Don’t worry, be happy! I was just trying to scare you with all that doom and gloom.

The same AI systems that can find vulnerabilities can also fix them.

The same AI tools that can write exploits can write patches.

The same machine intelligence that helps attackers break into systems can help defenders seal the doors faster than ever before.

This is the strange symmetry at the heart of the current crisis. Claude Mythos is not a demon summoned from the underworld. It’s a power tool - an absurdly powerful one, yes, but still a tool. A plasma cutter can be used to break into a bank vault or rescue trapped earthquake victims. AI coding systems are developing the same moral ambiguity.

And now the software industry is racing to use those tools before the attackers get too far ahead.

We are entering the era of the Patch Deluge.

Microsoft released a near-record number of security patches in April and May for Windows, Office, and its cloud ecosystem. Firefox resolved a whopping 423 vulnerabilities in April shortly after it began evaluating Claude Mythos - roughly fifteen times more than a year earlier. On May 8, Google started rolling out updates to the Chrome browser that fixed an astonishing 127 security flaws - up from just 30 the previous month.

Today every company that produces software is evaluating their work with AI assistance. The largest developers are using Claude Mythos behind closed doors for a temporary and likely short-lived advantage but the overall impact is already apparent: software companies are issuing updates faster and more frequently than ever before. Security teams in 2026 resemble emergency rooms during a disaster movie. Alerts flash constantly. AI systems triage incoming vulnerabilities. Candidate repairs are generated in minutes instead of weeks.

Microsoft’s note about its updates explicitly tells customers they cannot afford to delay applying these updates. “The pace and breadth of vulnerability discovery are increasing across the software industry, and that is unlikely to slow in the near term. . . . Patches can be studied and reasoned about faster. Customers who apply them well, and apply them quickly, will be materially better positioned than those who do not.”

Someone still has to install all those patches. Enterprises have famously moved slowly to update their central servers and employee workstations. IT departments scheduled maintenance windows. Administrators waited cautiously before installing updates because patches themselves sometimes caused problems. Entire corporate cultures developed around delaying updates until someone else discovered whether they would break accounting software or crash a payroll server or accidentally cause the office printer to begin speaking in tongues.

The global IT workforce is about to experience the technological equivalent of trying to drink from a fire hose connected directly to Niagara Falls.

Attackers understand perfectly well that this golden age of exploitable software vulnerabilities may not last forever. If AI systems become exceptionally good at detecting and repairing flaws quickly, the enormous vulnerable surface area of the modern internet may begin shrinking for the first time in decades.

That creates a powerful incentive for attackers to move aggressively right now.

Imagine burglars learning that an entire city is about to replace every lock, install smart alarms, reinforce every window, and hire patrol drones that never sleep. The burglars would not shrug philosophically and take up knitting. They would smash as many windows as possible before the upgrades are complete.

That is roughly where we are today. Everywhere there are computers, there will be pressure to update faster.

That sounds straightforward but patching large systems is extraordinarily difficult. Modern organizations run sprawling digital ecosystems filled with ancient software, mysterious dependencies, forgotten hardware, and custom systems held together with baling wire and superstition.

Some hospital somewhere is probably still running software originally designed during the Clinton administration because replacing it would require recertifying expensive medical equipment. Some municipal water system probably relies on a computer whose manufacturer no longer exists. Some giant corporation undoubtedly has a critical business process depending on a spreadsheet created by a long-retired employee named Gary in 2009.

Think about this problem next time you visit your dentist who still uses an office system running on Windows 98, or the next time the broken arrival/departure board at the airport displays a Windows NT error message from 1996. The transition requires overcoming decades of procrastination.

The idea of perfectly secure software has generally been treated as unattainable and unrealistic, like accurate weather forecasts, or political conversations that end in mutual respect.

AI changes the equation.

Future software may be under relentless AI scrutiny every hour of every day. AI systems could automatically inspect code before release, test edge cases, monitor running systems for suspicious behavior, and isolate compromised components before attacks spread. Operating systems may eventually include self-healing features that repair vulnerabilities or quarantine damaged systems automatically.

Some of this already exists in primitive form. Current AI security systems can detect subtle network anomalies, identify suspicious behavior, and process millions of events simultaneously without fatigue. Human analysts sleep. AI systems do not.

The long-term goal is not perfection. There will always be attacks, mistakes, and failures. But the industry is beginning to imagine software becoming dramatically safer over time, much as aviation became far safer through layers of automation, monitoring, testing, and engineering discipline.

Ironically, Claude Mythos may help create the very world that eventually limits the usefulness of tools like Claude Mythos. A system capable of finding ancient hidden flaws is also capable of helping eliminate them.

Current forms of hacking will become economically pointless. Cybercrime would again require increasingly sophisticated resources and expertise, pushing casual attackers out of the ecosystem entirely. Nation-state attacks would still exist, of course. Governments will continue spying on one another until the heat death of the universe because apparently we are all committed to certain traditions.

The world’s digital infrastructure was not designed for this pace of change. Many organizations remain understaffed, underfunded, technologically outdated, or politically dysfunctional. Government cuts to cybersecurity programs have weakened defenses precisely when pressure is increasing. Critical systems everywhere remain exposed.

Humans remain gloriously unpredictable creatures. We click suspicious links. We reuse passwords. We ignore warnings. We postpone updates because a restart would interrupt streaming television at a critical dramatic moment. A perfectly secure computer system is still vulnerable if a human voluntarily opens the gates.

The next few years may feel like rebuilding an aircraft engine while the plane is flying through turbulence over shark-infested volcanoes. 

But the destination still matters. For the first time, it is possible to imagine a future where software systems become steadily harder to exploit instead of steadily more fragile.

When Anthropic announced Claude Mythos, this was its conclusion:

“Once the security landscape has reached a new equilibrium, we believe that powerful language models will benefit defenders more than attackers, increasing the overall security of the software ecosystem. The advantage will belong to the side that can get the most out of these tools. In the short term, this could be attackers, if frontier labs aren’t careful about how they release these models. In the long term, we expect it will be defenders who will more efficiently direct resources and use these models to fix bugs before new code ever ships. But the transitional period may be tumultuous regardless.”

During the transition, there will be attacks and disasters. There will be moments when entire industries discover that a critical cloud provider accidentally turned itself into digital soup during a software rollout. But for the first time, many cybersecurity researchers are beginning to dream of bug-free software and effective defenses against well-armed attackers.

We’re staring into the abyss but there is a bridge across it to a brighter and more secure future, if we have faith and work diligently and quickly. Can we make it across the bridge?