Project Glasswing: When AI Becomes the Ultimate Hacker—and Defender
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Project Glasswing: When AI Becomes the Ultimate Hacker—and Defender” inside PodZeus.
Anthropic's Project Glasswing, powered by the unreleased AI model Claude Mythos, is poised to autonomously discover zero-day vulnerabilities and chain exploits across global software systems—raising alarms about the dual-use potential of AI in cybersecurity. The system, not being released to the public and restricted to select partners like Microsoft, Google, and JP Morgan, is framed as a defensive tool, but panelists Kevin Tackett and Scott Wright argue it's a dangerous distraction. They warn that without fixing the root causes—like underfunded open-source maintenance and legacy systems—AI-driven vulnerability discovery only piles on more problems without real resolution. The real threat isn't just the AI itself, but the industry’s obsession with offensive capabilities over defense, compliance, and code quality. As one guest puts it, 'We’re not fixing shit,' and the wake-up call from Glasswing may just be ignored, leading to more attacks, not better security. The conversation exposes a deeper crisis: the cybersecurity industry’s failure to prioritize code quality, bug remediation, and responsible AI deployment. Despite the hype, many organizations still run outdated systems vulnerable to exploits from 1995. The panel questions whether AI tools like Mythos will drive meaningful change or merely fuel a cycle of discovery without action.
AI systems like Anthropic's Claude Mythos can autonomously find and chain zero-day vulnerabilities, but their defensive value is undermined without code fixes.
The cybersecurity industry is stuck in a cycle of vulnerability discovery without remediation, making AI-driven bug hunting a net security loss.
Open-source maintainers are overwhelmed by alerts for libraries they don’t use, highlighting a systemic failure in dependency management and funding.
Bug bounty programs should pay for actual fixes, not just flaw discovery—otherwise, they reward noise over impact.
Nation states and bad actors will likely access or replicate AI-powered hacking tools long before ethical organizations can, making secrecy a false sense of safety.
…and 3 more takeaways available in PodZeus
Welcome to Shared Security: The Human-Centered Cybersecurity Podcast
Tom introduces the Shared Security Podcast, emphasizing its mission to deliver honest, jargon-free cybersecurity analysis from industry veterans who’ve survived the trenches of real-world threats.
Project Glasswing: The AI That Can Hack and Defend
“The goal? Well, it's to use AI to defend against AI-driven cyber attacks. But here's the rub. The same capabilities that make this technology valuable for defenders could also make it incredibly dangerous in the wrong hands.”
The First In-Person Meeting of Longtime Co-Hosts
“I said it before we start recording. You sent pictures of this meeting, but I believe those pictures were generated by Project Mythos.”
The Mythos $20,000 Bug: A Case Study in AI-Driven Hype
“They spent $20,000 to find a bug and then dumped it on a project and said, oh my God, this is critical now. And then did a whole bunch of press releases to show how cool their new toy is.”
The Real Problem: No One Fixes the Bugs
“All we're doing is making ourselves less secure because you will not convince me that the details of these bugs won't get out.”
“We're not fixing shit. I had a conversation with another guy this morning, and it was everything I could not to look at him and go, you just made me dumber.”
“spent $20 ,000 to find a bug and then dumped it on a project and said, oh my God, this is critical now. And then did a whole bunch of press releases to show how cool their new toy is.”
“All we're doing is making ourselves less secure because you will not convince me that the details of these bugs won't get out.”
Host
Guests
Tom
person
Kevin Tackett
person
Scott Wright
person
Anthropic
organization
Claude Mythos
other
Project Glasswing
other
HIPAA
other
OpenBSD
product
Gaddy Avron
person
HackerOne
organization
Meta & YouTube Found Negligent: A Turning Point for Big Tech?
Shared Security Podcast • 13m • 4/6/2026
The Dark Web Explained with John Hammond
Shared Security Podcast • 22m • 4/13/2026
New York’s 3D Printing Crackdown: Security or Surveillance?
Shared Security Podcast • 15m • 4/27/2026
Fake Party Invites and the Rise of Social Phishing Attacks
Shared Security Podcast • 15m • 5/4/2026
Passwords Are Still Failing Us (World Password Day 2026)
Shared Security Podcast • 21m • 5/11/2026
Get the full intelligence
Search transcripts, export clips, track mentions, and explore all topics from “Project Glasswing: When AI Becomes the Ultimate Hacker—and Defender” inside PodZeus.
Start discovering podcast insights today
Start with a 7-day trial and explore a growing catalog of popular podcasts. No credit card required.
No credit card required • 7-day trial • Cancel anytime