Anthropic’s Project Glasswing, launched April 7, 2026, deployed a frontier AI model that found thousands of high-severity zero-day vulnerabilities across every major operating system and web browser — the same infrastructure that runs your martech stack, your customer data platform, your tag managers, and your analytics pipelines. If your marketing team operates even a modest digital presence, the software underneath it just got scrutinized by the most capable security AI ever fielded — and the findings are not reassuring.
What Happened
On April 7, 2026, Anthropic announced Project Glasswing in partnership with twelve founding organizations spanning cloud infrastructure, semiconductors, enterprise security, financial services, and operating systems. The twelve partners are Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks — alongside Anthropic itself. The stated mission is to “secure the world’s most critical software,” and the scope is deliberately broad: operating systems, web browsers, and the open-source libraries that underpin virtually all commercial software.
The technical core of Glasswing is Claude Mythos Preview, an unreleased frontier AI model that Anthropic describes as surpassing “all but the most skilled humans” at identifying software vulnerabilities. The CyberGym benchmark — a rigorous vulnerability-reproduction test — shows Mythos Preview scoring 83.1% compared to 66.6% for Claude Opus 4.6, a gap of 16.5 percentage points over the prior frontier model. That is not an incremental gain. That is a capability jump that places AI-assisted security analysis in territory that was, until recently, the exclusive domain of elite offensive security researchers.
What Mythos found in practice validates the benchmark scores. The model discovered a 27-year-old vulnerability in OpenBSD that had been present in critical infrastructure for nearly three decades without detection. It found a 16-year-old flaw in FFmpeg — the open-source multimedia framework that processes video and audio across millions of applications — one that had survived five million automated test runs without being flagged. It found multiple vulnerabilities in the Linux kernel that could be chained together to achieve privilege escalation. These were not theoretical edge cases. These were real, exploitable flaws in software that powers a significant portion of the commercial internet.
Financially, Anthropic backed the initiative with $100 million in model usage credits for Glasswing participants, $2.5 million to Alpha-Omega and OpenSSF through the Linux Foundation, and $1.5 million to the Apache Software Foundation. Claude Mythos Preview is now available through the Claude API, Amazon Bedrock, Google Cloud Vertex AI, and Microsoft Foundry at $25 per million input tokens and $125 per million output tokens.
This launch did not arrive without context. According to Anthropic’s news timeline, the escalation began on February 20, 2026, when Anthropic announced Claude Code Security — a tool that scans codebases and suggests targeted software patches for human review. On March 6, 2026, Anthropic announced a specific partnership with Mozilla to improve Firefox’s security. Glasswing on April 7 represents the third and largest move in a deliberate, 47-day campaign to position Anthropic as the central infrastructure layer for AI-driven cybersecurity across the entire software ecosystem.
Why This Matters
Marketing teams do not typically think of themselves as cybersecurity stakeholders. That separation is one of the most expensive organizational myths in enterprise technology. Here are the three dimensions of why Glasswing changes the calculation for marketers specifically.
Martech Infrastructure Is Built on the Exact Software Being Targeted
Every piece of marketing technology your team relies on — your customer data platform, your email service provider’s web interface, your analytics dashboard, your ad platform integrations, your CMS — runs on one or more of the operating systems, browsers, and open-source libraries that Glasswing’s Mythos model just systematically dissected. When Mythos found a 27-year-old OpenBSD flaw used in critical infrastructure, that is not an abstract finding. OpenBSD powers network appliances, firewalls, and servers that sit in front of enterprise web applications, including the marketing portals where customer data enters and exits your stack.
FFmpeg is embedded in content management systems, video hosting platforms, and media processing pipelines that marketing teams use to deliver creative assets at scale. The 16-year-old FFmpeg flaw that survived five million automated test runs is the precise category of vulnerability that sophisticated threat actors exploit quietly over months, exfiltrating data without triggering security alerts. When a martech vendor’s underlying video processing library carries a 16-year-old unpatched flaw, the marketing team’s customer data is exposed — regardless of how strong that vendor’s own application-layer security claims to be.
The implication is direct: the security posture of your martech stack is not determined solely by your vendors’ security pages and SOC 2 certifications. It is determined by the security of the libraries, kernels, and runtimes those vendors build on. Glasswing is now scanning that substrate. The findings will propagate up the stack, and marketing teams need to be ready to ask vendors harder questions. The companies in a position to benefit most are the ones that begin updating their vendor security questionnaires and internal review processes before regulators and procurement departments make it mandatory.
The Vendor Security Posture Conversation Is About to Change
Twelve of the most consequential technology companies in the world — AWS, Google, Microsoft, Apple, Cisco, CrowdStrike, NVIDIA, Palo Alto Networks, Broadcom, JPMorganChase, the Linux Foundation — have committed to a shared AI-powered security scanning framework. When your cloud provider, your browser vendor, your firewall provider, and your endpoint security platform are all operating under a shared vulnerability intelligence framework, the baseline expectation for what constitutes a credible security posture is shifting.
Martech vendors who have not yet adopted AI-assisted vulnerability scanning will increasingly stand out as laggards in security questionnaires, procurement reviews, and partner audits. The $100 million in Mythos model credits for Glasswing participants creates an adoption incentive that will pull major platform vendors toward this new standard quickly. Marketing leaders who manage vendor relationships — and who negotiate contracts that include data processing agreements and liability clauses — need to understand what Glasswing-class scanning means for their vendor ecosystem before their legal and security counterparts show up asking questions.
The dual-use nature of this capability adds another dimension. Mythos can find vulnerabilities at a scale and speed that previously required teams of expert researchers. That capability is now available through an API. The same tool that helps defenders find and patch zero-days can, in the wrong hands, be used to find and exploit them. Anthropic’s response — building in safeguards with upcoming Claude Opus models before broader Mythos-class deployment and distributing access through controlled channels via Glasswing partnerships — reflects an awareness of this risk. But marketing teams that operate customer-facing web properties, handle payment data, or manage personally identifiable information need to be aware that the threat landscape just changed materially on April 7, 2026. The bar for attackers to find exploitable vulnerabilities in widely-used software dropped. The defensive response from Glasswing partners will raise it back over time, but the interim period is a window of elevated exposure that marketing infrastructure teams should treat seriously.
The Organizational Separation Between Marketing and Security Is Ending
The standard enterprise org chart places marketing under the CMO and security under the CISO, with minimal structural connection between them. That arrangement was manageable when security was primarily a network and endpoint concern. It became strained when SaaS proliferation put dozens of marketing-controlled data integrations outside IT’s visibility. It is now untenable.
Claude Code Security — Anthropic’s tool for scanning codebases and suggesting targeted patches — reads code “the way a human security researcher would: understanding how components interact, tracing how data moves through your application.” That description is also a description of what a competent marketing engineer needs to do when evaluating whether a new tag, pixel, or API integration introduces data exposure risk. The skill sets are converging. Marketing ops teams that deploy tracking infrastructure, manage consent frameworks, and configure customer data pipelines are making decisions with security consequences. They need tools, processes, and frameworks that acknowledge this reality, not org chart separation that obscures it.
The Claude Code Security system uses multi-stage verification — re-examining each finding to prove or disprove it and filter false positives — and assigns both severity and confidence ratings to prioritize fixes. It found over 500 vulnerabilities in production open-source code that had been undetected despite expert review over decades. That capability is available now, in limited research preview, for Enterprise and Team customers, with expedited access for open-source maintainers. Marketing engineering teams building on open-source analytics, attribution, or personalization frameworks should be registering for access and beginning to understand how AI-assisted security review fits into their development workflow — not waiting for a mandate from the CISO.
The Data
The following table summarizes the key metrics from Project Glasswing and the broader Anthropic cybersecurity initiative as reported by Anthropic and The Verge:
| Metric | Detail |
|---|---|
| Claude Mythos CyberGym Score | 83.1% vulnerability reproduction |
| Claude Opus 4.6 CyberGym Score | 66.6% vulnerability reproduction |
| Performance Gap | +16.5 percentage points vs. prior frontier model |
| Oldest Vulnerability Found | 27-year-old OpenBSD flaw in critical infrastructure |
| FFmpeg Flaw Age | 16 years, missed after 5 million automated test runs |
| Vulnerabilities Found (Claude Code Security) | 500+ in production open-source code |
| Glasswing Model Credits | $100M in usage credits for participants |
| Linux Foundation Funding | $2.5M (Alpha-Omega + OpenSSF) |
| Apache Software Foundation Funding | $1.5M |
| Mythos Input Token Price | $25 per million tokens |
| Mythos Output Token Price | $125 per million tokens |
| Founding Partners | 12 organizations |
| Partner Categories | Cloud (AWS, Google, Microsoft), Chips (NVIDIA, Broadcom), Security (Cisco, CrowdStrike, Palo Alto), Finance (JPMorganChase), OS (Apple, Linux Foundation) |
The CyberGym score gap deserves specific attention from marketers evaluating AI tools for their own security workflows. A 16.5-point improvement from Claude Opus 4.6 to Mythos Preview on a rigorous vulnerability reproduction benchmark is not the kind of incremental gain that gets absorbed quietly into existing workflows. It represents a qualitative shift in what AI can do autonomously in a security context — the difference between a tool that augments an expert and one that operates at expert-level performance on its own.
For reference, Claude Code Security — which uses Claude Opus 4.6, not Mythos — already found over 500 previously undetected vulnerabilities in production open-source code. Mythos, at 83.1% CyberGym performance, is materially more capable than the model that produced that finding. When Mythos reaches broader availability, the volume and depth of vulnerability findings across the open-source ecosystem — including the libraries that power marketing technology — will increase significantly.
The financial commitments — $100 million in model credits, $2.5 million to the Linux Foundation ecosystem, $1.5 million to Apache — signal that Anthropic is treating this as infrastructure investment, not a product launch. The $4 million in open-source security funding in particular is significant because it targets the foundation that virtually all commercial software, including martech, builds on top of. When the Linux kernel, OpenBSD, and Apache-maintained libraries become more secure, every application layer above them benefits — including your CDP, your analytics platform, and your CMS.
Real-World Use Cases
The abstraction of “AI found browser vulnerabilities” becomes concrete when you map it to the actual marketing workflows that depend on browser and OS integrity. Here are five scenarios that illustrate how Glasswing-class AI security scanning plays out in marketing contexts.
1. E-Commerce Team Auditing the Customer Data Pipeline
Scenario: A mid-market e-commerce company runs a customer data platform that ingests behavioral events from its website, mobile app, and point-of-sale system. The pipeline touches several open-source libraries for data serialization and event processing. The security team runs quarterly penetration tests, but the marketing engineering team owns the CDP configuration and has added four new data connectors in the past six months without a dedicated security review.
Implementation: The marketing engineering lead requests access to Claude Code Security through Anthropic’s Enterprise preview. They point the scanner at the CDP configuration codebase and the custom connector code. Claude Code Security reads the codebase the way a human security researcher would — tracing how customer data moves through the application, identifying where input validation is absent or weak, and flagging where third-party library versions carry known vulnerabilities. The multi-stage verification process filters false positives before surfacing results. Each finding is assigned a severity rating and a confidence rating. The team reviews findings with the CISO’s team and applies patches using Claude Code’s iterative fix workflow, with human approval required before any change is applied.
Expected Outcome: The audit surfaces two medium-severity findings and one high-severity finding in a serialization library that was three minor versions behind the current release. Patching the high-severity finding takes four hours of engineering time. The alternative — discovering that vulnerability through a data breach notification — would have cost orders of magnitude more in regulatory exposure, customer notification costs, and brand damage. The process also establishes a repeatable security review checkpoint for future connector additions, reducing the accumulation of unreviewed technical debt in the marketing data stack.
2. Digital Agency Running Client-Side Tag Security Audits
Scenario: A performance marketing agency manages tag management configurations for 40 enterprise clients. Tag management containers routinely include pixels, conversion tracking scripts, A/B testing libraries, chat widgets, and retargeting tags — a mix of first-party and third-party code executing in the client’s browser, with access to the DOM, cookies, session data, and in some cases form field content. A single misconfigured or compromised tag can exfiltrate data that the agency’s client never consented to share with a third party.
Implementation: The agency builds an AI-assisted tag audit service into its standard client onboarding and quarterly review process. Using Claude Code Security, they scan the tag container configurations and the JavaScript payloads of third-party tags for patterns consistent with data exfiltration, credential harvesting, or supply chain compromise. The scanner’s ability to understand how components interact — how a tag’s data layer reads interact with form fields, for example — is directly applicable to the client-side code environment that tag management operates in. Findings are compiled into a prioritized remediation report delivered to the client’s marketing and security stakeholders together, establishing a shared accountability framework rather than leaving the agency holding the liability alone.
Expected Outcome: The agency differentiates on security as a service offering, justifying premium pricing and reducing client churn among enterprise accounts where security review is a procurement requirement. For clients in regulated industries — finance, healthcare, education — the audit documentation supports compliance requirements under GDPR, CCPA, and HIPAA. The agency’s proactive posture positions it ahead of the regulatory pressure that is building around third-party script accountability, particularly as browser vendors — several of whom are Glasswing founding partners — tighten the security model around cross-site tracking and third-party script execution.
3. B2B SaaS Marketing Vendor Differentiating on Security Posture
Scenario: A B2B marketing analytics platform is competing for enterprise contracts against larger, better-funded incumbents. Procurement teams at enterprise prospects run detailed security questionnaires, and the platform’s smaller security team cannot match the depth of documentation that larger vendors produce. The platform’s engineering team has built on open-source analytics libraries — sound technical choices, but ones that carry historical vulnerability exposure that a sophisticated procurement team will probe.
Implementation: The platform’s CTO applies for Claude Code Security Enterprise preview access and runs a full codebase scan against their core application and all open-source dependencies. The scan produces a finding report with severity and confidence ratings. The team addresses high and critical findings, documents the remediation process, and incorporates AI-assisted security review into their continuous integration pipeline so that future code changes are scanned automatically. In security questionnaires and procurement reviews, the platform can now describe a repeatable, AI-assisted security review process with documented outcomes — evidence of process maturity that compensates for team size. The open-source maintainer expedited access pathway that Anthropic offers for Claude Code Security is also relevant if the platform contributes code back to the open-source projects it builds on.
Expected Outcome: Security posture becomes a competitive differentiator rather than a liability. Enterprise procurement teams increasingly reward vendors who can demonstrate AI-assisted security review processes, particularly as Glasswing normalizes this expectation among the twelve founding partner organizations and their vendor ecosystems. Closing rates on enterprise deals improve as the platform can credibly compete on security documentation alongside feature parity, and the CI pipeline integration means the security posture improves continuously rather than requiring periodic manual review cycles.
4. Enterprise CMO Building an AI Security Governance Framework
Scenario: The CMO of a Fortune 500 financial services company oversees a marketing technology stack that processes customer behavioral data, campaign performance data, and in some cases financial product interest signals. The stack includes dozens of SaaS vendors, several custom integrations, and a growing number of AI-powered personalization and content generation tools. The CISO has flagged that AI tools in marketing represent an unreviewed attack surface. The CMO needs a governance framework that satisfies the CISO, meets the company’s regulatory obligations, and does not paralyze the marketing team’s ability to test and deploy new tools.
Implementation: The CMO commissions a cross-functional working group — marketing operations, legal, information security, and the CDP team — to develop an AI tool governance policy. The policy establishes three tiers: tools that touch customer PII or behavioral data require full security review before deployment; tools that operate on aggregate or anonymized data require a lightweight review; tools that operate entirely on public or internally generated content require disclosure but not full security review. The policy incorporates Claude Code Security as the standard scanning tool for custom integrations and any open-source components introduced by marketing engineering. The framework references Glasswing-aligned vendors — specifically the AWS, Google Cloud, and Microsoft Azure platforms that host the company’s marketing data — as preferred infrastructure because of their participation in the shared vulnerability intelligence framework.
Expected Outcome: The CMO gains a defensible governance posture that can be presented to the board, the CISO, and regulators. The tiered framework allows marketing velocity to continue for lower-risk tools while applying appropriate rigor to tools with customer data access. The JPMorganChase participation in Project Glasswing is directly relevant context here — it signals that financial services regulators and compliance functions at major banks are engaging with AI-assisted security at the infrastructure level, which will propagate into vendor expectations for financial services marketing technology partners. The CMO who builds this framework now is ahead of the regulatory curve rather than responding to it.
5. Open-Source Marketing Analytics Platform Contributing to the Security Commons
Scenario: A team maintaining an open-source marketing analytics platform — used by tens of thousands of self-hosted deployments — receives an expedited access offer from Anthropic for Claude Code Security. The project has been maintained by volunteers for eight years. It includes a significant amount of legacy code that predates modern security practices. Expert community review has kept major vulnerabilities in check, but the codebase has grown to a size where exhaustive manual review is impractical, and the maintainers are aware that each new contributor brings code quality variation that creates security debt.
Implementation: The maintainer team accepts expedited access and runs Claude Code Security across the full codebase, including historical code paths that handle data ingestion, query processing, and API authentication. The scanner finds vulnerabilities using the same methodology that found over 500 previously undetected issues in other production open-source codebases — reading code the way a human security researcher would, tracing data flows, understanding component interactions. Findings are published in the project’s public issue tracker with severity and confidence ratings, following responsible disclosure practices. The Linux Foundation’s $2.5 million in Glasswing funding to Alpha-Omega and OpenSSF creates a parallel path for the project to apply for security improvement resources, and the Apache Software Foundation’s $1.5 million in Glasswing funding may be relevant if the project uses Apache-maintained dependencies.
Expected Outcome: The open-source project strengthens its security posture and builds trust with the enterprise organizations that deploy it for self-hosted marketing analytics. The maintainers publish a security transparency report, which becomes a marketing asset for organizations evaluating the platform against commercial alternatives. Contributing back to the security commons — as the Glasswing model incentivizes through its open-source funding commitments — reinforces the project’s reputation and attracts security-conscious contributors and enterprise sponsors.
The Bigger Picture
Anthropic’s news timeline tells a deliberate story: Claude Code Security announced February 20, a Mozilla Firefox security partnership announced March 6, Project Glasswing launched April 7. That is three coordinated moves in 47 days, each one building on and amplifying the previous. The sequencing is not accidental. February established the capability and the enterprise access model. March demonstrated a specific, visible application with a trusted browser vendor. April revealed the full scope — twelve founding partners, a frontier model purpose-built for security, and a financial commitment that signals this is infrastructure investment, not a product experiment.
For marketing and martech observers, the Mozilla partnership deserves particular attention. Firefox is one of the browsers where Glasswing found high-severity vulnerabilities. When Anthropic partnered with Mozilla in March 2026 specifically to improve Firefox’s security, it was establishing a working model for how AI-assisted vulnerability scanning gets integrated into the development and release cycle of a major browser. That model is now the template for Glasswing at scale, applied across operating systems and browsers from every major vendor. The practical implication for marketing teams: the browsers your customers use to interact with your website, your forms, your checkout flows, and your account portals are being actively hardened using AI scanning. The vulnerabilities being found are the same categories that attackers exploit to intercept data in transit, hijack sessions, and inject malicious code into web applications.
The organizational separation between marketing and security is collapsing under the weight of this shift. The marketing technology stack is, in practice, a distributed application that runs across dozens of SaaS environments, executes code in customer browsers, processes sensitive behavioral and financial data, and integrates with systems owned by vendors who themselves build on the open-source libraries that Glasswing is now scanning. Every link in that chain is potentially a security surface. The CMO who treats this as “a security team problem” is operating with a model of organizational responsibility that is already outdated.
The JPMorganChase participation in Glasswing is a signal worth reading carefully. Financial services companies are among the most regulated operators of marketing technology in the world. When JPMorganChase joins a foundational AI security initiative alongside AWS, Google, and Microsoft, it is not doing so as a passive participant. It is doing so because the risks of AI-enabled security failures in financial services marketing infrastructure — customer data exposure, regulatory penalties, brand trust destruction — are large enough to justify early, deep engagement with the most capable security scanning tools available. That decision will flow downstream into procurement requirements, vendor audits, and data processing agreement terms across the financial services marketing technology ecosystem.
The CrowdStrike and Palo Alto Networks participation changes the picture for marketing operations teams that operate inside enterprises using those security platforms. Both companies provide endpoint detection and response, threat intelligence, and security orchestration tools that marketing systems administrators interact with directly — managing agent deployments, reviewing alerts, responding to incidents involving marketing endpoints and SaaS integrations. When CrowdStrike and Palo Alto are integrated into a Glasswing-aligned vulnerability intelligence framework powered by Claude Mythos, the threat intelligence that flows through those platforms will increasingly reflect AI-discovered vulnerabilities. Marketing ops teams need to be prepared to respond to an elevated volume of security findings affecting the infrastructure they manage.
What Smart Marketers Should Do Now
The following five actions are sequenced from immediate to strategic. None of them require waiting for Glasswing or Mythos to reach general availability. All of them are executable now with currently available tools and information.
1. Audit Your Martech Vendor Security Questionnaire — Add the AI Scanning Question
Most enterprise martech procurement processes include a vendor security questionnaire, typically covering SOC 2 certification, penetration testing frequency, incident response procedures, and data processing agreements. As of April 2026, that questionnaire is missing a critical question: does the vendor use AI-assisted vulnerability scanning on their codebase and dependencies, and if so, what tool and process do they use?
Add that question now. The answer will immediately sort your vendor portfolio into two categories: vendors who are actively engaging with AI-assisted security scanning and vendors who are not yet doing so. This is not about disqualifying vendors who have not yet adopted Glasswing-class tools — the tools are new and access is still limited. It is about establishing a baseline expectation that will be standard within 18 months and beginning to understand where your vendor ecosystem stands today. Document the responses as part of your next annual vendor review cycle and use the data to prioritize where deeper security due diligence is warranted. Vendors who operate on AWS, Google Cloud, or Microsoft Azure — all Glasswing founding partners — should be asked specifically whether they are adopting the vulnerability intelligence outputs from those platforms’ Glasswing participation. The answers will tell you a great deal about which vendors are engaged with security at the infrastructure level and which are still operating on quarterly penetration test cadences alone.
2. Register for Claude Code Security Preview Access Now
Claude Code Security is currently in limited research preview for Enterprise and Team customers. Anthropic offers expedited access for open-source maintainers. If your marketing team maintains any custom code — analytics integrations, data connectors, CMS plugins, tracking implementations, consent management configurations — you should register for access now, before the preview fills and before a security incident creates urgency.
The registration process positions you ahead of what will become a standard practice within the next 12 to 18 months. It also gives your marketing engineering team hands-on experience with AI-assisted security scanning before it becomes a procurement requirement from your enterprise customers. The tool’s core capability — reading code the way a human security researcher would, tracing data flows, understanding how components interact — is directly applicable to the kind of custom marketing infrastructure that routinely escapes formal security review because the security team does not have capacity to review marketing deployments at the pace that marketing teams deploy them. Start with your highest-risk codebases: anything that touches customer PII, anything that handles authentication tokens or session management, and anything that processes payment or behavioral data. Use the severity and confidence ratings to triage findings and build a remediation backlog that your team can work through systematically, with human approval required before applying any suggested changes.
3. Map Your Customer Data Flows Before an AI Security Scan Finds the Gaps
Before you run any AI-assisted security scan on your marketing infrastructure, do the work of mapping where customer data actually flows through your stack. This is valuable independently of security scanning, but it becomes essential when you are reviewing security findings — because the severity of a vulnerability in a component is directly proportional to what data that component can access.
Build a data flow diagram that covers: how customer identifiers — email addresses, phone numbers, cookie IDs, device IDs, account numbers — enter your stack; which systems they pass through on the way to their destination; where they are stored and for how long; which third-party systems receive them via API calls or data exports; and which of those third-party systems are covered by a current, reviewed data processing agreement. This exercise will surface data flows that your legal team has not reviewed, third-party integrations that are no longer actively maintained but still receive data, and data retention practices that predate current privacy regulations. When Claude Code Security then scans your codebase and surfaces a vulnerability in a component that turns out to sit on a path that carries raw customer PII, you will be able to respond with specificity rather than uncertainty about what was exposed. The data flow map also becomes a foundational document for GDPR and CCPA compliance reviews, DPA negotiations, and board-level data governance reporting — and it is the kind of documentation that regulators increasingly expect to see when investigating a data incident.
4. Brief Your CMO on Brand Trust and Data Liability Implications
The findings from Project Glasswing — a 27-year-old vulnerability in critical infrastructure, a 16-year-old flaw that survived five million automated test runs — are not just technical facts. They are brand trust facts. Every year that a vulnerability sits undetected in software that processes your customers’ data is a year that exposure risk accumulates without your awareness or your customers’ knowledge. The public disclosure that AI scanning found vulnerabilities that decades of expert human review missed will prompt customers, regulators, and boards to ask harder questions about how long similar issues may have existed in vendor systems without detection.
CMOs need to understand two things about this development. First, the liability landscape for customer data exposure is changing: AI-assisted scanning sets a new standard of care, and organizations that demonstrate they have not adopted it — or have not required their vendors to adopt it — will face harder questions in the event of a breach. A plaintiff’s attorney asking “why didn’t you require your vendor to use AI vulnerability scanning that was publicly available and used by AWS, Google, and Microsoft?” is a question that CMOs should be prepared to answer before they are asked under legal pressure. Second, the brand trust opportunity runs in both directions. Organizations that get ahead of this — that can credibly say they use AI-assisted security scanning on their customer data infrastructure and require it of their key vendors — have a genuine differentiation in a market where data trust is an increasingly significant purchasing factor. The JPMorganChase participation in Glasswing signals that this conversation is already happening at the board level in major financial institutions. Marketing leaders at enterprise companies should be having it now, proactively, rather than waiting for the board or the CISO to bring it to them.
5. Build AI-Assisted Security Review Into the Marketing Development Cycle
The highest-leverage structural change available to marketing technology teams right now is integrating AI-assisted security review into the development and deployment cycle for marketing code and configurations. Currently, most marketing engineering teams operate on a deploy-and-monitor model — ship the integration, watch for anomalies, run a manual review if something looks wrong. That model was adequate when the tooling for automated security review was limited, slow, and required specialized security expertise to interpret. It is not adequate when Claude Code Security can scan a codebase, trace data flows, and surface prioritized findings with severity and confidence ratings in a fraction of the time it would take a human reviewer to read through the same files.
The practical implementation looks like this: establish a policy that any new marketing code or integration that handles customer data requires a Claude Code Security scan before production deployment. Require human approval before any suggested patch is applied — the tool is explicitly designed for this human-in-the-loop workflow, and applying changes without review is not supported. Add severity and confidence thresholds to your deployment gates: a high-severity, high-confidence finding blocks deployment until resolved; a medium-severity finding triggers a required review before the next release cycle. Document the process and the outcomes. Build a quarterly summary of findings, remediations, and open issues that goes to both the CMO and the CISO. This closes the organizational gap between marketing and security at the process level, creating a shared accountability structure that is more durable than any single tool deployment — and it builds institutional knowledge about what your marketing codebase actually does at the security level, which is knowledge that will be valuable in every vendor negotiation, procurement review, and regulatory examination you face going forward.
What to Watch Next
Several developments connected to Project Glasswing and the broader Anthropic security initiative will be worth tracking closely over the next six to twelve months.
Claude Mythos General Availability. Mythos Preview is currently available through the Glasswing partnership structure at $25/$125 per million input/output tokens. Anthropic has indicated plans to add safeguards with upcoming Claude Opus models before broader Mythos-class deployment. The timing and scope of a general availability release will determine how quickly Mythos-class vulnerability scanning moves from large enterprise access to mid-market and agency accessibility. Marketing technology teams that want to leverage the full capability — rather than the Claude Opus 4.6-powered Claude Code Security — should watch for GA announcements and evaluate how Mythos pricing fits into their security tooling budget.
Glasswing Partner Expansion Beyond the Founding Twelve. The twelve founding partners span cloud, chips, security, finance, and OS categories, but several major categories are conspicuously absent: enterprise application software vendors, dedicated marketing technology platforms, and telecommunications providers. Expansion of the Glasswing partnership to include martech-adjacent vendors would directly change the vulnerability intelligence landscape for marketing stacks and would be a strong signal that the initiative is moving from foundational infrastructure to application-layer coverage.
Regulatory Response to AI-Scale Vulnerability Discovery. The public disclosure that AI scanning can find thousands of high-severity vulnerabilities that decades of expert review missed will not go unnoticed by regulators. GDPR enforcement bodies, the FTC, financial services regulators, and state privacy authorities are likely to incorporate AI-assisted security scanning expectations into future guidance and enforcement actions. Marketing technology teams in regulated industries should monitor regulatory developments in this space closely, as the standard of care for customer data protection is likely to be recalibrated upward in the next 12 to 24 months.
CrowdStrike and Palo Alto Integration Timelines. The two enterprise security platform providers in the Glasswing founding group will determine how quickly AI-discovered vulnerabilities flow into the threat intelligence and detection rule sets that enterprise security operations teams rely on. Announcements from either company about Glasswing-specific capabilities or integrations will signal how quickly marketing operations teams that interact with those platforms will need to adapt their incident response workflows.
OpenSSF Supply Chain Security Metrics. The $2.5 million in Glasswing funding going to Alpha-Omega and OpenSSF through the Linux Foundation creates a measurable commitment to open-source supply chain security. OpenSSF publishes metrics on the security posture of open-source projects through its Scorecard and Criticality Score tools. Tracking improvements in scores for open-source libraries commonly used in marketing technology stacks — analytics frameworks, data serialization libraries, HTTP clients, event processing libraries — will provide concrete, public evidence of Glasswing’s downstream impact on the security of the software that marketing teams build on.
Bottom Line
Project Glasswing, launched April 7, 2026, represents a structural change in the security posture of the software that every marketing stack is built on — not incrementally, but at a scale and depth that no prior initiative has matched. Anthropic’s Claude Mythos model found vulnerabilities spanning decades of undetected exposure, including a 27-year-old OpenBSD flaw and a 16-year-old FFmpeg bug that survived five million automated test runs, demonstrating that AI-assisted security scanning has crossed into territory that exceeds what expert human review alone can reliably deliver. For marketing teams, the immediate implications run across three layers: your martech vendors are being held to a higher security standard by the cloud, security, and OS platforms they build on; your own custom marketing code and integrations is now scannable with Claude Code Security at a level of depth previously unavailable outside elite security research teams; and the organizational separation between marketing and security is no longer a defensible operating model when customer data flows through open-source libraries that a frontier AI model just found riddled with decade-old flaws. The right response is not to wait for Glasswing to reach general availability or for a security incident to create urgency — audit your vendor questionnaires, register for preview access, map your customer data flows, brief your CMO, and build AI-assisted security review into your development cycle now, before the standard of care shifts further and the gap between organizations that acted early and those that did not becomes a liability that no security questionnaire can paper over.
0 Comments