Defensive AI concentration risk

Anthropic has put a powerful cyberdefense model inside a private club of major tech and infrastructure companies, raising questions about who gets the internet’s best shields. (anthropic.com) Anthropic announced Project Glasswing on April 7, saying Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks are launch partners. The company said it has also extended access to more than 40 additional organizations and committed up to $100 million in usage credits plus $4 million in donations to open-source security groups. (anthropic.com) The tool at the center of the program is Claude Mythos Preview, which Anthropic says is strong at finding software weaknesses. CNBC reported Anthropic is limiting rollout because the same capability could help attackers as well as defenders. (cnbc.com) A software vulnerability is a hidden mistake in code, like a weak lock in a building. Mozilla said an early Mythos test found 271 vulnerabilities in Firefox 148, and all were fixed in this week’s Firefox 150 release. (infoworld.com) Mozilla had previously used Anthropic’s Claude Opus 4.6 on the same browser and found 22 security-sensitive bugs in a two-week test. InfoWorld reported Mythos found more than ten times as many, including bugs that standard automated testing methods had missed. (cyberinsider.com) That speed changes who holds defensive power. Anthropic says its partners are using Mythos Preview for defensive work on critical codebases, while the company shares what it learns with the broader industry after the fact. (anthropic.com) The antitrust concern is not that companies are patching bugs together; it is that a small set of rivals could end up sharing sensitive security information and getting earlier protection than everyone else. In a ProMarket essay published April 22, legal scholar Madhavi Singh argued that Glasswing’s information-sharing and exclusion of outsiders could draw scrutiny under Section 1 of the Sherman Act. (promarket.org) Government officials are already in the loop. Nextgov/FCW reported Anthropic briefed senior U.S. officials on Mythos Preview’s offensive and defensive uses, including discussions with the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology’s Center for AI Standards and Innovation. (nextgov.com) Anthropic has framed the project as a way to harden critical software before attackers get similar tools. The policy question is whether the fastest way to secure core infrastructure also leaves too much defensive capacity concentrated inside a few private companies. (anthropic.com; promarket.org)