Zscaler Points to 500 Billion Daily Transactions as AI Finds Thousands of New Software Flaws

Context The AI model, part of Anthropic’s Project Glasswing, reads code like a skilled researcher and can chain weaknesses to produce working exploits in hours. Zscaler, which collaborates on the project, says the speed of AI‑driven discovery outpaces traditional patch cycles, making exposed applications increasingly risky. The model’s ability to scan every internet‑face surface in parallel means legacy defenses that rely on human‑speed detection are no longer sufficient.

Key Facts - Zscaler handles more than 500 billion transactions each day and hundreds of trillions of telemetry signals. - Forty percent of the Global 2000 enterprises rely on Zscaler to run their operations. - Mythos Preview has uncovered thousands of high‑severity flaws across major OSes and browsers, many of which correspond to recently disclosed CVEs.

Implications The ability of AI to find and weaponize vulnerabilities at machine speed means defenders can no longer rely on reactive patching alone. Organizations should adopt a Zero Trust model that hides applications from the public internet, eliminating the attack surface that AI scanners can exploit. When an application has no public IP or open port, even a flaw cataloged in a CVE database cannot be reached by an adversary.

Mitigations Enforce identity‑based access controls so only verified users and devices can reach internal resources. Disable inbound internet exposure for internal apps and rely on a brokered connection model like Zscaler Private Access. Deploy inline inspection that distinguishes benign traffic from AI‑driven reconnaissance using the platform’s massive signal volume. Monitor for anomalous data exfiltration by autonomous AI agents, applying guardrails that block sensitive data leaving SaaS, private apps, email, or encrypted traffic. Prioritize patching of CVEs flagged by the model, test detections against MITRE ATT&CK techniques T1046 (Network Service Scanning) and T1059 (Command‑Line Interpreter), and review Zscaler advisory ZS‑2024‑001 for updated Zero Trust policy templates.

What to watch next Watch for further disclosures from Project Glasswing on additional AI‑found flaws and for Zscaler’s updates to its Zero Trust Exchange policies as adversaries begin to leverage similar AI capabilities.