AI is rapidly changing application security...
AI is changing application security in several ways. For example, it is helping both attackers and researchers find vulnerabilities faster. Anthropic and Mozilla reported that Claude Opus 4.6 found 22 Firefox vulnerabilities in two weeks, including 14 high-severity issues.
Today Anthropic launched Project Glasswing, a coordinated defensive initiative with targeted launch partners. At the centre of it is Claude Mythos Preview, an unreleased frontier model that has already found thousands of zero-day vulnerabilities - including bugs in every major operating system and every major web browser, some of them decades old and missed by millions of automated tests. Mythos Preview doesn't just find vulnerabilities; it can exploit them. It autonomously wrote a 20-gadget ROP chain for a 17-year-old FreeBSD remote code execution bug, and chained together multiple Linux kernel vulnerabilities to achieve full privilege escalation. Engineers at Anthropic with no formal security training asked it to find remote code execution vulnerabilities overnight and woke up to a complete, working exploit.
AI is also helping teams produce more code, faster - but without solving the security problem. Veracode’s Spring 2026 GenAI Code Security Update reports that while AI coding assistants now achieve syntax correctness rates exceeding 95%, their latest testing reveals that security pass rates remain stuck at approximately 55% - virtually identical to where they stood two years ago.
At the same time, Google Cloud Security says the window between vulnerability disclosure and active exploitation collapsed by an order of magnitude, from weeks to days, in the second half of 2025.
All of this changes the equation. If vulnerabilities are found faster, code is changing faster, and exploit windows are shrinking, waiting for the next sprint or patch cycle is not enough.
The practical answer is to neutralise the exploitable path immediately.
That is why RedShield’s service develops and deploys tailored in-flight patches (“Shields”) that can rewrite application requests and responses, inject missing controls, and make the exploit ineffective before it reaches the application.
In an AI-accelerated threat environment, this matters even more: the most reliable way to deal with rapidly weaponised vulnerabilities is to make them unexploitable at the edge. Relying on a classification-and-filtering tool, like a Web Application Firewall (WAF), is no longer enough…
