Apple, Google, and almost all of the rest of US big tech have signed up to Anthropic's Project Glasswing, that will use AI to improve the cybersecurity of critical software.
While AI has enabled vibe coding to become more prevalent, it has also made it easier for malicious actors to create malware or to find new vulnerabilities to exploit. To fight this AI advantage, a group of major companies is also going to use AI.
Under the not-at-all ominous name Project Glasswing, Claude maker Anthropic is bringing together a number of big names in tech to try and fight the potential cybersecurity threat of AI.
Apple is included in the group, along with Amazon Web Services, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks.
AI is a blessing and a curse
Project Glasswing was launched because Anthropic created a new model that it thought could become a problem. The Claude Mythos Preview is an unreleased frontier model that Anthropic claims can do better than almost anyone at finding software vulnerabilities and exploiting them.
In testing, Mythos Preview had found thousands of high-severity vulnerabilities, Anthropic claims. This includes issues "in every major operating system and web browser."
With AI progressing at high speed, the company believes that the ability to find vulnerabilities can go beyond those who are fighting to keep everything secure. Anthropic is worried that these capabilities could go into the wrong hands if left unchecked.
The kind of flaws being discovered are those that require the expertise of top-level security researchers and can go unnoticed for years. With the increased reasoning capabilities of AI coding and the reduced cost and effort needed to power them, AI has quickly become a much better security researcher or assailant.
In some cases, Mythos discovered vulnerabilities that apparently "survived decades of human review and millions of automated security tests."
One highlight issue was a 27-year-old vulnerability in OpenBSD, which is often used in firewalls and critical infrastructure. The vulnerability could allow an attacker to remotely crash a computer using OpenBSD, simply by connecting to it.
The new initiative is an attempt to use the capabilities for defensive purposes before the offensive ones become a problem.
AI as security
The companies involved with Project Glasswing, including Apple, will be using Mythos Preview to shore up their existing software. At the same time, Anthropic will be sharing what the group learns to the rest of the industry.
Mythos Preview will also be accessible by a group of over 40 other organizations that maintain critical software infrastructure, for the same purpose.
Apple is one of the launch partners of Project Glasswing
On the finance side, Anthropic is providing up to $100 million in usage credits for all companies involved to use Mythos Preview. There will also $4 million in direct donations to open-source security organizations.
While this is a starting point, Anthropic warns that more trouble could be on the way. Insisting that no one company can solve the problem, it admits the work to defend tech infrastructure from AI-assisted threats could take years.
With AI poised to continue improving rapidly in the coming months, Anthropic urges, "we need to act now."
Future threats
To the end user of any of the involved companies, there is probably not to expect in terms of change in the products of Apple and others. This probably won't result in any surface-level changes to iOS or macOS anytime soon.
For the most part, this will involve Apple rolling out updates that are quite sizable, fixing long-time issues and new threats discovered by the initiative. At the very least, there will be more urgency for users to actually install software updates in a timely fashion.
What it does represent is Apple and other companies realizing that they need to protect against threats from technological advances. The threats that will eventually arrive, once technology progresses enough to make them viable.
This is not the first time Apple has actually done this sort of long-term thinking. It's already worked to fend off the security hazard of quantum computing.
In 2024, Apple detailed a new cryptographic protocol called PQ3 to iMessage, as part of a post-quantum cryptography effort. It's an attempt to protect against anyone harvesting encrypted messages, gambling that they could decrypt them later once quantum computing becomes widely available.
Project Glasswing is certainly in the same wheelhouse, working to fend off a threat that will almost certainly become an issue at some point in the future.
