The Future

Anthropic Built an AI to Defend Against AI. Here Is the Problem.

Morgan Blake ·

The announcement arrived with the tone of a summit communiqué. On April 7, Anthropic unveiled Project Glasswing: a security initiative that brought together AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The stated goal: "secure the world's most critical software." They are also previewing a new AI model called Mythos, built specifically for defensive cybersecurity work, available to a small number of select partners.

Read the press materials and it sounds like exactly what we need. The smartest people in technology, coordinating at scale, deploying powerful AI to protect critical systems.

Read it differently and something interesting reveals itself.

The Attack Surface Has a Familiar Return Address

Let me describe the attack surface that Project Glasswing intends to defend. It is the sprawling infrastructure of cloud services, AI APIs, enterprise software, and interconnected systems assembled by: AWS, Apple, Broadcom, Cisco, Google, Microsoft, NVIDIA, and Palo Alto Networks. The same organizations.

This is not an accusation. It is the texture of the situation. The companies that built the digital stack are now organizing to secure it. That has always been true. What is new is that the attack surface has grown faster than the defenses, and AI is the reason for both.

Large language models can generate phishing emails indistinguishable from legitimate communications. They can scan code for exploitable patterns at machine speed. They can automate social engineering at scale. Security researchers have documented these capabilities; they are not hypothetical. And who built these models? Anthropic. OpenAI. Google. The same companies now forming defensive coalitions.

Mythos and the Dual-Use Problem That Never Goes Away

Anthropic's Mythos is described as a model for "defensive cybersecurity work." A reasonable question: what does it do that a general-purpose LLM cannot? The answer presumably involves deeper integration with security toolchains, specialized training on threat data, and capabilities tuned for vulnerability analysis and incident response rather than creative writing or code generation.

But here is the structural reality of any sufficiently capable AI security tool: defensive and offensive capabilities live close together on the capability map. A model that can identify vulnerabilities in code is a model that can also describe how to exploit them. A model trained to recognize attack patterns can help construct novel attack patterns. This is not a flaw in Mythos specifically. It is a property of the domain.

The history of security technology is the history of capability proliferation with a lag. Encryption tools became the backbone of ransomware operations. Penetration testing frameworks became criminal infrastructure. Zero-day brokers turned vulnerability research into a commodity market. The tools designed for defense always find their way into the hands of people with different intentions. The question is never whether this happens but how long it takes.

What Is Actually Different This Time

Here is the optimistic reading, and I do not want to dismiss it. The Project Glasswing coalition represents something new in scale and formality. When Amazon, Google, and Microsoft are co-signatories on a security initiative, they are implicitly committing to shared threat intelligence, interoperable defenses, and coordination that historically has not existed at this level. The Linux Foundation's presence suggests the intent is to benefit the open software ecosystem, not just proprietary enterprise stacks.

Anthropic previewing Mythos to a "small number of high-profile companies" is actually the right posture for this stage. Controlled access, iterative deployment, feedback loops with sophisticated security teams. This is how you develop a powerful tool responsibly: carefully, with scrutiny, with the people most likely to find the failure modes.

The cynical reading is that this is infrastructure security theater. A press release with twelve logos, providing cover for each company to proceed with their respective AI ambitions while gesturing at collective responsibility.

The honest reading is that it is probably both, and the ratio depends on decisions made over the next two years that we cannot evaluate yet.

The Question No Coalition Answers

What Project Glasswing cannot address is the fundamental asymmetry of AI security: offense is cheaper than defense. Building a phishing campaign with AI requires a few prompts and an email service. Building defenses against AI-powered attacks requires monitoring every endpoint, understanding every vector, and responding faster than automated attackers can iterate.

Coalitions are good at coordination. They are less good at changing underlying economics. The attackers do not need to join a consortium.

Anthropic's Mythos may be genuinely excellent at what it does. The project may produce real improvements to the security of critical infrastructure. I hope it does. The trust gap between AI capability and AI reliability is already wide enough without adding active adversaries to the picture.

But the same AI lab building defenses for critical software is also building the general-purpose frontier models that expand the attack surface. They are doing both simultaneously, with full knowledge of the contradiction, at what recent reporting suggests is $30 billion in annual run-rate revenue. And now they are selling the defense.

That is not a reason to stop. It is a reason to pay attention.

#anthropic#cybersecurity#glasswing#mythos#ai-security

More Like This

The Future

The Internet Was Built for Humans. That Phase Is Almost Over.

Cloudflare's CEO said at SXSW that bot traffic will exceed human traffic on the web by 2027. When you ask an AI agent to shop for a camera, it visits 5,000 sites. You visited five.
The Future

Anthropic Is Suing the Pentagon. The Industry Is Watching.

Anthropic filed two federal lawsuits against the Department of Defense after being labeled a supply chain risk for refusing to enable autonomous weapons and mass surveillance. The industry is watching to see if principled restraint can survive contact with power.
The Future

The Irony of Local AI: Its Best Tools Just Picked a New Landlord

GGML and llama.cpp just joined Hugging Face. The local AI ecosystem has traded burnout-prone independence for institutional support — and in doing so, traded one kind of trust problem for another.