AI Security Risks in Proprietary Software, Hardware, and Protocols
▼ Summary
– Project Glasswing, an AI consortium, successfully found long-hidden bugs in open-source software, but this addresses only the most visible part of the problem.
– Proprietary software, firmware, and legacy protocols rely on security through obscurity, which is now obsolete as AI can reconstruct and analyze binary code.
– Network edge devices have seen an eight-fold increase in zero-day exploitation, with a median time of zero days from disclosure to exploitation and 30 days to patch.
– Vulnerabilities exist in unpatchable layers like chip microcode (e.g., Spectre) and protocol specifications (e.g., SS7), which require replacement rather than patching.
– AI enables cross-layer exploit chaining, combining software, protocol, and hardware flaws, which human attackers rarely achieve due to lack of cross-domain expertise.
When Anthropic launched Project Glasswing in April 2026, bringing together eleven major companies to deploy its Claude Mythos Preview model for uncovering vulnerabilities in critical open-source software, the cybersecurity world applauded. And for good reason: Mythos found bugs that had hidden in heavily-audited codebases for decades.
Yet Glasswing’s focus on open source, while valuable, only scratches the surface of a much deeper problem. Open-source software has long benefited from community review, but the code nobody has been examining,proprietary binaries, embedded firmware, legacy protocols, and even chip microcode,contains a far larger and more dangerous accumulation of undiscovered vulnerabilities. The same AI capabilities enabling Glasswing are about to expose all of it.
Code that remains unexamined accumulates hidden flaws. Proprietary software operates under a fundamentally different security model. Its posture has historically relied on a simple premise: if attackers can’t read the source code, finding bugs becomes harder. This isn’t stronger security,it’s security by obscurity.
The Binary Barrier Is Falling
The traditional defense was that attackers can’t access proprietary source code. They only see compiled binaries, stripped of variable names, comments, and structure. That answer is becoming obsolete.
What remained unsolved was the human bottleneck. A typical security audit covers only a fraction of a codebase,auditors triage by intuition, focus on high-risk surfaces, and leave vast areas untouched. LLMs eliminate this bottleneck. Claude Mythos Preview can take a closed-source, stripped binary, reconstruct plausible source code, and systematically analyze it for vulnerabilities.
Evidence Is Already Here: Edge Devices Under Siege
This isn’t a theoretical risk. That exposure is already being collected,violently,on one category of proprietary software: network edge devices. Firewalls, VPN gateways, load balancers, and secure access appliances have experienced an unprecedented wave of critical zero-day discoveries. According to Verizon’s 2025 DBIR, exploitation of edge device vulnerabilities increased eight-fold in a single year. The median time from vulnerability disclosure to active exploitation is now zero days. The median time to patch: 30 days.
These devices were poster children for security-through-obscurity: proprietary firmware, closed-source code, no endpoint detection agents, and internet-facing by design. They were considered secure partly because their code was hard to analyze. That assumption has collapsed. Perhaps most alarming: over 40% of exploited vulnerabilities in 2025 involved end-of-life products,devices that will never receive a patch.
The Long Tail: Where Proprietary Software Hides
The edge device crisis is just a preview.
Hospital infusion pumps, MRI machines, and patient monitors run proprietary firmware that may not have been updated since device certification,sometimes a decade or more.
SCADA controllers and PLCs managing power grids, water treatment plants, and manufacturing lines run proprietary firmware implementing protocols designed in the 1980s.
A modern vehicle contains over 100 million lines of code distributed across dozens of electronic control units (ECUs), sourced from a fragmented supply chain of tier-one and tier-two suppliers.
Large organizations run SAP, Oracle, and custom enterprise applications with modules that haven’t been substantially rewritten in 15-20 years. Their internal codebases rarely see external security review.
Beyond Software: Protocols That Can’t Be Patched
Software vulnerabilities, however dangerous, can at least be patched. Protocol vulnerabilities are a different problem entirely,because the flaws are in the specification itself, not in any particular implementation. Fixing them means replacing the protocol.
SS7 (Signaling System 7), designed in the 1970s for a closed network of trusted telecom operators, carries no authentication whatsoever.
BGP, the protocol that routes all internet traffic, allows any network to announce any route with zero verification.
Industrial protocols,Modbus, DNP3, BACnet,were designed for serial links between trusted devices in isolated environments. Secure variants exist on paper, but real-world adoption is negligible.
AI changes that calculus. An LLM that can read protocol specifications, cross-reference network scan data, and understand deployment topology doesn’t need to discover new protocol weaknesses. It needs to operationalize known ones against specific targets at scale. The economics shift from “one attacker, one target” to “one AI system, thousands of targets.”
Beyond Software: Chips and Microcode
The layer beneath software presents an even more daunting challenge. The common assumption,that chip-level vulnerabilities require access to chip design files,is demonstrably wrong. Every major CPU vulnerability discovered in the past decade was found without access to the manufacturer’s hardware design.
Spectre and Meltdown were discovered through timing measurements and deep reasoning about speculative execution, building on years of academic cache side-channel research and working from public architecture manuals.
Google’s Reptar was found through targeted instruction fuzzing,testing how CPUs handle unusual instruction sequences and redundant prefixes.
Downfall was found by methodically testing memory-accessing Gather instructions for transient execution data leakages.
These approaches,reasoning about architectural documentation, behavioral observation, intelligent fuzzing,are precisely the tasks that LLMs accelerate. The critical difference from software: you cannot simply patch a chip. Microcode updates are partial mitigations that often carry performance penalties. Silicon-level flaws cannot be fixed without a new chip revision.
The Force Multiplier: Cross-Layer Exploit Chaining
Each layer of vulnerability,software, protocols, hardware,is concerning on its own. The compounding danger emerges when AI systems begin chaining vulnerabilities across layers. The next frontier is chains that span layers entirely:
- Protocol implementation bugs that trigger a microarchitectural side channel.Human exploit developers rarely achieve this because cross-domain expertise is rare.
What Needs to Change
Project Glasswing is a good start. But it addresses the most visible and already best-defended category of software. The industry’s response needs to be broader:
Assume obscurity provides zero protection. Any organization shipping proprietary binaries, embedded firmware, or custom protocol implementations should operate under the assumption that AI-powered analysis will find their vulnerabilities,if it hasn’t already. Security-through-obscurity is now a failed strategy.
Extend AI-powered auditing into the long tail. Glasswing already partners with major vendors,AWS, Microsoft, Cisco, Broadcom, NVIDIA, JPMorgan,to scan proprietary codebases, proving the approach works. But these are the head of the distribution: well-resourced companies with security budgets and strong incentives to engage. The real exposure sits in the long tail,thousands of organizations whose code has never been independently reviewed, whose installed bases run for decades, and who have no existing relationships with AI security firms.
Prioritize the systems that can’t be patched quickly. Software can be updated in hours. Firmware updates take weeks to months and protocol changes take years. Silicon can’t be fixed at all. Defensive investment should be weighted toward the layers where remediation is slowest, because those are the layers where discovered vulnerabilities persist longest. With over 40% of exploited vulnerabilities targeting end-of-life products that will never be patched, the installed base of unpatchable systems is itself an attack surface.
Prepare for cross-layer attacks. Security teams organized in silos,network security, application security, and hardware security,will miss the attack chains that cross boundaries. Red teams need to develop cross-domain thinking, or more practically, deploy AI systems that already think cross-domain.
Close the response gap for edge devices. The industry-wide picture is uneven,for most CVEs, defenders still have days or weeks before exploitation becomes widespread. But for critical vulnerabilities in internet-facing edge devices, the median time from disclosure to exploitation is now zero days while median time to patch is 30. Organizations that cannot patch those devices within hours, not weeks, need compensating controls that assume the devices are compromised.
The era in which hidden code meant hidden bugs is ending. The edge device crisis of 2024-2026 is the early tremor. Project Glasswing illuminates one corner of the landscape. The rest of the iceberg,proprietary firmware, legacy protocols, chip microcode, and the cross-layer chains that connect them,is still underwater, and it is considerably larger than what’s visible above the surface.
(Source: Infosecurity Magazine)
