Cyber defense is entering a machine-speed era. With Anthropic's Mythos and Project Glasswing bringing AI-driven vulnerability discovery and exploit development into the center of the cyber conversation, CrowdStrike's Drew Bagley says organizations need to prepare for a world where vulnerabilities can be found, chained, and exploited faster than traditional patching cycles can handle. Bagley joins Frank Cilluffo to explain why this shift is not just about one model, one company, or one headline-grabbing project. It points to a broader change in how attackers and defenders will operate: exploit stacks may make once-latent vulnerabilities newly dangerous, critical infrastructure operators may face risks they cannot patch away, and unmanaged AI agents inside organizations may become another source of exposure. The answer, Bagley argues, is not panic or patching alone, but continuous discovery, continuous remediation, visibility across the kill chain, AI-powered defense, and resilience planning built for a world moving faster than human-speed cyber. Main Topics Covered Mythos, Project Glasswing, and AI-driven vulnerability discovery Why exploit stacks change how organizations should think about risk Continuous patching, prioritization, and machine-speed defense Critical infrastructure, OT systems, and unpatchable legacy technology AI agents, unmanaged access, and the next insider-style risk Key Quotes "We're now in an era in which AI has been proven to be able to find vulnerabilities and write exploits at scale much quicker than humans can." — Drew Bagley "We should think about this as an opportunity to think through this problem set now and assume that this is going to be just a widespread capability pretty soon." — Drew Bagley "Previously latent [OT] vulnerabilities… [relied on] security through obscurity. That's no longer the case. And now those are exploitable." — Drew Bagley "If you don't have visibility and you can't see the risk, then you can't mitigate the risk." — Drew Bagley "It's important to think about the ways in which AI has been incorporated over the past two years, especially in organizations to get work done better, but in ways that have often been unmanaged where AI has access to things you wouldn't give an intern access to." — Drew Bagley Relevant Links and Resources Anthropic's Project Glasswing CrowdStrike's Project Quiltworks Guest Bio: Drew Bagley is CrowdStrike's Chief Privacy Officer, where he leads the company's privacy and public policy work. In his 12 years at CrowdStrike, he has helped shape the company's approach to data protection, cybersecurity policy, and engagement with government leaders as CrowdStrike grew into a global cybersecurity company.
