The coordinated disclosure model that has governed vulnerability reporting for the last twenty years is one of the quiet successes of modern security. A researcher finds a bug. They report it privately to the vendor. The vendor gets 90 days (typically) to develop and ship a patch. Then the bug becomes public, the CVE gets assigned, the world updates. It works because the volume is bounded by human researcher time, and the receiving end, vendor security teams, CVE infrastructure, customer notification systems, is sized for that bounded volume.
Now consider what happens when the volume stops being bounded.
An AI agent in the hands of a sufficiently motivated researcher can find thousands of zero-day vulnerabilities in a major product over a weekend. Mythos has already done it. The Glasswing coalition members are about to test what coordinated disclosure looks like when the inflow rate per researcher goes from "a few bugs per year" to "a few thousand bugs per quarter." The early answer is: it does not look like coordinated disclosure as we have known it.
Vendors cannot patch that fast. Microsoft, Google, Apple, even at full security-engineering scale, have patch release cadences calibrated for an inflow measured in hundreds per year, not thousands per quarter. The patch development cycle is rate-limited by code review, regression testing, and deployment validation, all of which take human time that does not scale linearly with inflow. The receiving end of coordinated disclosure was never a bottleneck before because the sending end was always small.
Researchers cannot responsibly sit on stockpiles. The 90-day window assumes the researcher is holding one bug, perhaps a small handful, while the vendor patches. What is the responsible disclosure timeline when the researcher is holding 4,000 bugs in active products? "Wait 90 days for each one" implies the researcher sits on a stockpile for years, which is itself a security risk. "Disclose them all at once" overwhelms the vendor and creates a mass exposure event. Neither answer is responsible. Both are inevitable in some form.
Governments will have opinions. The right of a private actor to discover, hold, and selectively disclose vulnerabilities at scale is going to become a regulatory question very quickly. Expect explicit rules about how AI-discovered vulnerabilities can be disclosed, by whom, on what timeline. Expect those rules to differ across jurisdictions in ways that create compliance complexity for everyone involved. The current consensus that "responsible disclosure is a community norm, not a regulation" was always contingent on the volume staying small enough that regulation seemed unnecessary.
The CVE/CVSS infrastructure itself was built for human-scale flow rates. CVE assignment, vulnerability scoring, advisory publication, customer notification, every layer of the system has implicit volume assumptions. A 10x increase in published CVEs stresses every layer. A 100x increase breaks several of them. The infrastructure will have to evolve, and it will not evolve fast enough to keep pace with the discovery rate.
Project Glasswing is one early attempt at a structural answer: concentrate AI vulnerability discovery in a small set of vetted defensive actors, manage the disclosure pipeline through their existing relationships with vendors, buy time for the broader ecosystem to absorb the wave. It is a short-term mechanism, not a long-term solution. The long-term solution probably looks different, different disclosure timelines, different infrastructure, different regulatory framework, different norms about what "responsible" means at machine-scale flow rates.
What enterprises should take from this: the disclosure pipeline you currently rely on for advance warning of vulnerabilities affecting your environment is going to get noisier, slower, and less reliable over the next 18 months. Being further down the disclosure chain just got more dangerous. The structural response is not "subscribe to better threat intel." It is to invest in the architectural layers, telemetry depth, retrospective lookback, defense in depth, that work regardless of whether you got the disclosure feed in time.
Read the deep dive: Project Glasswing: The New Disclosure Architecture, the full analysis of how disclosure governance is being rebuilt and what comes after the firebreak fails.