On April 7, 2026, Anthropic announced Project Glasswing alongside a restricted preview of its frontier model Claude Mythos. The accompanying technical blog described what was, in calibrated terms, a threshold event for vulnerability research: Mythos had autonomously discovered thousands of previously unknown security flaws across every major operating system and web browser, then written working exploits for many of them — entirely without human guidance after an initial prompt. Among the specifics: CVE-2026-4747, a 17-year-old remote code execution vulnerability in FreeBSD's NFS server that Mythos identified, analyzed, and exploited via a 20-gadget ROP chain split across multiple packets, granting root to any unauthenticated internet user. It also surfaced a 27-year-old OpenBSD bug and a 16-year-old FFmpeg flaw, neither previously known to their maintainers.
Anthropic is not releasing Mythos publicly. Project Glasswing restricts access to 12 vetted partners — Microsoft, Apple, Amazon, CrowdStrike, and the Linux Foundation among them — for defensive security work only. The relevance for OSINT practitioners isn't the model itself. It's what the model demonstrated: that AI-assisted vulnerability discovery is no longer a research curiosity. The exploitation window that follows CVE disclosure has been shrinking for years, and the tools now exist to compress it further. According to Mandiant's M-Trends 2026, mean time to exploit has dropped to -7 days — meaning exploitation is, on average, now occurring before the patch is publicly available. VulnCheck's State of Exploitation 2026 found that 28.96% of Known Exploited Vulnerabilities were exploited on or before the day their CVE was published. The Langflow flaw CVE-2026-33017 was under active attack within 20 hours of disclosure, with no public proof-of-concept code. This is the environment into which "AI search" for exposed infrastructure has arrived.
What Shodan's AI Integration Actually Is
Let's be precise, because the phrase "Shodan AI search" is doing more work in headlines than the feature currently warrants. Shodan does not currently offer a native natural-language query interface that translates plain English into its filter syntax. What exists, as of the 2025-2026 period, is a set of AI-adjacent integrations that are genuinely useful but architecturally different from what "AI search" implies.
The most concrete is the Microsoft Copilot Security plugin, which exposes Shodan's API to Copilot's generative interface. An analyst can type "find internet-exposed RDP servers in the 198.20.0.0/16 range with SMBv1 enabled" and Copilot will construct the appropriate Shodan query and return results. The natural language layer is Copilot's; Shodan provides the indexed data. A parallel path uses community-built MCP servers to pipe Shodan's API into any MCP-compatible AI assistant. Neither approach is native to shodan.io, but both are functional and worth incorporating into an OSINT workflow where complex filter construction is a bottleneck.
Shodan's own platform additions are more focused on data enrichment than query UX. The CVEDB API provides fast, daily-updated CVE lookups by CVE-ID or CPE23, free for non-commercial use, with no Shodan account required. The Monitor service added "ai" to its default alert triggers — in this context meaning detection of exposed AI services and inference endpoints, not an AI-powered alert engine. Shodan Monitor's alert-and-trigger architecture remains the right place to build automated CVE detection: create a network alert for your IP ranges, configure vuln triggers, and receive email or webhook notifications when Shodan indexes a new vulnerable service on your monitored infrastructure.
Censys Assistant: The More Mature Approach
Where Shodan's AI-facing features are primarily API integrations, Censys has built AI directly into its platform. The Censys Assistant, documented in their changelog through early 2026, accepts natural language queries against the assets and hosts in the Censys Internet Map and, for ASM users, your defined attack surface inventory. You can ask "are any assets in my inventory vulnerable to CVE-2026-21858?" or "what services are running on non-standard ports in the 10.x range?" and receive answers drawn from live Censys data. The Assistant uses LLMs from OpenAI and Anthropic under the hood, available to Starter and Enterprise accounts.
The structural difference matters: Shodan indexes the global internet and you query it; Censys ASM scopes to your defined attack surface and wraps AI around that scoped view. Both are useful. Shodan's breadth is unmatched for spotting what the internet at large looks like for a given CVE — how many unpatched instances exist, in which geographies, under which ASNs. Censys's Assistant is faster for answering "do I have this problem." Censys also added reputation scores in the Censys Platform in 2026, enabling faster triage of IP indicators with transparent evidence chains rather than opaque trust ratings.
Building the Vulnerability Watch Stack
A practical open-source monitoring stack for a threat intelligence team combines these tools in layers, each addressing a different failure mode.
Layer 1 — Shodan Monitor for your exposed perimeter. Create network alerts for every public IP range your organization owns. Enable the vuln and new_service triggers at minimum. When Shodan's crawler indexes a service banner matching a known-vulnerable CPE, you get notified before you would through most internal scanning cadences. Pair this with periodic CVEDB API lookups to enrich any CVE-IDs in those alerts with CVSS scores, CPE mappings, and NVD references. The CVEDB endpoint is lightweight and scriptable; it fits cleanly into a Python alert-processing pipeline.
Layer 2 — Censys ASM for attack surface inventory and NL querying. Where Shodan Monitor fires on specific IP ranges, Censys ASM maps assets you may not have enumerated — forgotten subdomains, shadow IT, cloud assets outside your monitored ranges. Use the Censys Assistant to run CVE-specific queries against this inventory immediately after a high-severity CVE drops. The ability to ask in plain language whether a given vulnerability affects any of your inventoried assets shortens the triage cycle at the moment when those extra hours matter most.
Layer 3 — GreyNoise for exploitation signal. A Shodan banner tells you a service is exposed and possibly vulnerable. It does not tell you whether anyone is actively probing for it. GreyNoise closes that gap. Its 2026 State of the Edge Report found that more than half of GreyNoise-observed activity surges preceded a matching CVE disclosure by a median of 11 days — meaning GreyNoise's mass-scan telemetry can serve as an early warning signal before the CVE is even public. More immediately: when your Shodan alert fires on a vulnerable banner, query GreyNoise for that service's CPE or the associated port. If GreyNoise shows mass-scanning activity from multiple sources, treat the alert as active exploitation risk, not backlog. GreyNoise's April 2026 C2 Detection launch adds another layer — if a device in your environment has been compromised and is beaconing out, C2 Detection surfaces the malware family and callback infrastructure alongside the compromise signal.
Reading Unpatched Banners as Targeting Signals
The operational implication of both Project Glasswing and the Mandiant -7-day exploitation figure is straightforward but underappreciated: an unpatched banner visible in Shodan is not just a finding to queue in your vulnerability management backlog. It is a targeting signal. Threat actors — and now AI-assisted tools — can run the same Shodan query you just ran, identify the same exposed service, and weaponize it before your next patch window. The VulnCheck data showing near-30% of KEVs exploited on or before their CVE publication day means your assumption that "we have 30 days to patch" is statistically false for the most actively tracked vulnerability classes.
When your monitoring stack surfaces a Shodan alert on a vulnerable banner, the right triage question is not "how critical is this CVE?" but "how much mass-scanning activity does GreyNoise show for this service, and does Censys ASM confirm this host is in scope?" The combination of confirmed exposure (Shodan), confirmed active targeting (GreyNoise), and confirmed organizational scope (Censys) converts a vulnerability finding into an incident precursor.
What AI Search Adds, and What It Doesn't
AI-assisted interfaces lower the query-construction barrier significantly. Analysts who know what they want to find but struggle with Shodan's filter syntax — http.component:"Apache" port:8443 vuln:CVE-2021-41773 country:DE — can now describe that search in plain language and get it constructed correctly. That's a real productivity gain, particularly for generalist analysts in CTI roles who aren't daily Shodan power users.
What AI search does not provide: judgment about whether a banner's version string is accurate (many are not), context about whether a host is a honeypot, an understanding of an organization's actual patch deployment lag versus its stated SLA, or the ability to correlate external scan data with internal asset criticality. Glasswing proved that AI can find the bugs. The analyst's job — deciding what the exposure actually means for a specific organization's risk posture, and communicating that to a team that has to prioritize it against fifty other findings — remains irreducibly human for now.