IT services Trois-Rivières
Throughout Quebec
info@oktosolutions.ca
Make an appointment
Call us

Imagine a security guard capable of analyzing millions of lines of code in a matter of weeks and uncovering every poorly locked door, every crack in a digital wall. That's exactly what Anthropic has achieved with Project Glasswing: a groundbreaking initiative where its AI model, Claude Mythos Preview, has scrutinized over 1,000 open-source software programs used daily by businesses worldwide, including several that your SME is very likely using right now.

In less than a month, the project detected over 10,000 high-severity or critical vulnerabilities in globally critical software. Behind this impressive figure lies a concrete reality for SMEs in Trois-Rivières, the Mauricie region, and the rest of Quebec: the digital tools that power your operations are exposed to often invisible risks, and AI is now changing how these risks are detected and remediated.

Quick answer: Anthropic and about fifty partners (Microsoft, Google, Apple, Cisco, AWS, among others) used Claude Mythos to find more than 10,000 critical security vulnerabilities in widely used open-source software. Hundreds of these vulnerabilities are being patched, directly reducing the risks for businesses and organizations that use this software, including many Quebec SMEs.

1. What is Project Glasswing?

Project Glasswing is an initiative launched by Anthropic with a clear objective: to secure the world's most critical software before malicious actors can use AI to attack it. The name refers to the Greta oto butterfly, whose transparent wings illustrate the visibility that AI can bring to environments previously opaque to human security teams.

The program brings together some fifty leading partners, including Amazon Web Services (AWS), Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Together, these organizations gave Claude Mythos Preview access to over 1,000 open-source projects to analyze for security vulnerabilities. What would have taken teams of human specialists years was accomplished in a matter of weeks.

The choice of name is not insignificant: the Glasswing butterfly (Greta oto) has almost transparent wings, making it difficult for predators to spot. Anthropic draws inspiration from this to describe AI's ability to make visible what was previously hidden in millions of lines of code.

OKTO AI automation solutions for IT security

2. What AI has actually discovered

The data published by Anthropic in the project's initial update is striking. Claude Mythos Preview analyzed over 1,000 open-source projects and identified 6,202 candidates for high-severity or critical vulnerabilities during the first month. After validation by human experts, 1,726 proved to be genuine exploitable flaws, with 1,094 confirmed as high-severity or critical.

Including subsequent updates, the project has surpassed 10,000 detected high-severity or critical vulnerabilities. To put this in context: a single unpatched critical vulnerability can be enough for an attacker to take control of a server, steal confidential data, or launch a ransomware attack against an entire organization.

Here is the status of the patching of these vulnerabilities, according to Anthropic's official figures:

  • More than 530 high-severity or critical vulnerabilities have been disclosed to the owners of the affected software
  • 75 have been corrected and made public
  • 65 public safety notices were issued

Anthropic's assessment is clear-sighted: the bottleneck is no longer detection, but the human capacity to process, verify, and correct these vulnerabilities. AI has created a new problem by solving the old one, forcing security teams to completely rethink how they work.

3. Why open source software is relevant to your SME

If the term "open source" seems far removed from your reality as an SME, think again. A considerable proportion of the digital tools used daily rely on open-source components, even if you're unaware of it:

  • Your website (WordPress relies heavily on open-source components, as do the underlying Apache or Nginx servers)
  • The databases that store your customer and financial information (MySQL, PostgreSQL)
  • Email and file processing libraries integrated into commercial software
  • The collaboration and management tools that your teams use on a daily basis
  • Components used by popular platforms such as Microsoft 365 or Salesforce

One example remains fresh in the minds of IT teams: the Log4Shell vulnerability of December 2021, a vulnerability in an open-source Java library used by millions of systems worldwide. Thousands of organizations, including Quebec SMEs, found themselves exposed overnight, without having done anything wrong. The Glasswing Project aims precisely to prevent this type of scenario by finding these vulnerabilities before attackers do.

Cyber ​​threat monitoring - OKTO Solutions Trois-Rivières

4. AI is changing the balance of power in cybersecurity

For years, cybercriminals had a structural advantage: they only needed to find a single vulnerability to gain entry, while defense teams had to monitor the entire perimeter. AI is rebalancing this dynamic, at least in part.

Claude Mythos Preview didn't just find vulnerabilities; it automated part of the verification work that was previously entirely manual, freeing up human experts to focus on remediation rather than detection. This is the paradigm shift the industry has been waiting for from generative AI applied to cybersecurity.

For Quebec SMEs, the benefits are tangible:

  • The updates you apply become more reliable: the vulnerabilities identified by Glasswing end up in the patches you install.
  • The overall attack surface is shrinking: fewer known and unpatched vulnerabilities exist in common software.
  • The window of risk is narrowing: what used to take years to detect can now be treated in weeks
  • Industry collaboration is intensifying: when Microsoft, Google, and Apple work together on the security of common software, everyone benefits.

That said, this improvement does not replace vigilance at the level of each company. Incorrect configurations, weak passwords, uncontrolled access, and a lack of employee training remain major attack vectors for SMEs, regardless of the state of the underlying software.

Building a strategic IT security plan for Quebec SMEs

5. What your SME should do right now

The good news is that SMEs don't need to understand the technical details of Project Glasswing to benefit from it. However, a few concrete practices will maximize your protection:

  • Keep your software up to date: patches from projects like Glasswing arrive through regular updates. Applying them quickly is your first line of defense.
  • Take stock of your tools: do you know exactly which software is running on your servers and workstations? An IT partner can help you map your environment and identify outdated components.
  • Don't underestimate your open source components: if your website or applications rely on WordPress or other open source components, make sure they are regularly updated, including extensions.
  • Adopt a proactive approach: waiting for a cyberattack to occur is always more costly than preventing it. Regular security audits help identify blind spots before they can be exploited.

For SMEs in Trois-Rivières and the Mauricie region that don't have an in-house IT department, a trusted partner can manage these updates and ongoing monitoring. This is called proactive systems management, and it's precisely what OKTO Solutions' IT services, tailored to the realities and budgets of regional SMEs.

Frequently Asked Questions

What is a critical severity vulnerability in software?

A critical vulnerability is a flaw that allows an attacker to execute code remotely, bypass authentication, or compromise a system without user interaction. These flaws are the most dangerous because they can be exploited automatically by bots before an administrator is even aware of their existence. This is why patching times are just as important as detection.

Microsoft is one of the partners: does that protect Microsoft 365 users?

Indirectly, yes. Microsoft contributes to Project Glasswing and regularly releases security updates for its products, some of which patch vulnerabilities in open-source components integrated into its software. Applying Windows and Microsoft 365 updates as soon as they are released remains the best way to directly benefit from this work.

Can AI also be used by cybercriminals to find vulnerabilities?

Yes, it's a reality that experts openly acknowledge. AI tools are accessible to malicious actors to automate vulnerability scanning. This is precisely one of the motivations behind Glasswing: to fix known vulnerabilities before they are exploited on a large scale by AI-powered attackers. SMEs would benefit from partnering with IT companies that closely monitor these developments and adapt their security posture accordingly.

A step towards a more secure digital infrastructure for all businesses

Project Glasswing marks a turning point in global cybersecurity: for the first time, AI is being deployed on a large scale to proactively secure the software that underpins our digital economy. SMEs in Trois-Rivières, the Mauricie region, and Quebec don't have to navigate this constantly evolving environment alone. If you want a concrete assessment of your security posture or simply want to know how to keep your systems up to date effectively, the OKTO Solutions team is available through our services or directly via our contact form to guide you with an approach tailored to your specific needs.

Sources: Anthropic, Expanding Project Glasswing · Anthropic, Glasswing Initial Update · CSO Online, Project Glasswing · OKTO Solutions

cookie By using this site, you agree to the use of cookies. Learn more Close