1 hour ago
2
Visa processes billions of transactions every day. At VB Transform 2026 on July 14-15, Visa’s President of Technology Rajat Taneja is set to outline what the company has learned from Project Glasswing, a joint initiative with Anthropic that uses advanced AI to find software vulnerabilities faster than any human red team realistically can.
The headline finding is hard to ignore: in its first month alone, Project Glasswing helped participating organizations identify over 10,000 high- or critical-severity vulnerabilities.
What Project Glasswing actually does
Anthropic announced the project on April 7, 2026. Visa was among the first participants, using the initiative to stress-test its own internal systems against the zero-trust security framework the company operates under. The internal exercise confirmed that the framework is largely holding up. It also surfaced specific weaknesses worth patching.
The program launched with roughly 50 partner organizations. By early June 2026 it had grown to approximately 150 organizations across more than 15 countries.
To support that growth, the initiative is backed by up to $100 million in usage credits for participating organizations, plus an additional $4 million set aside specifically for open-source security improvements.
The Visa Vulnerability Agentic Harness
Visa did not just participate in Project Glasswing. On June 10, 2026, the company released its own open-source contribution: the Visa Vulnerability Agentic Harness, a tool designed to help organizations run AI-assisted vulnerability management workflows while keeping humans in the loop at critical decision points.
The timing of the release also lines up with Visa’s Spring Biannual Threats Report, published May 20, 2026, which documented growth in AI-enabled fraud tactics. Deepfakes were specifically called out as an expanding attack vector.
Why this matters beyond Visa’s own network
Taneja has held the President of Technology role at Visa since 2019. Here is the core tension the project surfaces: the same AI models that can scan 10,000 vulnerabilities in a month for defenders can, in theory, be pointed in the opposite direction by attackers. Visa’s technology team has been explicit about this. Advanced AI models can rapidly identify and weaponize vulnerabilities, and the gap between a defensive scan and an offensive exploit is narrowing.
Project Glasswing’s structure, with its emphasis on human oversight baked into tooling like the Visa Vulnerability Agentic Harness, offers one model for answering that question. The $100 million in usage credits lowers the barrier for smaller organizations to participate, which matters because supply chain attacks frequently enter large networks through smaller, less-resourced partners.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
English (US) · 