This is the second in the series of Anthropic mythos / project Glasswing deep dive. if you haven’t read the part 1 below is the link -

Anthropic's Security as the Market Moat

Part 1 covers the the foundation, mythos’ deep dive, its capabilities, vulnerabilities, the whole set up of their butterfly project including who in the industry is part of it and why.

I also created this 7 minutes summary video that will take you through the events covered in part 1 and quick reviews of the impact that we’ll cover in details in part 2. the video is also available on AIU’s youtube channel.

In this second half we’ll cover.

Table of content -

1. What Glasswing Doesn’t Protect - No telecom. No OT. No AI infra. The gaps nobody’s talking about.

2. The Pentagon Counter-Narrative - From “supply chain risk” to “we’re securing your supply chain” in 11 days.

3. Where Are the Other Labs? - OpenAI silent. Google joined Anthropic. Meta would release it anyway.

4. The Dual-Use Problem and the Clock - Defenders go first. But the window has an expiry date.

5. The Business Play - $100M in credits isn’t charity. It’s the smartest GTM in AI.

6. The Endgame - What happens when everyone else catches up.

I might do a 3rd part on rest of the anthropic’s business structure, so we have a 360 degree view and the understanding of their strategies and technological landscape outside of their security market capture.

In last 3 days alone since I published part 1, few events took place. thankfully, they align with the chapter structure that i built earlier so I dont have to change that. I’ll include below with in the respective chapters.

🏦 The biggest development: Washington went into emergency mode,

⚠️ New Pentagon legal twist,

🔍 New open source problem identified,

📌 OpenAI signal

Chapter 6- What Glasswing Doesn’t Protect!

Quick recall on who’s part of the project Glasswing. -

Now I dont know who’ those 40 organizations are. I am assuming those are not big names, and if thats the case, this thesis will hold more ground. My first impression seeing this coalition was Yes, Its a serious initiative. But it doesn’t look complete and hear me out why.

What Glasswing actually protects is software

Operating systems, browsers, open source codebases, and the first-party proprietary code of coalition partners. That’s meaningful. The Linux kernel underpins everything from hospital systems to financial infrastructure. Firefox runs on a billion devices. Finding and patching bugs there has real downstream impact.

So Its serious but its not complete. And the gaps matter more than the headlines are letting on. Lets look at what’s missing. or who’s missing.

No telecom.

Zero carriers in the coalition. No AT&T, no BT, no Deutsche Telekom, no Vodafone, no NTT. Telecom infrastructure runs on legacy SS7 signalling systems that were designed before cybersecurity was a discipline, and 5G core networks that are being rolled out faster than they’re being hardened. The systems that carry the data everything else depends on, are completely absent.

No operational technology.

No Siemens, no Schneider Electric, no Honeywell, no Rockwell Automation. The embedded code running power grids, water treatment plants, oil refineries, and manufacturing lines, none are in scope. OT systems are notoriously difficult to patch. Many run on air-gapped networks with decade-old firmware that was never designed to be updated. State-sponsored groups are actively pre-positioning inside OT networks across Europe and the US right now.

This is precisely the kind of ancient, undocumented code Mythos would tear apart. And it’s precisely what isn’t being scanned.

No AI infrastructure layer.

NVIDIA is a coalition partner - BUT for GPU drivers and CUDA software. Nobody is scanning the firmware layer, the BMC/IPMI interfaces, or the supply chain integrity of AI accelerators themselves. The training pipelines, model serving infrastructure, and MLOps orchestration that runs most modern AI workloads, all of these are absent.

The infrastructure that makes AI possible is unprotected by the AI security initiative.

No application layer.

No SaaS companies. No enterprise app developers. The code your users actually interact with every day, » not in scope.

Then there’s a structural problem nobody anticipated until this week. The Apache Software Foundation confirmed it received $1.5M from Anthropic as part of Glasswing. Researchers and analysts at Forrester flagged the obvious implication immediately:

Mythos can surface vulnerabilities at a speed and scale that volunteer maintainers simply cannot match. Discovery is now exponential. Remediation is still human, finite, and largely unpaid. You could end up in a situation where the initiative generates thousands of confirmed vulnerabilities faster than the open source community can responsibly disclose and patch them, creating a window where known bugs exist in the wild but fixes don’t yet. Good intentions, bad outcome.

Cisco’s CSO Anthony Grieco said the old ways of hardening systems are no longer sufficient. He’s right. But Cisco here is protecting Cisco’s own products ie IOS-XE, Webex, Meraki firmware, their security appliances and Not the networks those products sit inside.

Not the telecom operators running Cisco gear.

The customers’ infrastructure benefits indirectly if Cisco patches faster. They are not getting Mythos access themselves.

Glasswing secures the foundations.

But entire floors of the building remain unprotected, and those floors, telecom, OT, AI infrastructure, the application layer are arguably where the real damage happens when AI-powered exploits proliferate into the wrong hands.

Share

Chapter 7 - the Pentagon Counter-Narrative

On March 5th, the Pentagon designated Anthropic a supply chain risk.

Defence Secretary Pete Hegseth ordered all federal agencies to cease use of Anthropic’s technology. The Trump administration’s position: Anthropic was imposing excessive safety requirements on military use of Claude, effectively making the model less useful to the DoD by refusing certain applications on safety grounds.

On March 9th, Anthropic sued. Two simultaneous lawsuits one in California, one in DC.

A company being blacklisted by the federal government for being too careful is not a neutral legal dispute. It’s a signal about how the current administration thinks about AI safety as an obstacle, not a feature.

On March 27th, a federal judge in San Francisco temporarily suspended the Pentagon’s order. Anthropic won, or appeared to.

Then on April 9th, a federal appeals court rejected Anthropic’s separate plea to halt the blacklisting nationwide, contradicting the district court’s ruling.

Two courts.

Two outcomes.

Simultaneously active.

The legal situation is now a standoff, not a victory, and it’s heading toward a higher court resolution that nobody can predict.

Eleven days after the district court win, and two days after the appeals court setback , Project Glasswing was launched.

What does it mean? the timing of Glasswing isn’t accidental. and context matters.

Read that sequencing carefully.

Anthropic gets labelled a national security risk by the executive branch.

they fight it in court and get a split result.

Then they announce a $100M initiative with every major American technology company, the biggest cybersecurity vendors, a major bank, and the Linux Foundation.

All explicitly focused on defending critical infrastructure. Before launch, they brief VP JD Vance, Treasury Secretary Bessent, and senior White House cybersecurity officials directly. After launch, Bessent and Fed Chair Powell call an emergency meeting with Wall Street bank CEOs to discuss the threat Mythos represents and how to defend against it.

The message to Washington is unmistakable:

Whether Glasswing was planned from the start or accelerated in response to the Pentagon fight, the effect is the same. Anthropic has executed one of the most effective institutional counter-narratives in recent tech history.

In three weeks they moved from federal blacklist to emergency briefings at Treasury and the Fed, not as a defendant, but as the company whose technology the government is now urgently trying to get more organisations to use defensively.

The appeals court ruling complicates the legal picture. But it doesn’t touch the political one. When the Secretary of the Treasury and the Chair of the Federal Reserve are summoning bank CEOs to discuss your model’s capabilities, you are no longer a supply chain risk. You are the supply chain.

Share Intelligent Founder AI

Chapter 8: Where Are the Other Labs?

Nobody’s asking the obvious question. Anthropic just announced a model so capable at finding and exploiting vulnerabilities that they won’t release it publicly, assembled a $100M defensive coalition with the biggest companies on earth, and briefed the White House, Treasury, and the Fed before launch. And the response from every other frontier lab has been, essentially, nothing ( until yesterday? )

OpenAI

has been silent on anything comparable, no restricted model, no defensive coalition, no public acknowledgment that their models might have similar cyber capabilities. That silence just got louder. White House briefings in the days following Glasswing’s launch confirmed that OpenAI is expected to unveil a model with comparable cybersecurity capabilities in the near future. So the answer isn’t that they don’t have it. It’s that they haven’t decided what to do with it yet. Or they have, and they’re not saying. Either way, the approach is the opposite of Anthropic’s no pre-briefing governments, no coalition, no system card. Just a future announcement. The contrast in posture is stark.

Google

is the most interesting case. They are a Glasswing partner meaning they are running their own codebases through a competitor’s model because that competitor built something better in this specific domain. Google has DeepMind, some of the best security researchers in the world, and more compute than almost any organisation on the planet. They chose to join Anthropic’s initiative rather than run their own. That’s not a small thing to admit. It tells you something real about the capability gap, at least in the cyber domain, right now.

Meta

is playing the exact opposite philosophical game.