Anthropic this week launched Project Glasswing, a project focused on using AI to identify and mitigate software vulnerabilities. The launch comes just two weeks after the generative AI vendor’s unreleased Claude Mythos model raised concerns that advanced AI models might be approaching, or in some cases exceeding, human capability in discovering and exploiting security flaws.
Project Glasswing brings together more than 40 organizations, including Apple, Google, Amazon and Nvidia, giving them early access to the Claude Mythos model to identify and address software vulnerabilities. The goal is to enable those responsible for critical systems to detect, test and mitigate potential weaknesses earlier, before they can be exploited at scale.
It’s been a notably active stretch for Anthropic as it races against OpenAI toward an IPO. The vendor this week introduced a tool aimed at accelerating enterprise AI agent development, while separately moving to secure one of the largest infrastructure expansions in the AI market with a multi-gigawatt compute deal with Google and Broadcom. Together, the moves highlight how quickly Anthropic is scaling across the stack, from enterprise applications to the infrastructure required to support increasingly capable models.
Against that backdrop, the timing of Project Glasswing becomes more telling. While it is positioned as a defensive cybersecurity initiative, its significance lies less in the technology itself than in what it represents. The same class of models that raised concerns about their growing ability to identify and even exploit vulnerabilities is now positioned as a tool to help defend against them.
That tension points to a broader shift already taking shape across the industry: AI is becoming both the source of emerging security risk and a key part of the response.
This marks a move away from theoretical discussions about AI risk toward early-stage efforts to operationalize it. Rather than asking whether AI can introduce new vulnerabilities, companies are beginning to build around that reality, using AI to detect, prioritize and potentially remediate issues at a scale that would be difficult to match manually.
The result is the early formation of an “AI versus AI” security dynamic. As models become more capable, enterprises might increasingly rely on AI systems not just for productivity but also to keep pace with the risks created by AI itself.
Glasswing doesn’t resolve that tension, but it signals where the market is heading next.
Also in AI This Week
This week’s stories point in the same direction. Companies are moving quickly on AI, but many of the fundamentals are still catching up.
Enterprises are deploying AI tools without clear strategies, employees are still trying to understand what AI means for their roles, and some of the bigger governance questions remain unresolved. At the same time, the infrastructure needed to support that momentum is starting to feel stretched.
