Palo Alto GlobalProtect Auth Bypass and cPanel Zero-Day Exploited as Anthropic Project Glasswing Launches AI-Powered Vulnerability Defense

Enterprise cybersecurity teams are responding to a wave of critical vulnerabilities in June 2026, with active exploitation of the Palo Alto GlobalProtect authentication bypass (CVE-2026-0257) and a critical cPanel zero-day (CVE-2026-41940) that has compromised over 40,000 servers. These incidents are unfolding against a backdrop of accelerating AI-powered threats and a landmark defensive initiative from Anthropic.

The Palo Alto GlobalProtect authentication bypass vulnerability allows unauthenticated attackers to gain access to protected network resources by circumventing the VPN authentication mechanism. Security researchers have confirmed active exploitation in the wild, with threat actors using the vulnerability to establish persistent access to enterprise networks before deploying ransomware or conducting data exfiltration. Organizations running affected GlobalProtect versions are urged to apply patches immediately and review VPN access logs for indicators of compromise.

The cPanel zero-day (CVE-2026-41940) has proven particularly damaging, with over 40,000 web hosting servers compromised in an ongoing exploitation campaign. The vulnerability affects the cPanel web hosting control panel software used by millions of websites and hosting providers. Attackers are leveraging compromised servers to host phishing infrastructure, distribute malware, and conduct supply chain attacks against the customers of affected hosting providers. The FBI has issued a warning about the Silent Ransom Group actively exploiting this vulnerability.

In response to the accelerating pace of AI-assisted attacks, Anthropic has launched Project Glasswing in partnership with AWS, Cisco, Microsoft, and CrowdStrike. The initiative uses the "Claude Mythos Preview" model to autonomously discover and help patch critical software vulnerabilities at scale, representing a significant shift toward using frontier AI for defensive security operations. Project Glasswing can analyze codebases, identify vulnerability patterns, generate patches, and validate fixes—compressing the vulnerability remediation cycle from weeks to hours.

Cisco has responded to the AI-accelerated threat landscape by shifting to a twice-a-month vulnerability disclosure rhythm, acknowledging that AI tools can surface software flaws faster than traditional monthly disclosure cycles allow organizations to respond. The company also introduced "Cisco Cloud Control" to unify networking, security, and infrastructure management for both human operators and AI agents, addressing the growing complexity of securing environments where AI agents have direct access to enterprise systems.

The "HTTP/2 Bomb" has emerged as a critical availability risk for enterprise infrastructure, exploiting the HTTP/2 protocol's compression capabilities to amplify small requests into massive server-side processing loads. Security teams are implementing rate limiting and request validation controls to mitigate this threat. The broader trend of AI-assisted attacks—including the manipulation of customer support chatbots to gain unauthorized account access—is driving enterprises toward continuous threat exposure management (CTEM) frameworks that prioritize real-time detection over periodic assessments.

Identity governance remains a primary focus, with startups like Opal Security raising $23 million to address AI-native identity management. The proliferation of machine identities and AI agents across enterprise networks has created a new attack surface that traditional identity and access management tools were not designed to handle. Organizations are deploying autonomous security agents to manage the complexity of AI agent permissions and ensure that agentic workflows operate within appropriate security boundaries.