AI, Project Glasswing and DNS: Beyond Vulnerabilities

The report warns that powerful AI models (Anthropic’s Mythos/Glasswing) can rapidly find both software zero‑days and pervasive configuration failures—particularly DNS misconfigurations (lame delegations, dangling CNAMEs)—which are already being exploited at scale by actors such as Vacant Viper and related “Vipers/Hawks” campaigns (Sitting Ducks). It argues defenders must adopt AI‑driven, automated visibility and remediation across vulnerabilities and configuration hygiene (DNS, cloud, IAM, networking) and bake safety, governance and reversible automation into that strategy to avoid attackers weaponizing the same capabilities.