Rupert Marais stands at the forefront of modern digital defense, serving as a seasoned Security Specialist with a deep focus on endpoint protection and large-scale network management. His extensive background in developing robust cybersecurity strategies has made him a vital voice in the industry, particularly as artificial intelligence begins to redefine the boundaries between defensive patching and offensive exploitation. Today, we sit down with him to discuss the emergence of high-capability models like Claude Mythos Preview and the strategic initiatives designed to protect global infrastructure from a new generation of autonomous threats.
We explore how general reasoning improvements in AI lead to the discovery of decades-old vulnerabilities and the ethical dilemmas surrounding the release of such powerful tools. Marais provides a deep dive into the $100 million Project Glasswing initiative, the specific challenges faced by open-source maintainers, and the shifting landscape of state-sponsored autonomous attacks.
AI models are now discovering decades-old vulnerabilities, such as a 17-year-old remote code execution flaw in FreeBSD, without human intervention. How do these capabilities emerge from general reasoning improvements, and what specific technical hurdles exist when trying to separate defensive patching from offensive exploitation?
The discovery of vulnerabilities like the 17-year-old FreeBSD flaw—specifically CVE-2026-4747—isn’t the result of a model being fed a manual on hacking, but rather a downstream consequence of enhanced logic and code comprehension. When an AI improves its ability to reason through complex sequences, it naturally begins to see the “cracks” in logic that have remained hidden from human eyes for decades. The primary technical hurdle is that the exact same reasoning used to identify a bug so it can be patched is what an attacker needs to exploit it. In fact, these models can now chain together four or five minor vulnerabilities in sequence to achieve a sophisticated, devastating outcome. Because the process of finding the flaw and understanding how to trigger it is identical, we face a dual-use dilemma where the tool is inherently a weapon and a shield simultaneously.
Large-scale initiatives now grant major tech firms and open-source foundations exclusive access to high-capability models for vulnerability scanning. What criteria determine which organizations receive this access, and how can $100 million in usage credits realistically transform the security posture of global infrastructure?
The selection process for Project Glasswing focuses on the “backbone” of the internet, prioritizing organizations like Amazon Web Services, Google, and the Linux Foundation whose code serves as the foundation for nearly everyone else. By extending access to over 40 additional organizations that maintain critical software infrastructure, the initiative targets the points of highest impact. A commitment of $100 million in usage credits allows these entities to run incredibly compute-intensive scans that would otherwise be cost-prohibitive. This scale of investment means that instead of searching for bugs one by one, these organizations can perform “saturated” scanning across entire operating systems and web browsers simultaneously. It essentially compresses ten years of manual security auditing into a matter of weeks, clearing out thousands of external vulnerabilities before they can be exploited.
Open-source maintainers often lack the luxury of dedicated security teams despite their code underpinning critical global systems. How will multi-million dollar donations specifically help these small teams integrate AI-driven scanning, and what step-by-step process should they follow to manage the discovery of high-risk bugs?
The $4 million in direct donations to groups like Alpha-Omega and the Apache Software Foundation is a game-changer because it provides the financial muscle to hire experts who can actually implement these AI tools. For a small team, the first step is using the AI to perform a comprehensive audit of their legacy code, looking specifically for “zombie” bugs like the 27-year-old flaw recently found in OpenBSD. Once a bug is identified, the maintainers must use the AI’s reasoning to generate a patch and then verify that the fix doesn’t break existing functionality. Finally, they need to coordinate a “silent” rollout of the fix through organizations like the OpenSSF to ensure that attackers don’t see the patch and reverse-engineer the vulnerability before users can update. This structured approach moves open-source from a reactive, “volunteer-best-effort” model to a professional-grade defensive posture.
State-sponsored groups are already utilizing autonomous AI agents to infiltrate dozens of global targets independently. Given this shifting threat landscape, how should intelligence agencies balance the need for secrecy with the public’s need for protection, and what metrics indicate an AI-led attack is currently underway?
We have already seen documented cases where a Chinese state-sponsored group used AI agents to autonomously infiltrate approximately 30 global targets, handling most tactical operations without human help. Intelligence agencies are currently in a difficult position where they must weigh the benefits of keeping these “frontier” models private against the urgent need to warn the public about the speed of these attacks. A key metric for an AI-led attack is the sheer velocity and complexity of the exploitation attempts; if you see a sequence of three or four vulnerabilities being chained together across a network in a matter of seconds, it’s a clear sign of an autonomous actor. Agencies are now briefing senior government officials because the fallout for national security and the economy could be severe if these autonomous capabilities proliferate beyond safe actors.
Keeping a high-capability model private while testing safeguards on a less risky version suggests a new industry standard for safety. What specific benchmarks must a model meet before a general release is considered responsible, and what are the long-term risks of these capabilities eventually proliferating?
The new standard, which we see with the decision to keep Mythos Preview private while testing safeguards on the Claude Opus model, requires that a model must not be able to autonomously discover and exploit zero-day vulnerabilities at a rate that outpaces human defense. A model must pass rigorous “Red Team” testing to ensure its cybersecurity reasoning cannot be easily diverted toward malicious use by unauthenticated users. The long-term risk is that as AI compute becomes cheaper and more efficient, these “frontier” capabilities will inevitably leak or be replicated by actors who do not share our commitment to safety. If these tools proliferate, we could enter an era where every major operating system is under constant, automated siege by thousands of unique, AI-generated exploits every day.
What is your forecast for AI-driven cybersecurity?
I predict that within the next two to three years, the concept of a “known vulnerability” will become a relic of the past, as AI-driven scanning will have identified and patched the vast majority of legacy flaws in major software. However, this will lead to a high-stakes “arms race” where the primary battleground moves to the speed of patching; we will see systems that autonomously detect an attack and rewrite their own source code in real-time to neutralize the threat. Ultimately, the security of the global economy will depend entirely on whether our defensive AI agents can think and react faster than the offensive agents trying to find the next zero-day flaw. It will be a world of “active defense,” where the human role shifts from being the primary defender to being the supervisor of a complex, automated security ecosystem.
