By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information.
PreferencesDenyAccept
Blog

The Threat Landscape Just Changed. Has Your Identity Program?

Project Glasswing is a signal that AI-driven threats are now operating at a speed and scale no human team can match. While attackers accelerate, most Identity programs still rely on manual cycles and delayed remediation. That gap is no longer operational, it's a security risk. Closing it requires a new model: identity execution that moves as fast as the threats it is meant to stop.

Benny Porat, Co-Founder and CEO
Benny Porat, Co-Founder and CEO
Author
The Threat Landscape Just Changed. Has Your Identity Program?

A few weeks ago, Anthropic announced Project Glasswing. If you have not read about it, here is the short version: a frontier AI model called Claude Mythos has identified thousands of zero-day vulnerabilities across every major operating system and web browser. Anthropic put it to work for defenders before attackers could get there first.

The specifics are worth sitting with. A 27-year-old bug in OpenBSD that allows a remote crash of any host over TCP. A 16-year-old flaw in FFmpeg that survived five million fuzzer runs without detection. A 17-year-old vulnerability in FreeBSD's NFS server that lets an unauthenticated attacker gain complete root access. Bugs that had been hiding in plain sight for decades, found in weeks.

It is a smart move. And it is a signal the IAM community needs to take seriously.

Mythos doesn't just suggest where vulnerabilities might exist. It finds them, understands them, and can develop exploits for them autonomously. This is AI operating at a speed and scale no human team can match.

Offensive capability has crossed a threshold. Defensive capability needs to follow.

The problem most IAM programs have right now

Most enterprise identity programs were designed around human execution cycles. Quarterly access reviews. Tickets resolved over days or weeks. Remediation that happens after the audit, not before.

That was always a gap. Now it is a liability.

When AI can probe your attack surface faster than your team can process a user access review, the Identity Execution Gap stops being an operational problem. It becomes a security risk. The time between a finding and a fix is exactly the window an attacker needs.

Think about the failure modes that already exist in most programs today:

  • Access reviews get completed. Risk does not change.
  • MFA gets deployed. It still gets bypassed.
  • IGA platforms go live. Access still drifts.

These are not tool failures. They are execution failures. And in a world where the threat is moving at AI speed, execution failures are what attackers exploit.

Consider this: over 99% of the vulnerabilities Glasswing has found remain unpatched. The model discovers them faster than teams can act on them. That is the execution gap at the code layer. The exact same gap exists in identity.

AI is raising the capability of every actor. Keeping up means closing the execution gap with an AI response of your own.

What the response has to look like

The answer is not more dashboards or more tools your team doesn’t have time to act on. It’s AI that executes at the speed of the threat.

  • AI that doesn’t just flag orphaned accounts - it works with the business unit to update or disable them.
  • Doesn’t surface access drift - it fixes it.
  • Doesn’t generate review tasks - it completes them, handles exceptions, and closes the loop, under your team’s control.

That’s what we’ve built at Twine: AI Digital Employees.

Defenders that understand your environment, know your intent, and take action at machine speed, with human oversight.

How Twine's Digital Employee 'Alex' works in your environment

Alex, our first AI Digital Employee, joins enterprise identity teams as a hands-on operator. Not a copilot. Not a dashboard. An employee.

Alex learns your environment: your roles, your approval chains, your business context, your policies. Then it works. It resolves tickets. It cleans identity data. It accelerates access reviews. It remediates the findings that have been sitting in backlogs for weeks, all with human-in-the-loop controls at every step, so your team stays in command of every decision that matters.

Teams typically have their first use case in production within three weeks. After deploying Alex, customers often see:

Alex closes the time between knowing and doing.

Project Glasswing is a reminder that the threat does not wait for your next UAR cycle. Your defense should not either.

The shift we need to make

Identity programs have always operated in a gap between policy and execution. For a long time, that gap was manageable. It was contained through audits, controls, and periodic reviews.

That calculus is changing.

AI is raising the capability of every actor in the threat landscape, offensive and defensive. The teams that close the Identity Execution Gap with AI of their own will be better positioned. The ones that do not will be operating slower than the risk they are managing.

We built Twine because we believe the gap is closable. Not with more tooling. With execution.

Benny Porat, Co-Founder and CEO
Benny Porat, Co-Founder and CEO
Author

Ready to maximize your cyber team’s efficiency with our first Digital Employee, Alex?

Book a Demo