N NexChron

Top Stories

AI News Business Government & Policy Healthcare Work & Labor

All Sections

AI News Business & Enterprise Government & Policy Healthcare & Wellness Education & Learning Transportation & Logistics Home & Consumer Finance & Banking Energy & Climate Creative & Media Security & Privacy Science & Research Work & Labor Legal & Compliance Agriculture & Food Manufacturing & Industry Real Estate & Construction Retail & Commerce Telecom & Connectivity Social Impact & Ethics

Resources & Tools

AI Glossary — 50+ terms AI Encyclopedia — In-depth concepts AI Directory — 30+ companies AI Comparisons — Side-by-side AI Answers — Q&A Regulation Tracker — AI laws tracked Take the AI Readiness Quiz → Find an AI Tool →

About

About NexChron Newsletter RSS Feed
Subscribe — Free Daily Briefing
Security & Privacy | 4 min read

Anthropic Launches Project Glasswing Coalition to Secure AI Supply Chains Against Autonomous Attacks

Anthropic launched Project Glasswing, uniting AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, and Palo Alto Networks under the Linux Foundation to defend software supply chains against AI-powered attacks.

Hector Herrera
Hector Herrera
· Updated April 12, 2026 · 1 source
A cybersecurity operations center at night
Why this matters Anthropic launched Project Glasswing, uniting AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, and Palo Alto Networks under the Linux Foundation to defend software supply chains against AI-powered attacks.

Anthropic Launches Project Glasswing to Harden AI Supply Chains Against Autonomous Attacks

By Hector Herrera | April 12, 2026 | Security

Anthropic has assembled nine of the world's largest technology companies under a single security coalition to defend critical software supply chains against AI-powered cyberattacks. The effort—Project Glasswing—is organized under the Linux Foundation and responds to a documented 89% year-over-year rise in AI-enabled attacks, including a campaign where autonomous AI agents compromised more than 600 firewalls across 55 countries without a human operator directing the intrusion.

What Happened

Anthropic launched Project Glasswing, bringing AWS, Apple, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, NVIDIA, and Palo Alto Networks into a coordinated supply chain security initiative, according to reporting from Hipther Agency. The Linux Foundation is providing organizational infrastructure, which signals this is designed as an industry-wide standard-setting effort rather than a proprietary security product.

The timing is not incidental. AI-powered cyberattacks rose 89% year-over-year according to current threat intelligence. Autonomous AI agents—systems that can pursue multi-step attack objectives without real-time human direction—now account for 1 in 8 AI-related security breaches.

Context

Supply chain attacks—intrusions that compromise software or infrastructure that other organizations depend on—have become the most consequential category of cyberattack in the past five years. The SolarWinds attack (2020) and Log4Shell vulnerability (2021) demonstrated that compromising a widely used software component can affect thousands of downstream organizations simultaneously.

AI adds a new dimension to this threat. Traditional supply chain attacks required skilled human operators to identify vulnerabilities, develop exploits, and manage intrusion campaigns. Autonomous AI agents can perform many of these steps without human involvement at each stage, dramatically reducing the cost and skill threshold for sophisticated supply chain attacks.

The documented campaign that compromised 600+ firewalls across 55 countries—described in recent threat intelligence—represents the most public example of autonomous AI agents conducting a coordinated attack campaign at scale. The specifics of which threat actor was responsible and which firewall vendors were affected are not fully disclosed in public reporting.

Details

Project Glasswing's stated focus is hardening critical software supply chains against AI-enabled attacks. The Linux Foundation's involvement suggests the initiative will produce open standards, shared tooling, or both—rather than proprietary solutions that only coalition members can access.

The coalition composition is notable. Anthropic builds AI systems and is itself a supply chain element for any company using Claude via API. AWS, Google, and Microsoft collectively provide the cloud infrastructure that most AI systems run on. Cisco and Palo Alto Networks provide network security infrastructure. CrowdStrike provides endpoint detection and response. Apple, JPMorgan Chase, and NVIDIA represent major consumers of supply chain components across hardware, financial services, and semiconductor design.

The breadth suggests the coalition is trying to address the full supply chain stack, not a single layer.

A separate finding released this week found that browser extensions with AI capabilities are 60% more likely to carry exploitable vulnerabilities than the average extension—a distinct but related supply chain attack surface that Project Glasswing's work may address.

Impact

For enterprise security teams: The combination of autonomous attack agents and supply chain targeting represents a qualitative shift in threat complexity. Security operations that were adequate against human-directed attacks may be insufficient against autonomous agents that operate faster and at greater scale. Threat modeling exercises should incorporate autonomous agent scenarios explicitly.

For software vendors: Being part of the software supply chain—which includes virtually every B2B software company—means being a potential target for autonomous agent attacks. Code signing, dependency auditing, and software bill of materials (SBOM) practices that were best practices a year ago are becoming baseline requirements.

For AI developers: Anthropic is effectively asserting that AI safety and AI security are the same problem at the supply chain level. If AI models can be used to attack software supply chains, then the organizations building those models have a responsibility to help defend them. Project Glasswing is an attempt to operationalize that responsibility through collective action.

For browser extension users: The finding that AI-capable browser extensions are 60% more likely to carry vulnerabilities is actionable. Audit your installed extensions. Remove any AI-capable extension from a vendor you cannot independently verify. Treat browser extensions as supply chain elements, because they are.

What to Watch

Project Glasswing's success will be measured by what it actually produces: standards documents, shared detection tools, or coordinated vulnerability disclosure processes. Linux Foundation projects vary enormously in output—some produce foundational infrastructure; others produce reports. Watch for concrete technical deliverables in the next six months.

Also watch for the response from threat actors. Autonomous AI attack capabilities are improving at roughly the same rate as defensive AI capabilities. Project Glasswing represents a coordinated defensive response. How quickly offensive AI adapts will determine whether the coalition is setting standards fast enough to matter.

Hector Herrera covers cybersecurity and AI for NexChron.

Key Takeaways

  • By Hector Herrera | April 12, 2026 | Security
  • For enterprise security teams:
  • For software vendors:
  • For browser extension users:
#cybersecurity #Anthropic #supply chain #Project Glasswing #AI attacks

Did this help you understand AI better?

Your feedback helps us write more useful content.

Hector Herrera

Written by

Hector Herrera

Hector Herrera is the founder of Hex AI Systems, where he builds AI-powered operations for mid-market businesses across 16 industries. He writes daily about how AI is reshaping business, government, and everyday life. 20+ years in technology. Houston, TX.

More from Hector →

Get tomorrow's AI briefing

Join readers who start their day with NexChron. Free, daily, no spam.