Project Glassfin
Project Glassfin is discussed in Vol. 167 Token 如流水,Agent 似朝阳 as an Anthropic security effort whose early results reportedly involved AI finding close to ten thousand high-risk vulnerabilities. The episode says the work was not immediately released broadly; instead, Anthropic first worked with large companies so early discovered issues could be patched.
Source Position
- The hosts treat Project Glassfin as evidence that frontier models may become powerful vulnerability-discovery systems, not only coding assistants.
- The same capability creates governance tension: defenders can patch faster, but attackers may also benefit if similar capability is widely available without disclosure controls.
- The project extends the wiki’s AI security branch from Zero Trust Security and Default Deny Security into AI-assisted vulnerability discovery and coordinated remediation.
Connections
- Anthropic — company context for the project.
- AI Governance And Compliance — governance frame for AI-enabled security work and disclosure.
- AI Coding Verification — adjacent engineering discipline for proving generated or reviewed code is safe.
- Human Judgment Under AI — humans still decide disclosure, remediation, prioritization, and release timing.
- AI Export Controls and Frontier Model Access Restrictions — broader policy context when AI capability is treated as security-sensitive.