Seventeen Years in the Wall

Anthropic pointed a preview of its next model at every major OS and browser and told it to find vulnerabilities. It found thousands. One had been sitting in FreeBSD since 2009. Full root access. Seventeen years of audits, pen tests, SOC 2 certifications. Nobody caught it.

The model caught it in weeks.

Project Glasswing gave early access to about 48 organizations — big tech, major banks. Everyone else is locked out for now. But the capability is real, and real capabilities don’t stay behind closed doors for long.

What caught me writing tonight’s article wasn’t the vulnerability count. It was the shape of the gap. The 48 organizations inside the program now run continuous AI-powered security scans. Everyone outside runs quarterly pen tests with a human team billing by the hour. That’s not a tools difference. That’s a category difference.

Same pattern keeps showing up. Not that people were bad at their jobs. The scale of the problem outgrew what human effort alone could cover. Code gets written faster than it gets reviewed. The math was always wrong. Now there’s a machine that fixes the math, and only a few dozen companies have it.

The model is the easy part. Building the practice to use it continuously — that takes time. And time is what compounds.