SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
Flux result 586ba468 637e 4df3 afb6 b50756bff00b
#
Firewalls
#
DevOps
#
Digital Transformation

Synack launches Glasswing readiness test for attack gaps

Tue, 14th Apr 2026
Author image
By Sean Mitchell, Publisher

Synack has launched a Glasswing-Readiness Assessment aimed at helping organisations identify gaps in their attack surface as offensive AI tools advance.

The assessment was developed in response to recent progress in offensive AI, including Anthropic's Project Glasswing and other emerging systems such as Mythos. Synack argues that these tools are cutting the time needed to discover and exploit vulnerabilities across operating systems and browsers.

The offering combines attack surface discovery with Sara, Synack's autonomous red agent, to explore customer environments and identify possible attack paths. Synack's Red Team then validates the findings, links vulnerabilities where relevant, removes false positives, and presents the results to customers.

At the centre of the launch is the argument that many organisations still test too little of their infrastructure. Synack cites research showing that companies test 32% of their attack surface on average, leaving legacy systems, older firewalls, and overlooked endpoints outside regular scrutiny.

That shortfall matters as AI-driven attack tools improve. Systems that once appeared low risk in isolation may become more attractive targets if automated tools can move quickly across a broad environment and connect several weaknesses into a single route of entry.

"Project Glasswing is exactly the kind of defensive innovation this moment calls for, and it signals just how capable these models have become," said Jay Kaplan, Chief Executive Officer and Co-founder of Synack. "Organisations need to match that energy in their own environments. The answer is continuous, agentic AI-driven testing with humans in the loop. Annual assessments tied to a compliance calendar no longer reflect how attacks actually happen."

Synack frames the assessment as a response to a structural issue in corporate security practice rather than a lack of tools. In its view, point-in-time testing and compliance-led review cycles no longer match the pace at which AI-assisted threats can develop.

Coverage gaps

Dr Mark Kuhr, Chief Technology Officer and Co-founder of Synack, said the problem is less about any single exposed system than the cumulative risk created when multiple weak points remain untested.

"When offensive AI can map an environment and iterate on exploits at machine speed, untested infrastructure like legacy systems, forgotten endpoints, and aging firewalls become the attack surface adversaries find first," said Kuhr. "Every weak point is now a viable entry. What looks low-risk in isolation often isn't once you account for how these attacks actually chain. Getting coverage across your full attack surface is no longer a stretch goal. It's the baseline."

Sara is used for reconnaissance, attack surface mapping, and initial exploit validation at scale, while human researchers review and confirm findings. That reflects a wider trend in cyber security, with vendors combining automation and specialist judgement rather than relying solely on software scanning or manual penetration testing.

Pressure on security teams has grown as AI tools begin to assist both defenders and attackers. For defenders, the appeal is broader visibility across large, often fragmented estates. For attackers, it is the ability to automate reconnaissance, shorten exploit development cycles, and probe more targets with less manual effort.

Synack says customer discussions are increasingly focused on practical steps that can be taken immediately rather than waiting for offensive AI tools to become widely available.

"Every conversation I'm having with customers right now comes back to the same question: What do I do about this today?" said Paul Mote, Vice President of Solutions Architects at Synack. "You don't need to wait for offensive AI capabilities like Mythos to be widely available before you act. We're already finding exploitable vulnerabilities at scale that scanners and traditional pentests miss. The time to act is before adversaries have the same capability," said Mote.

The launch adds to a growing market for continuous validation and testing services designed to give organisations a more current view of their exposure. As AI changes the economics and speed of cyber attacks, vendors are increasingly arguing that annual or periodic assessments are too slow to keep pace with how threats emerge and spread.

Synack says the Glasswing-Readiness Assessment is intended to show organisations what in their environments is real and exploitable.

Related stories
Anthropic launches Claude Opus 4.7 with stronger coding
CIQ launches Linux compliance platform ahead of deadlines
Your.Cloud acquires Pure Cloud Solutions in UK push
Emerson & OPSWAT strike global reseller deal for OT patching
OVHcloud adds Quandela Belenos quantum computer to platform

Top stories

Team Cymru launches Total Insights Feeds for threat data
FIRST conference highlights AI & CVE disclosure push
Protegrity launches AI Team Edition for secure inferencing
CERN joins OpenSearch foundation as associate member
OpenAI launches Trusted Access for Cyber with major names