An era where the attack is ready
before the patch arrives.
"Patch fast enough and you'll make it in time"—that assumption is starting to wobble, and the numbers are why. Research from Claude (Anthropic) revealed AI's ability to turn a security fix into a working exploit in just a few hours. We use diagrams to unpack how the timelines of attacker and defender are flipping.
The premise that
"patching fast keeps you safe"
For a long time, one unspoken premise sat at the root of security operations: after a patch (a fix) is released, it takes time before an exploit that abuses it is built—so if you apply the update quickly in that window, you can hold the line.
Until three months ago, "AI automatically turning a security patch into an exploit" was discussed as a risk in the abstract. But there was almost no concrete data on how much time and cost it would actually take, and even among practitioners on the ground, the feeling that "patch fast and you'll make it" still held.
Before the defender starts running,
the attacker is already at the exit.
The fix code is
also a blueprint for attack
A patch spells out "what was changed and how." Flip it around, and it's also a map of "where the holes were."
Anthropic published research findings showing that the Mythos Preview model can turn security patches for Firefox and the Windows kernel into a working exploit in just a few hours. What's more, the estimated cost is on the order of a few thousand dollars, reachable without the help of specialist experts.
The most striking part is the comparison of timelines. Multiple attack chains can be completed before Microsoft's auto-update even reaches the first device—a warning that the attacker side is overtaking the old premise that "it takes weeks for a patch to propagate." This is also data that quantifies the attacker's "speed," running in parallel with Project Glasswing, which advances the use of defensive AI.
From the diff of a fix
to an attack taking shape
AI reads the patch diff, pinpoints the hole, and crafts it into working code—we show that flow in three stages.
The key point is that the attacker no longer needs to "hunt for the hole from scratch." The moment a patch—a diff that reveals the answer—goes public, AI takes over the work of reading it, and the attack succeeds faster than the defense can spread. That is where the asymmetry of time is born.
It also carries weight that the targets are a widely used browser like Firefox and the Windows kernel. The very structure of waiting for updates to arrive one device at a time risks being overtaken by the attacker's speed.
"Patching fast" alone
will no longer be enough
If the premise changes, the design of the defense has to be rebuilt too. Here are the moves by role.
Engineers
Reorganize your zero-day response setup and your patch-delivery priorities. The more critical the hole, the more you need ways to shorten the "window until it reaches every device."
Business / Leadership
This affects how you build the security budget itself. It becomes a basis for shifting weight from "after-the-fact response" toward "speed until it arrives."
Product / PM
Revisit auto-update reach speed and the path for emergency delivery as product requirements. Not just "how you fix it," but "how you deliver it" becomes a competitive edge.
Don't panic, but
fix your bearings
One thing worth keeping in mind calmly: what this research assumes is "an attacker with access to Anthropic's most advanced model." It does not mean an ordinary attacker can immediately reproduce the same thing. The "direction" of the threat has been confirmed, but it is not "anyone, right now"—so the realistic reading is that there is no need to panic excessively.
That said, the fact that attacking AI and defending AI have entered a timeline where they compete on "speed" is already beyond changing. Not just delivering patches faster, but how to shrink the window until they arrive in the first place. It is fair to see the question of defense as having advanced one stage further.