A 732-byte Python script can root nearly every Linux distribution shipped since 2017.
That’s CVE-2026-31431, also known as Copy Fail, disclosed publicly on April 29. No exotic toolchain. No nation-state budget. Just a privilege escalation bug that sat quietly in the Linux kernel for almost a decade, waiting for someone to notice.
Copy Fail by itself would be a rough month for infosec. But it landed in the middle of a stretch of news that, taken together, tells us the relationship between AI and software security has shifted. The pace is starting to outrun what human-only teams can keep up with, and we don’t think the industry has fully reckoned with that yet.
AI is finding what humans missed, at scale
In April, Anthropic revealed that Claude Mythos Preview had identified thousands of zero-day vulnerabilities across every major operating system and every major web browser. Not theoretical weaknesses. Real, exploitable flaws. Mozilla worked with Anthropic directly, and Firefox 150 shipped with fixes for 271 vulnerabilities that an early Mythos run uncovered.
Mythos Preview succeeds on expert-level security tasks 73% of the time, tasks no model could complete before April 2025. In controlled evaluations it executed multi-stage attacks on vulnerable networks, then discovered and exploited vulnerabilities on its own. Work that would have taken a professional pentester days, done in hours.
Anthropic decided releasing Mythos publicly would be irresponsible. Instead they spun up Project Glasswing, a coalition with AWS, Apple, Microsoft, Google, CrowdStrike, and Palo Alto Networks, with access limited to around 40 vetted organizations. The model exists. Its offensive capability is real. The open question is who else builds something comparable without the same restraint.
On May 11, OpenAI answered with Daybreak: an application security agent called Codex Security that builds codebase-specific threat models, walks realistic attack paths, validates issues in isolated environments, and proposes patches. Cloudflare, Cisco, CrowdStrike, and Snyk are among the 20-plus partners. OpenAI’s framing was direct: the same capabilities that find vulnerabilities can be misused to exploit them, so Daybreak ships defense with verification and accountability built in.
Two competing AI labs, two large security coalitions, both launched within weeks of each other. That’s not coincidence. It’s an arms race.
The supply chain is already compromised
While the labs race, the boring middle of the stack keeps getting hit by attacks that don’t need AI at all.
The TanStack npm incident injected malware into packages that millions of developers pull as dependencies. npm’s trust model is simple: a maintainer publishes, downstream projects consume. One compromised account, one malicious publish, and thousands of builds are poisoned. TanStack proved, again, that the single-maintainer bottleneck in open source is a structural problem, not an edge case.
curl vulnerabilities keep surfacing in one of the most widely deployed tools in computing. curl ships in basically every Linux distro, every container image, and every CI/CD pipeline our team has ever touched. A flaw in curl doesn’t affect one application. It touches almost everything.
Now layer AI on top. Models trained on public code absorb vulnerable patterns. AI coding assistants reproduce them. And attackers can use AI to map out which open-source projects have a single maintainer, an outdated dependency tree, or a slow patch cycle, then plan accordingly.
What actually helps
The mitigations that matter aren’t speculative. They’re a little boring, and they require discipline.
Offline backups, non-negotiable
If your backups are reachable from the network, they’re part of the attack surface. Keep air-gapped, offline backups on a real schedule. Test restores quarterly. When the next Copy Fail drops, your recovery plan shouldn’t depend on the same infrastructure that just got compromised.
Dependency auditing as a habit, not a project
Pin your dependencies. Read the update diffs before you merge them. Use lockfiles and verify checksums. Tools like Socket (now part of OpenAI’s Daybreak coalition) watch for supply-chain attacks in real time. If you run WordPress, audit your plugins the same way: when did they last update, has ownership changed, does the author maintain other things that have been quietly compromised?
A “Verified Publisher” tier above maintainers
Here’s an idea we keep coming back to. The npm trust model needs a tier above “maintainer.” Call it a Verified Publisher: an identity-verified, contractually accountable entity that undergoes periodic security review before distributing packages used above some threshold of downstream dependents.
Maintainers do heroic work. But asking a solo developer to be the last line of defense for millions of production deployments isn’t fair to them, and it isn’t safe for the rest of us. A real trust layer would mean cryptographic identity, mandatory hardware-key 2FA, transparent audit logs, and revocation authority held by a consortium rather than a single registry. We don’t know who builds this. We do know the current model isn’t holding.
Patch faster than you used to
The gap between disclosure and exploitation is collapsing. Copy Fail went from private disclosure to public exploit in five weeks. AI-assisted exploit generation will keep shrinking that window. If your patching cadence is “monthly,” you’re already behind. Automate what you can, and prioritize kernel and infrastructure patches over application-level ones.
The bigger picture
Software as we’ve built it, open and composable and trust-on-first-install, was designed for a world where finding vulnerabilities was expensive. AI made it cheap. The same kind of model that found 271 Firefox bugs could, in the wrong hands, find 271 bugs in your stack and exploit them before you wake up.
That doesn’t mean open source is broken. It means the security assumptions underneath it need an upgrade: faster patching, verified trust chains, offline resilience, and AI-powered defense that can keep up with AI-powered offense.
If you run WordPress, this hits close to home. Your site depends on PHP, on Linux, on npm packages baked into your theme and plugins, on curl, and on a trust model where any plugin author can push an update to your production server tonight. Tooling that watches this stuff matters. PressBot Pro includes a security audit with 12 automated checks, real-time login attack tracking via Shield, and Plugin Guardian, which watches plugin supply-chain signals like ownership changes, suspicious updates, and severity flags. It won’t stop the next Copy Fail. It will close the gaps that are already open on your site today.
Start with what you control: audit your plugins, make sure your backups are actually offline, and patch this week instead of next month.
