Anthropic's security teams share practical guidance for defending against AI-accelerated cyberattacks, tied to their Project Glasswing initiative. Key recommendations include closing patch gaps faster using CISA KEV and EPSS prioritization, preparing for an order-of-magnitude increase in vulnerability report volume, integrating AI-assisted code scanning and SAST into CI/CD pipelines, proactively scanning existing codebases with frontier models before attackers do, adopting zero-trust architecture with hardware-bound credentials, reducing attack surface through inventory and decommissioning, and shortening incident response with AI triage agents. The post also covers best practices for submitting vulnerability reports upstream and simplified advice for teams without dedicated security functions.
Table of contents
What to do nowAdvice for submitting vulnerability reports to othersIf you don’t have a security teamSort: