Recent warnings from the Bank of England could shake the UK financial sector. Andrew Bailey, Bank of England Governor, commented that: AI is now being used as a high-speed archaeologist, unearthing critical security flaws that have sat dormant in our core systems for decades.
There are concerns around an initiative surrounding Anthropic’s unreleased Mythos model. While designed for defensive hardening, Mythos has already demonstrated an unnerving ability to identify and exploit thousands of previously unknown vulnerabilities across every major operating system and web browser. One such flaw, discovered in OpenBSD, had survived undetected for 27 years.
What is Project Glasswing?
Project Glasswing is a high-stakes defensive cybersecurity initiative led by Anthropic, designed to give cyber defenders a head start in the AI era. The project aims to bring together a coalition of industry giants like including Amazon Web Services, Google, NVIDIA, and JPMorganChase, all to proactively identify and patch critical software vulnerabilities before they can be weaponised by adversaries.
The initiative was born from the discovery that frontier AI has reached a threshold capability where it can autonomously find and chain together complex security flaws, some of which have survived undetected in core infrastructure for over 25 years.
Rather than releasing this powerful model to the public, Project Glasswing operates as a controlled laboratory environment, allowing security teams to use AI as a high-speed archaeologist to harden the global digital ecosystem against the very threats that next-generation AI is now capable of creating.
Old Bugs
For years, the financial industry has relied on the assumption that legacy code, if it hasn’t broken yet, is secure enough. Project Glasswing has shattered that illusion. Frontier AI doesn’t just find single bugs; it chains them together, turning minor oversights into catastrophic entry points.
đź”—Read more on the Bank of England’s warning here.
Afraid to Deploy AI?
At Mondas, we see many organisations hesitant to deploy AI, fearing that opening the door to new tech will widen the attack surface. The temptation to stifle to survive is defensible but ultimately self-defeating. If you’re not using AI for growth, you can be certain your adversaries are using it for reconnaissance, and your competitors are probably pushing ahead to their advantage.
At Mondas, we focus on security posture management and the aim of our vCISO being deployed in an organisation is to help with the following.
Audit the ‘Crown Jewels’ |
Identifying legacy dependencies that AI models like Mythos would target first. |
Lock Down the Models |
Ensuring that when you deploy AI, the models themselves are shielded from prompt injection and data leakage. |
Enable Secure Growth |
Implementing best-in-class tools and AI-driven monitoring that moves as fast as the threats. |
The goal of Project Glasswing is to give defenders a head start but AI shouldn’t be a source of fear, it could be your most powerful defensive asset.
đź”—Read more on Project Glasswing here.
Mondas specialises in navigating the complex intersection of AI and information security, under their vCISO service – get the high level security oversight of an outsourced CISO.
If you’re struggling with the issues outlined in this article or concerned about your legacy infrastructure, reach out now to get in touch with our team.
Author: Chris Wilkes-Green, Operations Director, Mondas
Article first published: 21/04/2026
