Project QuiltWorks and the Next Phase of Threat Exposure Management

The question is no longer whether AI will affect vulnerability discovery. It is whether exposure management programs can keep up with a faster clock.

 

The Signal Underneath the Noise

There has been a lot of noise around Artificial Intelligence (AI) and cybersecurity in recent weeks. Some of it is useful, some of it is marketing hype. Beneath all of this, however, lies a practical point security leaders should not miss: AI is making vulnerability discoveries faster, cheaper and more repeatable. That changes the operating model for defenders.

Project Glasswing and Project QuiltWorks are useful because they make this shift concrete. Anthropic launched Project Glasswing in April 2026 to help secure critical software with early access to Claude Mythos Preview, a gated frontier model for defensive security work. Shortly after, CrowdStrike launched Project QuiltWorks, with Kroll and other partners, to help organizations assess, prioritize and remediate the growing wave of AI-discovered vulnerabilities in production code. The headline may be AI, but the real issue is operational: can organizations absorb more findings, make better decisions and reduce exposure before attackers can exploit them?

These announcements did not emerge in isolation. Google Project Zero and Google DeepMind's Big Sleep agent publicly reported an exploitable SQLite vulnerability in 2024. DARPA's AI Cyber Challenge finalists later demonstrated autonomous systems capable of finding and patching vulnerabilities across large, real-world codebases. Google Threat Intelligence Group has also warned that AI is expected to accelerate reconnaissance, vulnerability discovery and exploit development in 2026. The right reaction for boards and CISOs is not panic. It is tempo. The exposure window is changing.

 

Open-weight Models Make This Bigger Than One Announcement

Security leaders should not over-rotate on one gated frontier model. The more durable development is capability diffusion. DeepSeek released R1 under the MIT license in 2025, and OpenAI released gpt-oss, open-weight reasoning models under Apache 2.0, designed for strong reasoning, tool use, agentic workflows and efficient deployment. Not every open-weight model is a zero-day engine. Responsible use controls still matter. But as reasoning, coding and tool-use capability becomes cheaper and easier to run, more teams, vendors, researchers and adversaries can experiment closer to their own environments.

That is the Threat Exposure Management (TEM) points. When capability diffuses, security-relevant capability diffuses with it. Defenders should plan for a world where vulnerability research, exploit prototyping, code review, dependency analysis and attack-path discovery are increasingly assisted by models that are cheaper, more available and easier to adapt than prior generations.

 

The Exposure Window is What Changes

AI does not make patching harder because it magically creates a new CVE. It makes patching harder because the time and cost required to find useful weaknesses are falling. That matters in an environment where vulnerability exploitation is already rising. Verizon's 2025 DBIR found exploitation of vulnerabilities as an initial access step grew 34% and accounted for 20% of breaches, while Google Threat Intelligence Group tracked 90 exploited zero-days in 2025, with enterprise technologies reaching an all-time high share of 48%.

Traditional vulnerability management programs were built for human-speed discovery and periodic prioritization. Many still rely on recurring scans, CVSS-heavy triage, static SLA clocks and ticket closure as the main proof of risk reduction. These mechanics are still necessary, but they are no longer sufficient when AI can help surface logic flaws, insecure trust relationships, exposed code paths, brittle dependencies, misconfigurations and chained attack paths that do not show up cleanly in a scanner dashboard.

This is where Threat Exposure Management (TEM) becomes more than a new label. The practical answer is not 'patch everything faster.' It is to compress the exposure window for the risks that can actually hurt the business. What is reachable? What is exploitable? What would matter if it went wrong? Who owns the fix or mitigation? And did the risk actually decline?

 

Where Traditional Programs Strain—and How TEM Teams Should Adapt

• Enterprise-wide Exposure Visibility 
  Most teams can see managed endpoints and core servers. The work now is extending that visibility to browsers, edge devices, VPNs, cloud services, SaaS applications, APIs, identities, open-source dependencies, business-owned technologies and AI-enabled workflows. TEM Teams work backward from where attackers actually operate and move, then expand visibility into the areas where exposure tends to accumulate in the dark.
• Threat-informed Prioritization 
  A backlog of critical findings may improve dashboard optics, but a better-labeled list is not a strategy. The more important questions are: What is actually exploitable? What can be chained into an attack path? What would materially harm the business if it failed? Strong TEM programs weigh exploitability, privilege impact, real attack paths, business criticality, adversary activity and compensating controls.
• Remediation Ownership and Capacity 
  This is where the rubber meets the road. Security rarely fixes exposure by itself. Remediation runs through infrastructure, application teams, cloud engineering, IAM, third parties and business application owners. Mature TEM programs make ownership explicit, set escalation paths, identify bottlenecks and treat remediation as an operating model and accountability challenge, not just a tooling issue.
• Proof of Risk Reduction
  'Closed' is not the same as fixed. In a faster threat environment, that assumption creates risk. Stronger teams build in proof: retesting, control verification, exploit validation where appropriate and targeted follow-up to confirm the exposure has truly been eliminated.
• Automation With Judgment 
  Automation should carry more of the weight: prioritization, routing, orchestration, reporting and follow-up. But the best programs keep humans in the loop for judgment-heavy trade-offs, safety constraints, exception decisions and business-impact calls. The goal is not hands-free security. It is faster, better decision-making at scale.
  
  

 

AI is Now Part of the Attack Surface

This is the other half of the equation. Organizations are adopting public AI tools, AI features embedded in enterprise software, internally built copilots, agentic workflows and AI-assisted software development. In practice, many teams now have two jobs at once: enabling AI safely and securing the AI-enabled systems they are building or buying.

That is why the familiar controls still matter, but they must be applied with sharper intent. Threat-model AI use cases. Apply secure SDLC controls to AI-assisted code. Scan for dependencies and secrets. Tighten non-human identities and agent permissions. Log agent actions. Protect prompts, context and data flows. And ensure there is a practical kill switch or containment path when an AI-enabled workflow behaves outside intended bounds.

 

A Practical Response Model for Leaders

• Re-baseline exposure and remediation capacity. Map how the organization discovers, prioritizes, remediates, governs and reports exposure across infrastructure, cloud, SaaS, applications, APIs, identities, endpoints, data, third parties and AI-enabled workflows. Identify blind spots, slow handoffs and areas where the program measures activity instead of risk reduction.
• Prioritize like an attacker, not a scorekeeper. Tune ranking around exploitability, likely attack paths, privilege impact, internet exposure, business criticality, active adversary activity and compensating controls. The goal is a list teams can execute, not a longer list with better labels.
• Build fast mitigation capability and verify it worked. Some issues will not wait for normal cycles. Create playbooks for patch coordination, configuration hardening, virtual patching, segmentation, emergency access changes, escalation to resolver groups and post-fix verification. Where operating realities create constraints, use wave-based rollouts, canary deployments and compensating controls to compress exposure windows safely.
• Modernize the operating rhythm. Refresh governance, RACI, SLAs, exception handling, risk acceptance, metrics, leadership reporting and investment decision-making. AI programs may also introduce new record-keeping, logging and review expectations. Build those into the operating rhythm early instead of retrofitting them later.
• Use plain-language board questions. Are we exposed? Where can an attacker realistically reach us? What is fixed, mitigated or accepted? How long does high-risk exposure remain open? Where does remediation stall? What investments would materially change the risk curve?

 

What Good Looks Like

A strong TEM program operates as a loop: identify exposure, add threat and business context, prioritize what matters, drive mitigation, validate outcomes and report progress in a way leaders can act on. Useful metrics include scanner and asset coverage, exploitable critical backlog age, Mean Time to Repair (MTTR) by severity and business criticality, SLA compliance, exception aging, verified closure rate, assets without an accountable owner and inventory of AI services or agents.

The organizations that respond best will not simply try to patch faster. They will widen visibility, prioritize based on real-world attacker behavior, tighten remediation partnerships, validate outcomes and build enough governance to make fast decisions safely. In plain terms: they will move exposure management closer to AI speed without losing the human accountability required for enterprise risk decisions.

 

How Kroll Can Help

Kroll helps organizations answer the questions that matter: Where are we exposed? What can attackers realistically reach? What should we fix or mitigate first? And how do we prove risk has been reduced? Through cyber advisory, incident response, offensive security, regulatory, AI risk and remediation experience, we help clients translate the AI-driven vulnerability challenges into practical TEM programs.

This work may begin with a rapid TEM readiness assessment to baseline visibility, prioritization, remediation capacity, governance, reporting and investment needs. It may include targeted AI exposure reviews across AI-assisted development, agents, codebases, identity, cloud and data flows; threat-informed prioritization of the exposures attackers can actually reach; remediation sprints to address the highest-risk paths and validation to confirm that fixes reduced risk.

Kroll is also working with CrowdStrike as part of Project QuiltWorks, combining practical consulting expertise with technology-enabled discovery, adversary-informed prioritization and guided remediation. Amid the noise, that is the work that matters: know where you are exposed, act on what matters most and prove that risk has been reduced.