Microsoft's regular monthly round of vulnerability fixes dropped on Tuesday 14 April, containing a handful of zero-days and critical updates. However, this Patch Tuesday was notable for being the second-largest in history by volume, comprising over 160 distinct flaws—only October 2025 saw more, with 175. Including third-party and Chromium updates, the total approached 250.

Commentators quickly invoked the spectre of artificial intelligence (AI). Dustin Childs of TrendAI's Zero Day Initiative described the update as "monstrous" and suggested that growth in AI tools for uncovering vulnerabilities at scale may be behind the sudden jump. Chris Goettl of Ivanti agreed, noting that the lead-up included several zero-days, such as a Google Chrome flaw and an Adobe Acrobat Reader vulnerability, amid buzz about Anthropic's Mythos and Project Glasswing.

Anthropic’s Claude Mythos and Project Glasswing

Launched in April, Project Glasswing is an Anthropic initiative built around Claude Mythos Preview, a frontier AI model claimed to discover zero-day flaws and develop exploits. Anthropic says Mythos has discovered "thousands" of critical vulnerabilities, some hidden for years. Access is initially limited to select tech companies including AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, Microsoft, Nvidia, and Palo Alto Networks.

While Mythos was released too recently to have directly caused this Patch Tuesday spike—analysis by VulnCheck shows only 75 disclosures mention Anthropic and one is directly attributable to Glasswing—the correlation is hypothetical but significant. The conversation about AI-driven vulnerability discovery is happening now.

UK Business Secretary Liz Kendall urged business leaders to "plan accordingly" as frontier models become more adept. Doc McConnell of Finite State, a former CISA branch chief, warned: "AI is a ratchet wrench for cybersecurity—it only goes in one direction: faster." He noted that while Anthropic's responsible approach is commendable, others may be exploiting similar capabilities quietly and irresponsibly.

The Dual-Use Nature of Frontier AI

Chris Goettl highlighted the dual-use potential: powerful AI models can be used by vendors to write more secure code, but also by researchers and threat actors to find flaws in released software. He expects more coordinated disclosures (good), more zero-day exploits (bad), and more n-day exploits (bad). This will result in more frequent and urgent software updates.

Many organisations already struggle to keep up with priority updates outside monthly maintenance. For example, the Adobe Acrobat zero-day exploit was not widely known until CISA added it to its Known Exploited Vulnerabilities list days later, giving threat actors a head start. Goettl emphasised that browser security updates are now weekly, and many business applications release updates continuously, meaning maintenance schedules will be increasingly disrupted.

Implications for Cybersecurity Strategy

Goettl believes security leaders must make a step change in mindset and maturity, defining risk appetite and posture more clearly. This should go alongside a technical evolution integrating vulnerability assessment with asset visibility and autonomous endpoint management (AEM) platforms to speed remediation.

McConnell laid out three steps: security must move to the beginning of the product lifecycle with continuous binary and software composition analysis; real-time SBOMs with automated reachability analysis for confident prioritisation; and automated vulnerability and incident response capabilities that triage and coordinate without manual investigation. He urged companies to make this a boardroom priority and partner with firms that already have such capabilities.

Could Frontier Models Benefit Cybersecurity?

Richard Horne, CEO of the UK's National Cyber Security Centre (NCSC), believes there is a path to using AI appropriately to find and fix flaws, but the road is paved with risks. He wrote that AI will increasingly expose organisations that have not taken appropriate cybersecurity steps. AI makes it easier, faster, and cheaper to discover and exploit weaknesses, increasing pressure to patch quickly.

Horne stressed following established good practices: reducing unnecessary exposure to attacks, rapid application of updates, and monitoring for malicious activity—all championed by board-level executives. He affirmed that the NCSC will continue advising on risks and opportunities, helping network defenders retain an advantage by getting the fundamentals right and carefully adopting frontier AI models for good.

The rapid evolution of AI-driven vulnerability discovery demands immediate action from security teams. Organisations that fail to adapt may find themselves overwhelmed by an unprecedented pace of vulnerabilities. Those that integrate proactive, AI-ready security practices into their core operations will be better positioned to defend against the coming wave.

Source: ComputerWeekly.com News