Project Glasswing: How Will It Impact The Cybersecurity And AI Industries?

We previously spoke about Project Glasswing, a cybersecurity project created by Anthropic to help secure critical software before advanced AI systems make it easier to find and exploit vulnerabilities.

The initiative brings together big tech and business organisations such as Amazon Web Services, Apple, Cisco, Google, Microsoft, NVIDIA, JPMorganChase, CrowdStrike and The Linux Foundation.

With these giants working together, it might be worth discussing how the project will impact startups, especially in the cybersecurity and AI spaces.

How Powerful Is Claude Mythos, Really?

Project Glasswing brings advanced AI systems into vulnerability research at a scale that cybersecurity companies have not previously had access to.

According to Anthropic, Claude Mythos Preview has found vulnerabilities that survived decades of human review and millions of automated security tests. The company says the model can also develop sophisticated exploits for those weaknesses.

That capability has prompted cybersecurity organisations to take part in the programme. Dragos announced on 5 June that it had joined Project Glasswing and would use Claude Mythos Preview to search its own products for previously unknown vulnerabilities.

Jon Lavender of Dragos said, “Dragos has joined Anthropic’s Project Glasswing, applying Claude Mythos Preview to explore our own products for novel vulnerabilities. This work will help protect our own software, and equally important, it will inform our views on how frontier AI models perform against the kinds of software that run OT environments, insight we intend to share with the broader security community.”

What Could Project Glasswing Mean For Critical Infrastructure?

One area receiving special treatment within the programme is operational technology, often known as OT. These systems run power grids, water systems, pipelines, manufacturing operations and data centres.

Lavender said, “Most AI-assisted vulnerability discovery has been built and tested against IT systems. The Dragos Platform is built specifically to protect OT environments, which run power grids, water systems, pipelines, manufacturing operations, and data center environments. Vulnerabilities in that software carry a different risk profile over much longer in-service lifecycles. Finding and mitigating them matters in a different way.”

For infrastructure operators, that means AI could uncover weaknesses in software that has been running for many years. Anthropic says many flaws go unnoticed because finding and exploiting them has traditionally required expertise held by a small number of highly skilled researchers.

The company says frontier AI models are now competitive with the best human researchers at finding and exploiting vulnerabilities. Anthropic believes those capabilities can be used to find and fix flaws before malicious actors discover them.

Lavender said, “Dragos has run OT vulnerability research and incident response for over a decade. Project Glasswing applies a new tool to that established practice, not a substitute for it.”

How Will Project Glasswing Affect The AI Sector?

Project Glasswing gives AI developers an opportunity to measure how advanced models perform in one of the most demanding areas of cybersecurity. Also, the speed and scale at which Mythos can pick up vulnerabilities is way more than those of LLMs and humans both.

Anthropic sees another outcome for the AI sector, saying, “Although the risks from AI-augmented cyber attacks are serious, there is reason for optimism: the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software – and for producing new software with far fewer security bugs. Project Glasswing is an important step toward giving defenders a durable advantage in the coming AI-driven era of cybersecurity.”