Artificial intelligence is no longer just a productivity multiplier. It is becoming a force multiplier for cybersecurity, and potentially for cyber risk.

In Episode 366 of The 443, Marc Laliberte and Corey Nachreiner discuss three developments that together paint a clear picture of where the industry is heading. Anthropic’s Project Glasswing suggests AI may be approaching a new level of capability in vulnerability discovery. FrostArmada shows that consumer routers remain an attractive target for sophisticated threat actors. And Chrome 146’s new session protection points to a future in which hardware-backed identity becomes increasingly important in defending against account compromise.

These are not isolated stories. They are signals of a broader shift. Security teams are entering a period in which discovery is faster, attack opportunities are wider, and defensive controls will need to become more resilient at both the infrastructure and identity layers.

Project Glasswing Is More Than Another AI Headline

The biggest development in the episode is Anthropic’s Project Glasswing, which the company describes as an initiative to give a select group of major technology companies and critical infrastructure organizations early access to its Claude Mythos model for defensive security use. According to the discussion, Anthropic claims the model is exceptionally effective at finding and exploiting vulnerabilities and has already identified thousands of high-severity flaws across major operating systems and web browsers. Rather than release it publicly, the company is reportedly limiting access so defenders can use it to identify and remediate vulnerabilities first.

If that claim proves directionally true, it matters.

Security leaders have long expected AI to accelerate vulnerability research. The real question was never whether it would happen, but when it would start happening at a level that materially changes security operations. Project Glasswing suggests that the moment may be arriving faster than many expected. Even if the usual AI industry hype amplifies some of the surrounding narrative, the trend itself is credible. AI models are improving rapidly, and security-related tasks like code analysis, exploit path discovery, and vulnerability reproduction are becoming increasingly practical use cases.

That should get the attention of defenders for one simple reason: finding vulnerabilities is becoming easier. Fixing them at scale is not.

The Real Risk Is Speed

One of the most important insights from the discussion is that this is not just a story about better AI. It is a story about operational pressure.

As vulnerability discovery becomes faster, organizations may have to respond to more findings, more often, and with less time to spare. Marc notes that the advice to customers remains straightforward: organizations should already have strong patch management processes, but they should also be prepared for more rapid and more frequent updates as these tools improve. That applies not only to software but also to firmware and hardware-based infrastructure.

This is where many security teams could feel the strain first.

A future shaped by AI-assisted vulnerability discovery means the bottleneck shifts downstream. Triage, validation, prioritization, patch development, testing, and deployment all become more critical. If the pace of discovery increases faster than the pace of remediation, the result is not simply better visibility. It is a growing backlog of exploitable risk.

That is why patch management should no longer be treated as a background IT function. It is a core security discipline, and one that is likely to become even more important as AI continues to compress timelines.

AI Will Create More Signal, but Also More Noise

There is another complication here, and security teams are already starting to feel it.

Better models do not just produce more useful findings. They can also produce more garbage. In the episode, Marc points to a growing volume of AI-generated vulnerability reports that appear plausible but fail under closer review. He also references wider industry fallout from AI hallucinations and low-quality submissions overwhelming bug bounty programs.

That distinction matters.

The challenge ahead is not simply discovering more vulnerabilities. It is separating legitimate findings from false positives quickly enough to act on them. Without better validation workflows, teams risk getting buried under volume just as the stakes begin to rise. In other words, AI may improve vulnerability discovery while simultaneously making security operations noisier.

That is not a reason to dismiss the technology. It is a reason to build the processes around it more carefully.

FrostArmada Is a Reminder That Edge Devices Still Matter

The second story covered in the episode is FrostArmada, a campaign attributed to a Russian GRU-linked actor that reportedly compromised up to 40,000 consumer routers. According to the discussion, the attackers targeted exposed web interfaces on TP-Link and MikroTik devices, changed DNS settings, and redirected victims to attacker-controlled infrastructure. When victims clicked through certificate warnings, attackers could steal OAuth session tokens and use them to compromise accounts. The reported victim set included ministries, law enforcement, and other organizations across multiple regions.

This is a strong reminder that routers remain a highly relevant attack vector.

Consumer and prosumer networking equipment often falls outside the rigor of enterprise patching and monitoring. These devices may sit exposed to the internet, retain weak administrative credentials, or go long periods without firmware updates. That makes them especially attractive to threat actors, particularly in an environment where remote and hybrid work continue to blur the line between home networks and enterprise exposure.

The takeaway is not limited to the affected brands in this case. It is broader than that. Organizations should treat router hygiene as part of modern cyber defense. That means promptly updating firmware, restricting unnecessary internet-facing management access, enforcing stronger credentials, and recognizing that a poorly secured edge device can become a stepping stone to more sensitive targets.

Chrome 146 Shows Where Session Security Is Going

The final topic in the episode offers a more encouraging signal.

Google Chrome 146 introduces device-bound session credentials, a feature designed to make session hijacking more difficult. As Marc described, the approach uses hardware-backed security, such as a Trusted Platform Module or equivalent secure hardware, to bind refresh tokens to the device itself. That means an attacker who steals a token cannot easily use it from another machine unless they also possess the corresponding hardware-bound key.

This does not eliminate the risk of session theft entirely. Access tokens can still be abused in some scenarios, and attacks involving malware on the endpoint during session registration remain possible. Still, it is a meaningful improvement over a model where stolen session material is far more portable and reusable.

More importantly, it points toward a direction the industry should embrace: stronger ties between identity, session trust, and hardware-backed verification.

Attackers have become more effective at bypassing traditional login protections. They steal credentials, intercept tokens, and exploit trusted sessions rather than brute-forcing authentication every time. That means the next generation of defense cannot rely only on passwords, even strong ones, or on standalone MFA prompts. It needs deeper trust signals, and device integrity is one of the strongest available.

The Bigger Message for Security Teams

Taken together, these three stories point to the same conclusion.

Cybersecurity is entering a faster era. AI may soon accelerate vulnerability discovery beyond what many organizations are prepared to handle. Edge devices remain a soft target, especially when they are poorly maintained. And browser and identity vendors are now moving to reduce the value of stolen session data because attackers are increasingly targeting what happens after authentication.

That means security teams need to focus on readiness, not reaction.

Patch management needs to be tighter. Infrastructure hygiene needs to extend to routers and remote environments. Identity and session security need to evolve beyond legacy assumptions. And teams need to prepare for a world where both defenders and attackers have access to increasingly capable AI tools.

The good news is that none of this calls for panic. It calls for discipline.

The organizations that build faster remediation processes, maintain stronger edge security, and adopt smarter identity protections will be in the best position to handle what comes next.