Open Source is the Tip of the Iceberg: Why Proprietary Software, Hardware and Protocols Face Greater AI-Driven Security Risk

Blog

Written by

Photo of Igor Seletskiy

Igor Seletskiy

CEO, TuxCare

When Anthropic launched Project Glasswing in April 2026 – a consortium of eleven major companies deploying its Claude Mythos Preview model to find vulnerabilities in critical open-source software − the cybersecurity industry applauded. And rightfully so: Mythos discovered bugs that had hidden in heavily-audited codebases for decades.

But Glasswing’s focus on open source, while valuable, addresses the most visible part of the problem. Open-source software has always benefited from community review, etc. The software that nobody has been looking at – proprietary binaries, embedded firmware, legacy protocols, even chip microcode – carries a far larger and more dangerous accumulation of undiscovered vulnerabilities. And the same AI capabilities that make Glasswing possible are about to expose all of it.

Code that nobody looks at accumulates hidden bugs. Proprietary software operates under a fundamentally different model. Its security posture has historically relied on a simple premise: if attackers can’t read the source code, they’ll have a harder time finding bugs. This isn’t better security – it’s security by obscurity.

The Binary Barrier Is Falling

The traditional answer was it doesn’t matter because attackers can’t read proprietary source code. They only get compiled binaries – stripped of variable names, comments, and structure. That answer is becoming obsolete.

What wasn’t solved was the human bottleneck. A typical security audit covers only a fraction of a codebase – auditors triage by intuition, focus on high-risk surfaces, and leave vast swaths of code untouched. LLMs eliminate this bottleneck. Claude Mythos Preview can take a closed-source, stripped binary, reconstruct plausible source code, and systematically analyze it for vulnerabilities.

Evidence Is Already Here: Edge Devices Under Siege

This isn’t a theoretical risk. That exposure is already being collected – violently – on one category of proprietary software: network edge devices. Firewalls, VPN gateways, load balancers, and secure access appliances have experienced an unprecedented wave of critical zero-day discoveries. According to Verizon’s 2025 DBIR, exploitation of edge device vulnerabilities increased eight-fold in a single year. The median time from vulnerability disclosure to active exploitation is now zero days. The median time to patch: 30 days.

These devices were the poster children for security-through-obscurity: proprietary firmware, closed-source code, no ability to install endpoint detection agents, and internet-facing by design. They were considered secure in part because their code was hard to analyze. That assumption has collapsed. Perhaps most alarming: over 40% of exploited vulnerabilities in 2025 involved end-of-life products –devices that will never receive a patch.

The Long Tail: Where Proprietary Software Hides

The edge device crisis is a preview.

  • Hospital infusion pumps, MRI machines, and patient monitors run proprietary firmware that may not have been updated since the device was certified – sometimes a decade or more.
  • SCADA controllers and PLCs managing power grids, water treatment plants, and manufacturing lines run proprietary firmware implementing protocols designed in the 1980s.
  • A modern vehicle contains over 100 million lines of code distributed across dozens of electronic control units (ECUs), sourced from a fragmented supply chain of tier-one and tier-two suppliers.
  • Large organizations run SAP, Oracle, and custom enterprise applications with modules that haven’t been substantially rewritten in 15-20 years. Their internal codebases rarely see external security review.

Beyond Software: Protocols That Can’t Be Patched

Software vulnerabilities, however dangerous, can at least be patched. Protocol vulnerabilities are a different problem entirely – because the flaws are in the specification itself, not in any particular implementation. Fixing them means replacing the protocol.

  • SS7 (Signaling System 7), designed in the 1970s for a closed network of trusted telecom operators, carries no authentication whatsoever.
  • BGP, the protocol that routes all internet traffic, allows any network to announce any route with zero verification.
  • Industrial protocols – Modbus, DNP3, BACnet – were designed for serial links between trusted devices in isolated environments. Secure variants exist on paper (Modbus over SNMPv3 per RFC 8502; DNP3 Secure Authentication per IEC 62351), but real-world adoption is negligible.

AI changes that calculus. An LLM that can read protocol specifications, cross-reference network scan data, and understand deployment topology does not need to discover new protocol weaknesses. It needs to operationalize known ones against specific targets at scale. The economics shift from “one attacker, one target” to “one AI system, thousands of targets”

Beyond Software: Chips and Microcode

The layer beneath software presents an even more daunting challenge. And here, the common assumption – that chip-level vulnerabilities require access to chip design files — is demonstrably wrong. Every major CPU vulnerability discovered in the past decade was found without access to the manufacturer’s hardware design.

  • Spectre and Meltdown were discovered through timing measurements and deep reasoning about speculative execution, building on years of academic cache side-channel research and working from public architecture manuals.
  • Google’s Reptar was found through targeted instruction fuzzing — testing how CPUs handle unusual instruction sequences and redundant prefixes.
  • Downfall was found by methodically testing memory-accessing Gather instructions for transient execution data leakages.

These approaches – reasoning about architectural documentation, behavioral observation, intelligent fuzzing – are precisely the tasks that LLMs accelerate. The critical difference from software: you cannot simply patch a chip. Microcode updates are partial mitigations that often carry performance penalties. Silicon-level flaws cannot be fixed without a new chip revision.

The Force Multiplier: Cross-Layer Exploit Chaining

Each layer of vulnerability – software, protocols, hardware – is concerning on its own. The compounding danger emerges when AI systems begin chaining vulnerabilities across layers. The next frontier is chains that span layers entirely:

  • Protocol implementation bugs that trigger a microarchitectural side channel.
  • Firmware vulnerabilities that expose a cryptographic key used by a flawed protocol.
  • Browser exploits that leverage a CPU speculation bug to escape a sandbox.

Human exploit developers rarely achieve this because cross-domain expertise is rare.

What Needs to Change

Project Glasswing is a good start. But it addresses the most visible and already best-defended category of software. The industry’s response needs to be broader:

  • Assume obscurity provides zero protection. Any organization shipping proprietary binaries, embedded firmware, or custom protocol implementations should operate under the assumption that AI-powered analysis will find their vulnerabilities — if it hasn’t already. Security-through-obscurity is now a failed strategy.
  • Extend AI-powered auditing into the long tail. Glasswing already partners with major vendors – AWS, Microsoft, Cisco, Broadcom, NVIDIA, JPMorgan – to scan proprietary codebases, which proves the approach works. But these are the head of the distribution: well-resourced companies with security budgets and strong incentives to engage. The real exposure sits in the long tail — thousands of organizations whose code has never been independently reviewed, whose installed bases run for decades, and who have no existing relationships with AI security firms.
  • Prioritize the systems that can’t be patched quickly. Software can be updated in hours. Firmware updates take weeks to months and protocol changes take years. Silicon can’t be fixed at all. Defensive investment should be weighted toward the layers where remediation is slowest, because those are the layers where discovered vulnerabilities persist longest. With over 40% of exploited vulnerabilities targeting end-of-life products that will never be patched, the installed base of unpatchable systems is itself an attack surface.
  • Prepare for cross-layer attacks. Security teams organized in silos – network security, application security, and hardware security – will miss the attack chains that cross boundaries. Red teams need to develop cross-domain thinking, or more practically, deploy AI systems that already think cross-domain.
  • Close the response gap for edge devices. The industry-wide picture is uneven – for most CVEs, defenders still have days or weeks before exploitation becomes widespread. But for critical vulnerabilities in internet-facing edge devices, the median time from disclosure to exploitation is now zero days while median time to patch is 30. Organizations that cannot patch those devices within hours, not weeks, need compensating controls that assume the devices are compromised.

The era in which hidden code meant hidden bugs is ending. The edge device crisis of 2024-2026 is the early tremor. Project Glasswing illuminates one corner of the landscape. The rest of the iceberg – proprietary firmware, legacy protocols, chip microcode, and the cross-layer chains that connect them – is still underwater, and it is considerably larger than what’s visible above the surface.

Brought to you by

You may also like

  1. Trusted Contributor Plants Sophisticated Backdoor in Critical Open-Source Library

    News

  2. Securing Linux Systems in a New Vulnerable World

    Opinion

  3. Three Pillars of Docker Security: Visibility, Identification & Tracking

    Opinion

  4. Anthropic Rolls Out Claude Security for AI Vulnerability Scanning

    News

  5. Google OSS-Fuzz Harnesses AI to Expose 26 Hidden Security Vulnerabilities

    News

What’s Hot on Infosecurity Magazine?