Glasswing and Offensive AI: When Vulnerability Discovery Is No Longer Human

Clarity, no judgment. Information, no hidden agenda. Recent discussions in security and research communities point to the rise of AI systems capable of discovering and exploiting vulnerabilities at scale. One of the names circulating in those conversations is "Glasswing", associated with research and experiments involving companies like Anthropic. There is no detailed public confirmation about the project. What exists are sparse references in specialized forums, researchers citing capabilities observed in laboratory settings, and the absence of a formal denial from the companies mentioned. That is not evidence of anything, but it is also not random noise. ## What Current Models Can Already Do Independent of Glasswing, the current state of the art is already revealing. Large language models like GPT-4 and specialized variants have demonstrated, under controlled conditions, the ability to identify vulnerabilities in open-source code with success rates that, in some benchmarks published in 2025, exceeded 87%. This includes recognizing exploitable patterns, suggesting attack vectors, and in some cases generating functional proof-of-concept code. What security researchers are debating is not whether this is possible. It is what happens when this capability no longer requires human interaction at each step and begins to operate more autonomously, in fast cycles, against multiple targets simultaneously. This is not incremental improvement. This is AI applied directly to offense, with the same principles that make systems like Silk Typhoon effective: automation of the full cycle from reconnaissance to exploitation, with human supervision only at critical decision points. ## The Structural Problem This Creates Who has access to this capability? Who does not? If this capability remains concentrated among large corporations and governments with resources to develop or purchase it, an asymmetry emerges that goes beyond conventional security debate. Defense has historically depended on distributed knowledge: open research communities, public CVEs, open-source tools, threat intelligence sharing. Offense, by contrast, has never needed permission to distribute itself. If AI-based offensive systems remain accessible only to actors with sufficient economic and political power, a significant portion of the market becomes exposed without a corresponding defensive counterweight. Small and medium businesses, developing country governments, critical infrastructure of emerging economies: all become automatable targets for those who have the tool, without symmetric response capability. This is not only cybersecurity. It involves power, economics, and digital sovereignty. ## What to Do With This Uncertainty The honest answer is that we don't yet know exactly what Glasswing is or what systems like it will be capable of in 12 or 24 months. What can already be stated is that the trajectory is clear, and organizations waiting for public confirmation before preparing will always be behind. Invest now in anomalous behavior detection rather than just known signatures. Build teams that understand how language models can be used offensively, not just defensively. Engage actively in AI governance discussions, which are happening now in forums like the IAPP, the Global Privacy Assembly, and within research labs themselves. It's not about if. It's about who will be prepared.