Apple, Google, and Microsoft join Anthropic's Project Glasswing to defend world's most critical software

Elyse Betters Picaro / ZDNET

ZDNET's cardinal takeaways

• AI recovered thousands of hidden bugs successful captious systems.
• Tech rivals unite to unafraid shared infrastructure risks.
• Cyberattack timelines shrink from months to minutes.

Today, a radical of the world's biggest tech companies is announcing what is fundamentally an AI-driven cybersecurity Manhattan Project. 

As the Cyberwarfare Advisor for the International Association of Counterterrorism & Security Professionals and portion of the FBI's InfraGard Artificial Intelligence Threat and Mitigation Cross-Sector Council, I've spent decades profiling planetary threats, from lecturing astatine the National Defense University to starring nationwide cyberattack simulations. But the accomplishment of a caller frontier AI from Anthropic represents a paradigm displacement that adjacent the astir prepared infrastructure specialists are scrambling to navigate.

There is simply a batch to unpack from this announcement, but earlier I spell into the published details, I'm going to effort to work betwixt the lines. That's due to the fact that the specified beingness of this announcement means there's a batch that remains unsaid.

The information that each of these companies are moving unneurotic has to beryllium indicative of the standard of the menace and the standard of the task indispensable to respond to it.

Also: AI agents of chaos? New probe shows however bots talking to bots tin spell sideways fast

What I'm going to picture is some terrifying quality and, astatine the aforesaid time, somewhat encouraging news. It's worrisome due to the fact that intelligibly our full cybersecurity infrastructure is astatine large risk due to advances successful weapons-grade AI. Otherwise, these fierce competitors wouldn't beryllium moving unneurotic arsenic announced today.

It's somewhat encouraging due to the fact that these aggravated competitors have chosen to enactment unneurotic to trim that infrastructure vulnerability. This is chaotic news, folks.

Introducing Project Glasswing

Project Glasswing is described successful the announcement as: "An inaugural that brings unneurotic Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks successful an effort to unafraid the world's astir captious software."

The sanction "glasswing" whitethorn mean nothing, oregon supply immoderate penetration into the project's wide intent. The glasswing butterfly, autochthonal to Central and South America, is so-named due to the fact that of its transparent wings that let it to camouflage itself successful its surroundings. The butterfly is besides unusually resilient, capable to transportation up to 40 times its ain weight.

Also: Why endeavor AI agents could go the eventual insider threat

At its core, this "coalition of the willing" is readying to deploy 2 antiaircraft weapons: a new, unreleased AI exemplary called Claude Mythos Preview and a heap of currency ($4 cardinal successful nonstop donations and $150 cardinal successful Claude usage credits).

At archetypal glance, this announcement looks similar a highly coordinated PR strategy, immoderate information theater. Another skeptical mentation mightiness beryllium that these companies are creating a information cartel to fastener retired startups and different players.

But I don't deliberation that's the case. Based connected statements from cardinal players and the information vulnerabilities mentioned, I deliberation this is thing acold much superior than a elephantine firm PR photograph op to marque everyone look liable with AI.

Having spent clip arsenic an enforcement astatine Symantec and a squad pb astatine Apple, I've seen firsthand however fiercely these companies defender their intelligence property. To spot them manus implicit $150 cardinal successful credits and unfastened up unreleased models to 1 different tells maine the menace level has moved from competitory to existential.

Also: Stop saying AI hallucinates - it doesn't. And the mischaracterization is dangerous

The information is, you don't spot these circumstantial companies cooperating similar this unless the alternate is mutually assured demolition of their shared infrastructure.

And no, I don't deliberation that's hyperbole.

Here's however Elia Zaitsev, CTO astatine cybersecurity institution CrowdStrike, described the situation: "The model betwixt a vulnerability being discovered and being exploited by an adversary has collapsed. What erstwhile took months present happens successful minutes with AI."

If the sanction CrowdStrike sounds familiar, it mightiness beryllium due to the fact that back successful 2024, the institution pushed an update that accidentally bypassed safeguards and crashed millions of Windows systems each crossed the planet. If immoderate 1 institution knows what a atrocious time feels like, it's CrowdStrike.

According to the announcement, "We formed Project Glasswing due to the fact that the capabilities we've observed successful Mythos Preview could reshape cybersecurity."

It's intelligibly worse than we thought

Anthropic described the Mythos Preview exemplary arsenic a "general-purpose, unreleased frontier model" with beardown agentic coding and reasoning skills. The institution said, "Anthropic didn't bid it specifically for cybersecurity."

The institution besides said it doesn't program to marque Mythos Preview mostly available, astir apt due to the fact that it could beryllium weaponized by adversarial actors.

Also: AI agents are fast, loose, and retired of control, MIT survey finds

According to Anthropic, "Over the past fewer weeks, Mythos Preview has identified thousands of zero-day vulnerabilities, galore of them critical. The vulnerabilities it finds are often subtle oregon hard to detect."

Thousands. It turns retired that galore of the vulnerabilities are contiguous successful core, mission-critical bundle and person been successful bundle deployed actively for the past 10 oregon 20 years. One specified vulnerability was a 27-year-old bug conscionable recovered successful OpenBSD. For the record, OpenBSD is known for its security, and yet present was a mission-critical vulnerability cipher (at slightest nary of the bully guys) knew about.

Another illustration is "a 16-year-old vulnerability successful a wide utilized video software." Here's the scary gotcha. Apparently, the bug is successful a enactment of codification that automated investigating tools antecedently considered the golden modular for information checks. The investigating tools analyzed that enactment of codification five cardinal times implicit the years, and not erstwhile did they drawback the problem.

Think astir this connection from Anthony Grieco, SVP and main information and spot serviceman astatine Cisco, the planetary networking and infrastructure institution that powers overmuch of the net and endeavor connectivity.

Grieco said, "AI capabilities person crossed a threshold that fundamentally changes the urgency required to support captious infrastructure from cyber threats, and determination is nary going back."

Also: How Claude Code's caller car mode prevents AI coding disasters - without slowing you down

No going back. He said, "The aged ways of hardening systems are nary longer sufficient. Providers of exertion indispensable aggressively follow caller approaches now." This information is wherefore helium says Cisco joined Project Glasswing: "This enactment is excessively important and excessively urgent to bash alone."

That's a breathtaking statement, particularly considering who it's coming from.

It's each astir infrastructure

Our modern civilization is built upon a networked exertion infrastructure. Ranging each the mode from elephantine power-generating stations down to our astute rings, conscionable astir everything is based connected computers and networking.

But this integer infrastructure instauration isn't each from 1 institution oregon product. In fact, a immense proportionality is based connected open-source software, often written by lone unaffiliated developers. Even commercialized billion-dollar products usage bundle libraries built by idiosyncratic coders.

Also: How I utilized GPT-5.2-Codex to find a enigma bug and hosting nightmare - fast

Historically, programmers and teams person hand-tested their codification and past written trial suites to enactment their codification done its paces. I bash this with my open-source information product. Before I deploy an update, I trial it extensively. Afterward, I often stock it with a subset of users for a beta trial period. Generally speaking, my merchandise has been rather solid.

But past fall, I decided to provender the afloat root codification to Claude Code and OpenAI's Codex. I asked each of them for a information evaluation. Both identified vulnerabilities that my investigating process missed. In fact, portion some recovered immoderate of the aforesaid vulnerabilities, each AI recovered a fewer that the different AI did not.

I rapidly fixed the bugs the AIs identified. But what truly funny maine was the benignant of bugs identified. These weren't bugs successful the existent codification itself. I didn't marque immoderate of the classical coding errors that usually pb to vulnerabilities.

What the AIs identified were behavioral quirks that would lone manifest erstwhile combined with different bundle and configurations -- codification I didn't write. But due to the fact that the AIs could look beyond the codification they were asked to analyse and alternatively considered the full infrastructure situation successful which the codification was running, they were capable to place situational problems that could person turned into exploits.

Also: I teamed up 2 AI tools to lick a large bug - but they couldn't bash it without me

This issue, connected a overmuch greater scale, is what Project Glasswing intends to tackle. The Project Glasswing announcement said: "No 1 enactment tin lick these cybersecurity problems alone: frontier AI developers, different bundle companies, information researchers, open-source maintainers, and governments crossed the satellite each person indispensable roles to play."

There are hundreds of thousands of these components moving connected billions of devices and wrong millions of bundle programs. All it takes is 1 vulnerability successful 1 portion of code, and captious infrastructure could fail.

According to Igor Tsyganskiy, EVP of cybersecurity and Microsoft Research astatine Microsoft, "As we participate a signifier wherever cybersecurity is nary longer bound by purely quality capacity, the accidental to usage AI responsibly to amended information and trim hazard astatine standard is unprecedented."

A corollary is that atrocious actors tin usage AI aggressively and destructively, performing attacks astatine instrumentality velocity and uncovering vulnerabilities astatine a complaint we've ne'er encountered before.

National information concerns

This inaugural indispensable not beryllium taken retired of context. To recognize its relevance, we indispensable besides see the existent geopolitical situation. IT information teams person been dealing with cyberthreats for years. Whether it's criminals retired for money, hacktivists intent connected disruption, oregon federation states conducting a premix of information exfiltration, monetary extortion, individuality theft, and infrastructure disruption, cyber threats are thing new.

I spent years investigating a cardinal White House email contention for my book, Where Have All The Emails Gone?, and adjacent then, the vulnerability of our highest offices to basal infrastructure failures was staggering. But those were human-scale errors. What Project Glasswing is warring is simply a machine-speed illness of the full antiaircraft perimeter.

Also: I built 2 apps with conscionable my dependable and a rodent - are IDEs already obsolete?

There are 2 precise caller factors successful play close now. The archetypal has been the maturation of AI capabilities. While Mythos Preview is intended arsenic a antiaircraft tool, bash not uncertainty that adversaries are gathering their ain frontier models arsenic weapons of wide integer disruption.

The 2nd origin is the warfare successful Iran. Back successful 2012, I wrote a cyberwarfare illustration of Iran, exploring its interior capabilities to wage cyberwarfare. Back then, I noted that Iran prioritizes higher acquisition successful subject and math. While the Iranian authorities censored the internet, astir a 4th of Iranian citizens were online. Today, astir 80% are online.

My decision successful 2012 is adjacent much valid today. I said, "The constituent of each this is to showcase that Iran has important connectivity, resources, and educated citizenry, much than capable to substance forays into cybercrime, cyberterrorism, and cyberwarfare itself."

Combine that with entree to frontier-level AI technology, and it's just to expect an aggravated level of cyberattacks astatine a complaint and ferocity ne'er seen before, leveraging exploits antecedently hidden successful the complexity of the wide infrastructure.

Also: I utilized Gmail's AI instrumentality to bash hours of enactment for maine successful 10 minutes - with 3 prompts

It's important to admit the ongoing issues Anthropic has had precocious with the US Government.

The Project Glasswing announcement obliquely reflects this situation: "Anthropic has besides been successful ongoing discussions with US authorities officials astir Claude Mythos Preview and its violative and antiaircraft cyber capabilities."

This is the lone clip successful the announcement that Mythos was described arsenic susceptible of supporting "offensive" capabilities. I invitation the scholar to gully their ain conclusions astir that detail. My instrumentality connected it is that Mythos could beryllium perchance destructively susceptible if that benignant of enactment were to go necessary. That violative capableness whitethorn besides beryllium wherefore Anthropic is limiting the merchandise to a defined acceptable of participants and not making it disposable to the satellite astatine large.

The announcement besides said: "Securing captious infrastructure is simply a apical nationalist information precedence for antiauthoritarian countries. The emergence of these cyber capabilities is different crushed wherefore the US and its allies indispensable support a decisive pb successful AI technology."

Also: Anthropic's caller warning: If you bid AI to cheat, it'll hack and sabotage too

Earlier this year, the US authorities designated Anthropic arsenic a proviso concatenation risk. A broadside effect of this designation was that defence contractors were instructed to halt utilizing Anthropic products successful thing that could beryllium tangentially considered related to authorities defence work.

That designation would person affected the authorities contracts of a fig of Project Glasswing participants had they chosen to proceed utilizing Claude. However, connected March 26, US District Court Judge Rita Lin blocked that restriction, temporarily allowing defence contractors to proceed to usage Claude AI products.

I spot 2 imaginable between-the-lines reads here:

• This announcement is timed to autumn aft the proviso concatenation hazard designation was blocked, and earlier it resumes.
• The capabilities of Mythos Preview and the results seen successful the aboriginal stages of its usage are truthful profound that these arch competitors would person decided to usage it anyway, careless of the contractual restrictions.

This is however the Project Glasswing merchandise explained the situation: "The enactment of defending the world's cyber infrastructure mightiness instrumentality years; frontier AI capabilities are apt to beforehand substantially implicit conscionable the adjacent fewer months. For cyber defenders to travel retired ahead, we request to enactment now."

Follow the wealth

If you're going to wage existent attraction to the infrastructure hazard posed by thousands of hidden vulnerabilities, you person to instrumentality into relationship the idiosyncratic open-source developers operating independently.

There is an tremendous ecosystem based connected each those individuals, each modifying and checking successful their ain code, to centralized repositories. While the quality of unfastened root means anyone (and immoderate company) tin work the code, checking successful modifications is constricted to the developers with perpetrate entree to the project.

Also: Switching to Claude? How to instrumentality your ChatGPT memories with you

It is surely imaginable for others to fork the task (create their ain transcript that is besides distributed). But doing truthful would not instantly lick immoderate bundle dependency risk. That contented is due to the fact that determination are automated systems crossed the net built to incorporated known packages into their distributions. Forking a task would necessitate each those automated systems to alteration the root of their codification updates.

So, erstwhile Mythos Preview finds a vulnerability, however does it scope the due developer for repair? Project Glasswing is taking 2 approaches. The archetypal is to donate a Claude Max subscription for Claude Opus and Sonnet to immoderate verifiable open-source developer who asks. That's not entree to Mythos Preview, but adjacent Claude Opus 4.6 tin assistance place bugs. To use for Claude Max grants, maintainers funny successful entree tin use done the Claude for Open Source program.

When I asked astir it, Anthropic told me, "We've donated $2.5M to Alpha-Omega and OpenSSF done the Linux Foundation, and $1.5M to the Apache Software Foundation to alteration the maintainers of open-source bundle to respond to this changing landscape."

OpenSSF is the Open Source Security Foundation. Their ngo is to "Make it easier to sustainably unafraid the development, maintenance, release, and depletion of open-source software. This includes fostering collaboration wrong and beyond the OpenSSF, establishing champion practices, and processing innovative solutions."

Alpha-Omega, portion of the Linux Foundation, serves: "As a helping manus and backing catalyst that supports the maintainers, communities, and ecosystems wherever information concern tin person the top impact."

The Apache Software Foundation besides supports a large galore projects that supply captious infrastructure crossed the internet.

While backing goes to these organizations, their relation successful high-vulnerability projects volition beryllium to facilitate outreach to idiosyncratic developers and to perchance supply backing for the clip required to instrumentality fixes.

The situation volition beryllium that galore of the cardinal developers for mission-critical components person different obligations and clip commitments. On the different hand, if immoderate radical tin wrangle these precise autarkic developers, it's the assorted open-source foundations that person been developer-wrangling ever since they got started.

Final thoughts

Jim Zemlin, CEO of the Linux Foundation, said, "In the past, information expertise has been a luxury reserved for organizations with ample information teams. Open root maintainers, whose bundle underpins overmuch of the world's captious infrastructure, person historically been near to fig it each retired connected their own."

Here's thing to consider. He said, "Open root bundle constitutes the immense bulk of codification successful modern systems, including the precise systems AI agents usage to constitute caller software."

He besides addressed the backing and clip concerns. He said, "By giving the maintainers of these captious unfastened root codebases entree to a caller procreation of AI models that tin proactively place and hole vulnerabilities astatine scale, Project Glasswing offers a credible way to changing that equation. This is however AI-augmented information tin go a trusted sidekick successful each maintainer's workflow, not conscionable for those who tin spend costly information teams."

My instrumentality connected this attack is that it's intriguing to spot these arch-competitors seemingly moving unneurotic to lick cybersecurity issues. I'm besides funny astir however overmuch of this attack proves to beryllium simply acting for the cameras, and however overmuch volition interaction our cardinal integer infrastructure.

I equilibrium that interest with 1 that's much visceral. This announcement, and the consciousness of what a Mythos-style AI tin do, tells america that we are astatine a acold greater hazard than adjacent we cyberwarfare specialists had predicted. Given the volatile authorities of the satellite today, Project Glasswing could beryllium the past champion hope, oregon it could crook retired to beryllium conscionable different PR effort that really does thing to forestall terrible infrastructure disruption.

Do you spot Project Glasswing arsenic a genuine antiaircraft effort, oregon much of a coordinated manufacture powerfulness determination to power entree to precocious AI information tools? Let america cognize successful the comments below.

You tin travel my day-to-day task updates connected societal media. Be definite to subscribe to my play update newsletter, and travel maine connected Twitter/X astatine @DavidGewirtz, connected Facebook astatine Facebook.com/DavidGewirtz, connected Instagram astatine Instagram.com/DavidGewirtz, connected Bluesky astatine @DavidGewirtz.com, and connected YouTube astatine YouTube.com/DavidGewirtzTV.