What Project Glasswing Means for CISOs: Why AWS, Google, Microsoft, and Palo Alto Are Now on the Same Team

AWS, Google, and Microsoft compete for hundreds of billions of dollars in cloud revenue every year. CrowdStrike and Palo Alto Networks go head-to-head in nearly every enterprise deal. Yet in April 2026, all of them sat at the same table, using the same AI model from a third-party vendor to scan each other's infrastructure for vulnerabilities. That decision reflects a shared calculation that the attack surface is now too large for any single organization to defend alone.

If you're responsible for your organization's security posture, you need to understand what it means, what it doesn't mean, and what you should do about it in the next 90 days.

The AI Arms Race Has a New Leader, and It Isn't a Nation-State

82% of hackers now use AI in their workflow, up from 64% in 2023. The average time between an attacker gaining initial access and moving laterally across a network dropped to 29 minutes in 2025, down 65% from the prior year. The fastest recorded instance was 27 seconds.

AI-enabled cybercrime cost the global economy $193 billion last year, and the average cost of an AI-powered data breach in 2025 hit $5.72 million, up 13% from the prior year. The FBI recorded $16.6 billion in cybercrime losses in 2024 alone, the highest ever reported.

99% of SOCs now use AI. GenAI is embedded in 77% of security stacks. Organizations with extensive AI and automation saved $1.88 million per breach on average and identified threats 98 days faster than those without it.

But the core dynamic hasn't changed: attackers adopted AI faster than defenders built the governance and tooling to manage it. The Glasswing announcement suggests we may have hit a new inflection point.

What Claude Mythos Actually Did (And Why Boards Are Being Briefed)

On April 7, 2026, Anthropic announced Claude Mythos Preview alongside Project Glasswing. Mythos isn't a purpose-built hacking tool. According to Anthropic CEO Dario Amodei, it's a "happy accident" of scaling code reasoning: "We haven't trained it specifically to be good at cyber. We trained it to be good at code, but as a side effect of being good at code, it's also good at cyber."

The benchmarks are hard to dismiss. Against Claude Opus 4.6, Anthropic's previous best model, Mythos scored:

• 83.1% on CyberGym vulnerability reproduction (vs. 66.6%)

• 77.8% on SWE-bench Pro, which tests realistic bugs in real codebases (vs. 53.4%, a 24.4-point gap)

• 73% success on expert-level CTF tasks that no prior model could complete at all

The UK's AI Security Institute ran an independent evaluation using a simulated 32-step corporate network attack, from initial reconnaissance to full network takeover, estimated to take a skilled human team 20 hours. Mythos completed it end-to-end in 3 of 10 attempts and averaged 22 of 32 steps across all runs.

Then Anthropic and Glasswing partners ran Mythos against real production codebases. It found thousands of zero-day vulnerabilities, including:

• A 27-year-old remote crash vulnerability in OpenBSD, one of the most security-hardened operating systems in the world, used to run firewalls and critical infrastructure

• A 16-year-old bug in FFmpeg found in a line of code that automated testing tools had executed five million times without flagging

• A chained Linux kernel privilege escalation that Mythos constructed autonomously, without human guidance, giving an ordinary user full machine control

For context, Anthropic reports that human researchers uncover roughly 100 such vulnerabilities per year. Mythos found thousands. These are exploits that elite nation-state hacking groups typically spend months developing.

The US Treasury Secretary and Federal Reserve Chair separately briefed major bank CEOs. The Bank of England governor said the bank is "having to look very carefully now" at what this means for cybercrime risk. The EU opened direct discussions with Anthropic.

What is Claude Mythos? Claude Mythos Preview is a general-purpose frontier AI model from Anthropic that demonstrated autonomous ability to discover thousands of zero-day vulnerabilities in production software, including bugs that had survived decades of expert human review. It was announced on April 7, 2026, alongside Project Glasswing, a defensive industry coalition.

AI Can Find Bugs Faster Than Engineers Can Fix Them

Maintainers know how to patch software. The bottleneck is capacity: less than 1% of the thousands of vulnerabilities Mythos discovered had been fully patched at the time of announcement, because Mythos found bugs faster than engineering teams can work through them.

Darktrace put it plainly: LLMs are very good at finding vulnerabilities but "pretty bad at reliably patching them." Project Glasswing partners themselves estimate that full remediation of discovered vulnerabilities could take "months or years."

This creates a structural window that benefits attackers. Every unpatched vulnerability is now a known, targetable attack surface on both the defensive and offensive side.

Former Facebook CISO Alex Stamos put a timeline on it: "We only have something like six months before open-weight models catch up to foundation models in bug finding." At that point, the capability isn't locked inside a controlled coalition. It's available to anyone.

The Help Desk Is Still Where Most Breaches Actually Start

The Glasswing announcement is focused on software. But the documented breach record tells a different story about where most attacks actually start.

The incidents that have cost organizations the most money in the past three years came through phone calls.

• MGM Resorts lost approximately $100 million after a 10-minute vishing call to its IT help desk. Scattered Spider impersonated an employee, whose details were gathered from LinkedIn, obtained a credential reset, and brought down slot machines, digital room keys, ATMs, and payment systems for 10 days. The entire cost came from a single phone call.

• Arup lost $25.6 million after a finance employee in Hong Kong joined a video call populated entirely by AI-generated likenesses of the UK-based CFO and colleagues. The employee executed 15 wire transfers. No systems were separately compromised.

• Clorox lost over $380 million in revenue plus $49 million in remediation costs after Scattered Spider called the outsourced service desk managing Clorox's IT and obtained password and MFA resets without identity verification.

These attacks followed a consistent anatomy:

1. Reconnaissance using LinkedIn, leaked voice samples from earnings calls, and YouTube videos

2. An initial lure, typically a phishing email referencing payroll, benefits, or a "confidential transaction"

3. A live AI-augmented escalation through a deepfake video call or cloned-voice phone call

4. An MFA bypass through OTP extraction or help-desk-initiated resets

5. Rapid monetization via wire transfers, ransomware, or crypto account takeover

The weakest link across nearly every documented incident is the help desk. Mythos raises the ceiling for automated vulnerability discovery. The help desk and the employee remain the floor through which most real-world breaches enter.

What Project Glasswing Is and How It Actually Works

Project Glasswing is a defensive cybersecurity coalition launched April 6 to 7, 2026, alongside the Claude Mythos Preview announcement. It's named after the glasswing butterfly (Greta oto), whose transparent wings are meant to symbolize both hidden vulnerabilities and the transparency Anthropic claims for the initiative.

It operates across three tiers:

The financial commitment is substantial: up to $100 million in Mythos Preview usage credits, plus $4 million in direct donations to open-source security foundations including Alpha-Omega, OpenSSF, and the Apache Software Foundation.

The 90-day commitment includes a public report by around July 2026 on what Glasswing has fixed and learned, followed by practical recommendations on disclosure processes, patching automation, secure-by-design practices, and standards for regulated industries.

Why Would Competing Companies Cooperate on This?

The logic is straightforward: the cyberattack surface is shared. A zero-day in the Linux kernel hurts every cloud provider equally. A flaw in a widely used open-source library hurts every company that depends on it. No single organization, regardless of its security budget, can patch the world's critical software alone.

Logan Graham, Anthropic's frontier red team lead, said it plainly: "We need to prepare now for a world where these capabilities are broadly available in 6, 12, 24 months."

It's also worth being clear-eyed about what Glasswing is beyond a security initiative: it's a governance bid. Anthropic is positioning itself to define the norms around how frontier AI cyber capabilities are disclosed and deployed. The coalition gives Anthropic legitimacy while giving partners access to a capability they'd otherwise be playing catch-up against.

CrowdStrike CTO Elia Zaitsev captured the shared logic well: "The window between a vulnerability being discovered and being exploited by an adversary has collapsed. What once took months now happens in minutes with AI. That is not a reason to slow down; it's a reason to move together, faster."

What the Critics Get Right

Not everyone accepts Anthropic's framing, and they raise points worth taking seriously before drawing operational conclusions.

Jaya Baloo, CISO of Aisle, confirmed she could reproduce the flagship Mythos bugs using free open-source models: "It's not about the model. Although Anthropic makes it about the model, it's really about the system and the scaffold and everything you built around it."

OWASP founder Jeff Williams noted: "It's highly questionable that Anthropic will be able to limit the malicious uses of this model."

The AISI evaluation itself acknowledged that its test ranges lacked active defenders and defensive tooling. Performance on well-defended systems with real-time monitoring is unknown. And the $20,000 compute cost per bug limits direct access for most organizations right now.

The most defensible position: Mythos represents a real capability advance, the coordinated coalition model is more significant than the model itself, and the timeline before comparable capabilities are broadly available is short regardless of whether you believe Anthropic's framing.

The Attacks That Already Happened (Before Mythos)

Biggest incidents in recent years happened with widely available technology, before Claude Mythos existed, and they succeeded without any zero-days or frontier models, using tools that were freely available.

Voice cloning now requires only 20 to 30 seconds of audio. A convincing video deepfake can be created in 45 minutes using freely available software. Human detection of high-quality deepfake video sits at just 24.5% accuracy, barely above random chance.

If AI-assisted attackers can already cause this scale of damage with commodity tools, Mythos-class capabilities in adversarial hands raise the floor for every attacker, not just nation-states.

Top Security Awareness Training Platforms for the Post-Glasswing Era

No industry coalition changes how an employee responds to a phone call. Vishing and spear phishing are the entry points that have actually produced losses at scale, and the platforms you choose to train your workforce matter more now than at any prior point. The differences come down to one capability most legacy tools don't have at all.

Brightside AI

Brightside AI is an award-winning Swiss cybersecurity awareness training platform built specifically for the AI-threat era. Its core differentiator is a fully integrated vishing simulator that conducts real-time, GenAI-powered phone calls against employees using configurable social engineering tactics: pretexting, authority impersonation, fear and threat escalation, and commitment techniques. Admins can clone executive voices using a 1 to 2 minute recording to create the highest-fidelity CEO fraud scenarios available on any commercial platform.

Beyond vishing, Brightside covers OSINT-powered spear phishing personalized to each employee's role and work tools, hybrid attack campaigns that pair a phishing email with a follow-up vishing call (directly mirroring the TOAD pattern), deepfake simulations, and chat-based awareness training delivered by an AI learning companion called Brighty. The platform integrates with Google Workspace, Microsoft Active Directory, Okta, and Vanta for automated employee provisioning and management.

Key features:

• Real-time GenAI vishing simulator with configurable personas, tactics, and urgency levels

• Custom executive voice cloning from a 1 to 2 minute recording

• Hybrid email and voice attack campaigns that mirror the TOAD pattern

• AI-powered OSINT spear phishing personalized by role, department, tools, location, and tenure

• Deepfake simulations for video and audio manipulation awareness

• Chat-based interactive training with gamification, badges, and structured curricula

• NIST Phish Scale alignment across all phishing simulations

• Automated follow-up training triggered on simulation failure

• EU and Swiss data compliance; built on Swiss quality and security standards

Cons:

• Does not provide real-time breach detection or live monitoring of employee communications

• No SMS phishing (smishing) simulation capability

KnowBe4

KnowBe4 is the world's largest security awareness training and human risk management platform, trusted by over 70,000 organizations globally and acquired by Vista Equity Partners in 2023 for $4.6 billion. Its HRM+ platform is a broad suite covering awareness training, cloud email security, real-time coaching, and crowdsourced anti-phishing, backed by 15 years of security culture data and one of the largest training content libraries in the industry with 1,000+ modules.

The platform's AIDA (AI Defense Agents) suite includes an Orchestration Agent that tailors training to phishing test results, a Template Generation Agent that produces simulated phishing emails based on current attack vectors, a Knowledge Refresher Agent, a Policy Quiz Agent, and a Callback Template Generation Agent for vishing-adjacent simulations. Its PhishER Plus module provides AI-powered phishing triage and a crowd-sourced global blocklist connected to Microsoft 365 mail servers.

Key features:

• 1,000+ training modules covering phishing, deepfake defense, compliance, AI threats, and more

• AIDA suite with 8+ AI agents automating training, templates, coaching, and risk management

• PhishER Plus for AI-powered phishing triage and incident response

• Real-time SecurityCoach that detects and responds to risky end-user behavior

• Cloud email security with no manual tuning required

• Broad integrations: Microsoft 365, Google Workspace, Okta, Drata, Vanta, CrowdStrike, Cortex XSOAR

• Gartner Magic Quadrant Leader for Email Security

Cons:

• No native real-time AI vishing simulation capability

• Platform breadth makes it complex to configure and maintain; smaller security teams without dedicated admin resources often struggle to use it effectively

Adaptive Security

Adaptive Security is a next-generation platform built from the ground up for AI-era threats, founded in 2023 and backed by a $43M Series A co-led by OpenAI and Andreessen Horowitz, and an $81M Series B led by Bain Capital Ventures. It uses conversational red teaming agents to simulate highly realistic phishing attempts across email, voice, SMS, and video, with simulations personalized using OSINT drawn from job listings, executive interviews, press releases, and social media.

Its training content includes interactive, cinematic modules with embedded deepfakes and AI scenarios, and the platform provides dynamic risk scoring and personalized remediation that adjusts automatically based on individual user behavior. Its executive deepfake capability allows organizations to demonstrate CFO and CEO impersonation scenarios with real-world fidelity.

Key features:

• Multi-channel simulations across email, voice, SMS, and video deepfakes in a single platform

• OSINT-powered personalization using real publicly available company and employee data

• Executive deepfake scenarios using real voice and likeness

• AI Content Creator for building or tailoring training modules in minutes

• Dynamic risk scoring and automated personalized remediation per employee

• 100+ integrations with instant provisioning via Microsoft or Google SSO

• Board-ready executive dashboards

Cons:

• Founded in 2023, so it lacks the long-term track record and security culture benchmarking data of older platforms

• No EU or Swiss data residency compliance, which limits its viability for European regulated organizations

Hoxhunt

Hoxhunt is the #1 rated human risk management platform on G2, founded in Helsinki in 2016 and serving 3 million users across 40+ languages, with $43 million in total funding. Its differentiation is a fully automated, gamified approach: enroll employees and AI personalizes and manages the entire training lifecycle based on individual role, department, location, and skill level.

The platform sends 7 million simulations per month across email, Slack, Teams, and SMS, with coverage spanning phishing, quishing (QR code attacks), smishing, MFA fatigue, deepfake phishing, vishing (callback and voice cloning), and Microsoft Teams phishing. It also includes automated security operations capabilities: AI-powered detection and analysis of reported emails, automatic resolution of false positives, and SOC noise reduction.

Key features:

• Fully automated AI-driven training lifecycle with optional manual control

• Adaptive simulations across email, Slack, Teams, SMS, QR code, MFA fatigue, and MS Teams phishing

• Gamification with points, badges, streaks, leaderboards, and "spicy mode" for advanced users

• 90%+ reported engagement rates and 20x lower failure rates versus traditional tools

• AI-powered SOC noise reduction via automated email triage

• Compliance training for HIPAA, GDPR, and industry-specific requirements

• Industry benchmarking against peer organizations

Cons:

• Vishing simulation is limited to callback-style and voice cloning scenarios rather than real-time AI-powered GenAI calls

• The fully automated approach reduces admin control, which can be a limitation for organizations that want to run tightly curated, scenario-specific campaigns

SoSafe

SoSafe is Europe's largest security awareness training and human risk management provider, serving 6,000+ organizations and 5.4 million users across 32 languages, with $73 million raised in its Series B led by Highland Europe. Founded by a psychologist-led team in Cologne in 2018, the platform applies behavioral science to awareness training: gamification, microlearning, spaced repetition, nudging, and interactive storytelling designed to produce measurable behavior change rather than checkbox compliance.

Its Human Risk OS is a unified platform that combines behavioral sensors, a Human Security Index that generates a single risk metric per employee using seniority, tenure, access level, and criticality, and a Centralized Intervention Hub that coordinates automated training across the organization. Its AI copilot Sofie delivers real-time security alerts and phishing guidance through Microsoft Teams, Slack, and email.

Key features:

• Behavioral science-based training with gamification, spaced repetition, and interactive storytelling

• Human Risk OS: behavioral sensors, single risk metric per employee, and automated intervention hub

• Sofie AI copilot for real-time security alerts and guidance via Teams, Slack, and email

• AI-powered phishing simulations personalized by role and behavior

• Template Studio: upload screenshots of real phishing emails and AI reconstructs safe simulation templates

• EU GDPR, HIPAA, TISAX, DORA, and NIS2 compliance support

• Rapid deployment: go-live in as few as 2 days with a managed-service option

Cons:

• No native real-time AI vishing simulation capability

• Smishing simulation is listed as beta, making it unreliable for organizations that need mature SMS-based attack training

Platform Comparison

Why AI-Powered Vishing Simulation Is Now the Critical Differentiator

Most legacy platforms still don't simulate voice attacks at all. That's a significant gap given what the data shows.

Vishing surged 442% year-over-year in 2024. Deepfake-enabled vishing jumped 1,600% in Q1 2025 alone. 77% of AI voice scam victims lost money. The "Telephone Oriented Attack Delivery" pattern, which combines a phishing email with a follow-up voice call, now appears in approximately 6% of real phishing campaigns and is growing as a preferred multi-channel social engineering method.

Brightside AI simulates realistic, real-time AI-powered phone calls using configurable attacker personas and social engineering tactics including pretexting, authority impersonation, fear/threat escalation, and commitment techniques. Admins can clone executive voices using a 1 to 2 minute recording to create the highest-fidelity CEO fraud scenarios. The hybrid attack mode, which pairs a phishing email with a follow-up vishing call, directly mirrors the TOAD pattern that real attackers use.

Security training ROI on vishing defense is documented at 37x. Training can reduce click rates by up to 80%. These metrics are the difference between a 10-minute phone call costing you $100 million or not.

Your 90-Day Response Plan

Glasswing's own public report is due around July 2026. Use the same 90 days to address the three layers of exposure the Mythos announcement has made urgent.

Start with your open-source exposure (Weeks 1 to 4)

• Audit your most exposed open-source dependencies, especially Linux kernel components, FFmpeg, OpenBSD derivatives, and browser-adjacent code

• Stop prioritizing individual CVEs in isolation. Mythos demonstrated that it chains low and medium severity findings into critical exploit paths, so your remediation logic needs to reflect that

• Ask your software vendors directly what their Glasswing-affiliated patch timelines look like

Fix the help desk before your attacker does (Weeks 2 to 8)

• Audit your IT help desk identity verification protocols. MGM, Clorox, and multiple 2025 Scattered Spider retail-sector breaches all started with a single vishing call to an outsourced or internal help desk

• Deploy vishing simulations before your attackers run them live. Your employees need to experience AI-generated voice manipulation in a controlled environment before the real thing arrives

• Cover deepfake identification in employee training and shift the goal from "detect the fake" to interrupting the decision cycle. The "Calm, Check, Confirm" framework is the research-backed protocol: recognize manufactured urgency, pause deliberately, verify through a separate pre-established channel, and apply multi-party authorization for high-value actions regardless of how confident you feel

Get your AI agents under control (Weeks 4 to 12)

• Inventory every AI agent deployment in your environment. 70% of security leaders already acknowledge that AI systems in their stack have more access than a human in the same role

• Apply least-privilege controls. Organizations with over-privileged AI systems report a 76% incident rate compared to 17% for those with least-privilege controls

• Review your AI supply chain. MCP (Model Context Protocol) vulnerabilities grew 270% from Q2 to Q3 2025, and prompt injection was found in 73% of production AI deployments assessed by Obsidian Security

The Board Conversation You Need to Have This Quarter

Most boards don't need to understand what a 32-step corporate network attack simulation is. They need to understand the financial exposure and what you're doing about it.

The number that anchors the conversation: the average AI-powered breach in 2025 cost $5.72 million, up 13% year-over-year, and deepfake-enabled fraud is projected to hit $40 billion globally by 2027. Organizations with extensive AI and automation saved $1.88 million per breach and identified threats 98 days faster than peers without it.

The patch gap is a liability window with a documented timeline. The human layer investment isn't a training line item either; the documented ROI on vishing defense is 37x. And Glasswing itself is a signal from 12 of the world's most sophisticated security organizations that cooperative defense has become the baseline expectation.