When AI can find critical software vulnerabilities faster, cheaper, and at greater scale than elite human researchers, every CISO faces the following pressing questions: How long do you have before your open-source vulnerabilities need to be patched—and how many are you tracking: ones, tens, or thousands? Is your defensive posture built for the speed and scale at which threats now emerge?
AI models can now do more than write code: they can read it, understand its intent, and pinpoint where it fails. That capability surpasses all but the most skilled humans at finding and exploiting software vulnerabilities.
Claude Mythos Preview, the frontier model at the heart of the initiative, has already found thousands of high-severity vulnerabilities, including some in major operating systems and web browsers. In some cases, these flaws survived decades of human review and millions of automated security tests.
“Organizations that move now to automate WAF enforcement with AI will turn security into a competitive advantage.”
The software that underpins banking systems, medical records, logistics networks, and power grids has always contained bugs. But finding and exploiting them used to require rare, specialized expertise. AI has dramatically lowered that cost, effort, and skill threshold. Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely.
What this means for cyber defenders
What was once a theoretical concern is now an operational reality: AI-driven vulnerability discovery is dramatically increasing in both volume and speed, compressing the window between disclosure and active exploitation.
The question facing every security organization is whether they can leverage AI on the defensive side as aggressively as adversaries will leverage it on offense. In this environment, static, signature-based defenses alone are no longer sufficient. If AI models can surface thousands of new high-severity vulnerabilities in weeks, security teams simply cannot write, test, tune, and deploy signatures fast enough to keep up manually, and not at the pace attackers will move.
The traditional web application firewall (WAF) operational cycle: triage alerts, validate with developers, implement exceptions, repeat per application and per release, becomes untenable when the vulnerability pipeline is being fed by machine intelligence. Teams already stretched thin will fall further behind, leaving organizations exposed during the exact moments they can least afford it.
Why Project Glasswing Era changes the operating model for WAF
Project Glasswing doesn't just reveal vulnerabilities; it reveals a velocity problem.
When Claude Mythos Preview can surface thousands of high-severity flaws across major operating systems and web browsers in a matter of weeks, every new vulnerability creates a race: how quickly can you detect, triage, and block exploitation attempts before attackers weaponize the finding? That race has always existed, but AI just compressed the timeline dramatically.
For WAFs specifically, this creates three compounding pressures:
1. The signature pipeline can't keep pace alone: Signatures remain essential for known threats, providing high-confidence, deterministic blocking for catalogued exploits. But signatures are reactive by design: someone must identify the vulnerability, write the rule, test it, and deploy it. When the vulnerability pipeline moves at AI speed with thousands of new findings surfacing continuously, signature-only strategy leaves widening gaps between discovery and protection.
2. The tuning tax becomes a security liability: Many WAF programs stall in a familiar place: deployed with alerts flowing, but blocking mode delayed because tuning is expensive, cross-functional, and risky. In a post-Glasswing world, that drag isn't just an operational inconvenience; it's a measurable security liability. Every week spent tuning before moving to enforcement is a week where newly discovered vulnerabilities can be exploited against unprotected applications. When AI can autonomously find and chain together kernel vulnerabilities to escalate from user access to full system control, the cost of "deployed but not enforced" has never been higher.
3. Defenders need to match AI speed with AI speed: If AI is accelerating the offensive side of the equation, the defensive side must accelerate in kind. That means security controls that can evaluate threats in real time using multiple signals, assign risk dynamically, and enforce decisions without waiting for human-in-the-loop tuning cycles.
How F5 Is responding
We saw this shift coming, which is why AI-powered WAF in F5 Distributed Cloud Services is built for this new reality. It complements signatures with multi-layered analysis, including curated signature combinations, contextual attack indicators, and real-time machine learning (ML) models—alongside zero-day attack detection to catch previously unknown threats under active exploitation, and anomaly detection to identify behavioral deviations that no signature or rule could anticipate. Each request is assigned a dynamic risk level, enabling teams to move to blocking mode faster, with fewer false positives, and without the operational complexity that stalls traditional WAF deployments.
Here are three questions every CISO should ask this quarter to evaluate readiness:
- Can you keep up with the volume? Your vulnerability management process was built for a world where new findings emerged at a human pace. When AI surfaces thousands of high-severity flaws in weeks, can your team identify, prioritize, and remediate fast enough — or does the backlog just keep growing?
- Can you detect what you've never seen, and respond in seconds? Zero-day attacks don't wait for signatures. Can your security stack detect previously unknown threats in real time, and how fast can your detection logic update when a new vulnerability drops? If the answer involves manual rule-writing and a change control process, you're already behind.
- Are you blocking or just watching? How much of your application portfolio is actively protected in blocking mode versus monitoring? Every application stuck in monitoring mode is one where you'll see the breach happen, but won't stop it. That gap is your true unmitigated attack surface.
Most enterprises have a WAF in place, but few are enforcing it. Policy tuning demands time and expertise that security teams don't have, leaving the WAF stuck in monitoring mode.
The result? A line item on your security budget that isn't actually protecting the business. As AI-powered attacks accelerate, that gap becomes an existential risk. Organizations that move now to automate WAF enforcement with AI will turn security into a competitive advantage.
To learn more about AI-powered WAF in F5 Distributed Cloud Services, visit our F5 Distributed Cloud WAF webpage.
Also, please see our previous blog post, “The patch window has closed. Here is how F5 is built for what comes next.”
About the Authors
Related Blog Posts
The patch window has closed. Here is how F5 is built for what comes next.
As AI models have changed software security, the industry needs to adapt.
Responsible AI: Guardrails align innovation with ethics
AI innovation moves fast. But without the right guardrails, speed can come at the cost of trust, accountability, and long-term value.
Best practices for optimizing AI infrastructure at scale
Optimizing AI infrastructure isn’t about chasing peak performance benchmarks. It’s about designing for stability, resiliency, security, and operational clarity
Datos Insights: Securing APIs and multicloud in financial services
New threat analysis from Datos Insights highlights actionable recommendations for API and web application security in the financial services sector
Secrets to scaling AI-ready, secure SaaS
Learn how secure SaaS scales with application delivery, security, observability, and XOps.
How AI inference changes application delivery
Learn how AI inference reshapes application delivery by redefining performance, availability, and reliability, and why traditional approaches no longer suffice.