attackers will possess.
Modern cybersecurity largely relies on a simple model:
This model worked when vulnerability discovery was slow.
It becomes increasingly fragile when AI can discover vulnerabilities at Internet scale.
| Activity | Human Speed | AI Speed |
|---|---|---|
| Vulnerability discovery | Days to weeks | Minutes to hours |
| Risk analysis | Hours to days | Seconds |
| Exploit development | Days to months | Hours to days |
| Patch deployment | Weeks to months | Still weeks to months |
Even the best organizations cannot instantly patch thousands of findings. Security teams must analyze risks, test fixes, coordinate deployments, and maintain operational stability.
As AI accelerates discovery, the gap between finding vulnerabilities and fixing vulnerabilities continues to grow.
Most cybersecurity technologies focus on protecting systems after they become visible.
| Technology | Function | Assumption |
|---|---|---|
| Firewall | Filter traffic | Attacker can reach the perimeter |
| IDS / IPS | Inspect traffic | Attacker can send packets |
| WAF | Filter HTTP requests | Attacker can reach the web server |
| EDR | Monitor endpoints | Attacker has already gained access |
| SIEM | Analyze events | Attack is already in progress |
These technologies remain essential, but they all share a common assumption: The attacker can already see the target.
AI changes the economics of this assumption. When reconnaissance becomes effectively free, visibility itself becomes a security risk.
Traditional Zero Trust architectures focus on identity, authentication, authorization, least privilege, and continuous verification. These principles remain essential.
However, AI introduces a new challenge. When vulnerability discovery becomes automated, reducing exposure becomes just as important as verifying identity.
The original Software-Defined Perimeter (SDP) architecture introduced the concept of making infrastructure invisible until authentication succeeds. OpenNHP extends this principle through the Network-infrastructure Hiding Protocol (NHP).
| Traditional Model | OpenNHP Model |
|---|---|
| 1. Service is visible | 1. Service is invisible |
| 2. Attacker connects | 2. User presents cryptographic proof |
| 3. Authentication begins | 3. Proof verified |
| 4. Vulnerabilities exploitable before auth | 4. Service becomes visible only to verified user |
Protected resources remain invisible until cryptographic verification succeeds. Unauthorized entities cannot discover the protected service, scan its ports, or interact with it.
Project Glasswing is an important milestone.
Not because it discovered thousands of vulnerabilities.
But because it demonstrates what happens when AI is applied to vulnerability discovery at scale.
The lesson is clear.
If AI can discover vulnerabilities faster than humans can remediate them, then security can no longer rely solely on patching, detection, and response.
We must also reduce visibility.
| Old Paradigm | New Paradigm |
|---|---|
| Visible by default | Invisible by default |
| Detect and respond | Prevent discovery |
| Bigger walls | No walls to find |
| Patch faster | Nothing to patch if invisible |
| Trust then verify | Verify then reveal |
The next generation of cybersecurity will not simply verify who can access a resource.
It will prevent unauthorized parties from discovering the resource in the first place.
The future Internet will not be secured by bigger walls.
It will be secured by making critical infrastructure invisible until cryptographically verified.
AI-powered attackers cannot exploit what they cannot find.
OpenNHP hides your infrastructure by default.