1 hour ago
1
Visa’s technology team got a wake-up call just weeks into testing Anthropic’s most powerful unreleased AI model. The system was finding and weaponizing vulnerabilities in critical code bases faster than most human red teams could even catalog them.
Rajat Taneja, Visa’s president of technology, shared the company’s findings from Anthropic’s Project Glasswing during preparations for his session at VB Transform 2026. The takeaway: frontier AI models are simultaneously the best defensive tool and the most dangerous offensive weapon the cybersecurity world has ever seen.
What Project Glasswing actually found
Anthropic launched Project Glasswing on April 7, 2026, giving a select group of roughly 50 partners access to the Claude Mythos Preview, an unreleased model with autonomous vulnerability-hunting capabilities.
Within the first month of testing, the model identified over 10,000 high- and critical-severity zero-day vulnerabilities across major systems and software. That includes older, deeply embedded flaws in systems like OpenBSD and FFmpeg.
By early June 2026, the program had expanded from those initial 50 partners to approximately 150 organizations across more than 15 countries. Anthropic backed the initiative with up to $100 million in usage credits, plus an additional $4 million earmarked specifically for open-source security work.
Visa’s defenses held, but barely
Visa’s testing revealed that its existing security infrastructure, including its zero-trust architecture, withstood exploitation attempts from the Mythos model. The process also identified actionable improvements Visa needed to make, meaning the AI found gaps that human security teams had missed.
On June 10, 2026, Visa took the unusual step of open-sourcing its Visa Vulnerability Agentic Harness, a tool designed for AI-based vulnerability management.
Taneja’s team emphasized three key lessons from the Glasswing experience. First, security needs to shift left in the development process. Second, supply-chain resilience requires serious upgrades when AI can trace dependency chains and find exploitable weaknesses at scale. Third, autonomous AI-driven detection and response mechanisms need to be accelerated.
The fraud landscape is evolving just as fast
Visa’s Spring Biannual Threats Report, released on May 20, 2026, painted a complementary picture of escalating AI-enabled fraud. As network-level security improves, attackers are pivoting to tactics like deepfakes and social engineering.
Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.
English (US) · 