AI Finds Thousands of Zero-Days: What East Africa Must Do Now

Severity Level: HIGH

The Threat

Anthropic, the AI safety company behind the Claude family of models, has unveiled Project Glasswing - a cybersecurity initiative deploying a preview of its most powerful model yet, Claude Mythos, to autonomously discover and triage security vulnerabilities at machine speed. The result is striking: thousands of previously unknown zero-day vulnerabilities identified across major, widely deployed systems in a short period.

Zero-day vulnerabilities are flaws unknown to the software vendor and therefore unpatched. They are the most dangerous class of vulnerability because no defence exists at the point of discovery - attackers who find them first can exploit them silently, for months or years, before any fix is issued. The fact that an AI model can now surface thousands of them in a sweep fundamentally changes the threat landscape for every connected organisation on the planet - including those across East Africa.

Project Glasswing is currently restricted to a small set of partner organisations. That means the full vulnerability dataset is not yet public, patch timelines are unknown, and the window between discovery and exploitation is dangerously unpredictable.

Impact Assessment for East Africa

For East African organisations, this development carries immediate and specific risk across three sectors:

Financial Services - Kenya, Ethiopia, Somalia

Kenyan commercial banks and microfinance institutions operating on legacy core banking platforms - many of which run software stacks that have not been fully audited in years - are directly exposed. CBK's Prudential Guidelines on Cybersecurity require institutions to maintain current patch management programmes. A wave of newly discovered zero-days means those programmes are now, by definition, incomplete. Mobile money platforms serving millions of Kenyans, Ethiopians, and Somalis are equally at risk if their underlying infrastructure shares affected software components.

Government and GovTech - Horn of Africa

National ID systems, tax administration platforms, e-government portals, and border management systems across Kenya, Ethiopia, Djibouti, and Somalia run on widely used commercial and open-source software. If Claude Mythos has found zero-days in major systems, those same systems are likely running in government data centres across the region - often with slower patch cycles than private sector counterparts. A targeted nation-state actor with access to this vulnerability intelligence before public disclosure could compromise critical government databases silently.

Critical Infrastructure - Power and Telecom

Power utilities and telecoms providers across East Africa have been accelerating digital transformation - introducing SCADA systems, smart metering, and internet-exposed operational technology. These environments are notoriously difficult to patch quickly. Zero-days in industrial control system software or network management platforms represent a direct threat to service continuity. Iran-linked actors are already actively targeting internet-exposed PLCs in critical infrastructure globally, as flagged in concurrent threat intelligence this week - a zero-day in the same environment amplifies that risk significantly.

Immediate Actions - Do These Now

• Audit your software inventory immediately. Run a full software bill of materials (SBOM) across all production systems. You cannot patch what you cannot see. Prioritise internet-facing applications, core banking platforms, and OT/SCADA environments.

• Accelerate patch cycles for major vendors. Monitor advisories from Microsoft, Cisco, Palo Alto, Fortinet, and major open-source projects hourly, not weekly. When Project Glasswing findings go public, patches will drop fast and exploitation will follow within hours.

• Activate threat intelligence monitoring. Subscribe to feeds that will carry Glasswing-related CVE disclosures the moment they are published. Your SOC team needs to be in a posture to respond within the hour, not within the week.

• Conduct emergency penetration testing on critical assets. Do not wait for vendor advisories. A targeted assessment of your most sensitive systems - core banking, government databases, SCADA - will surface exploitable weaknesses before attackers do.

• Review and enforce network segmentation. Ensure that a compromise of one system cannot cascade. Zero-day exploitation is most damaging in flat, over-permissive network environments. Review firewall rules, east-west traffic controls, and privileged access policies now.

DRONGO Recommendation

DRONGO's threat intelligence and penetration testing teams are actively tracking Project Glasswing disclosures and cross-referencing them against the software stacks most commonly deployed by East African banks, government agencies, and infrastructure operators. We can assess your exposure before attackers do.

Is your organisation protected? Request a free security assessment.