AI Hackers vs. AI Defenders: The Battle Just Shifted

Anthropic's Project Glasswing brings Microsoft, Google, and CrowdStrike together to use AI against AI threats. Here's what it means for your business right now.

NSI Tech

Something changed this month. On April 7, Anthropic announced Project Glasswing — a rare collaboration between Amazon, Apple, Microsoft, Google, CrowdStrike, NVIDIA, and Palo Alto Networks. Their shared goal: use frontier AI to find and fix vulnerabilities before attackers exploit them.

On the surface, this sounds like good news. But peel back the layers and you’ll see why it matters to your business right now.

What’s Actually Happening

The same week Glasswing launched, Microsoft confirmed Russian state actors breached older internet routers to steal authentication tokens from over 18,000 organizations using Microsoft 365. Google disclosed two active Chrome zero-days being exploited. And a threat group claimed a massive breach of Google’s Salesforce advertiser database — potentially 184 million credentials.

This isn’t coincidence. Attackers are moving faster than traditional defenses can handle. The response from major tech companies is to fight AI with AI.

What This Means for Your Business

1. Single-layer defenses aren’t enough anymore. When a single OAuth phishing campaign can compromise 340 organizations in five countries, relying on a password and hoping for the best is not a strategy.

2. AI is now in your threat model. Whether you use AI tools or not, attackers are using them to find entry points faster. If your IT provider isn’t thinking about AI-driven threats, they’re behind.

3. Vendor consolidation has a new risk. Glasswing shows how deeply interconnected major platforms have become. One vulnerability in a shared component can cascade across dozens of services — as the world learned from the 2024 CrowdStrike outage.

What You Should Do

You don’t need to become a cybersecurity expert. But you do need a team that treats it like a moving target, not a set-it-and-forget-it checklist. That means:

  • Regular review of access controls and authentication methods
  • Monitoring for unusual activity, not just known threats
  • A recovery plan that assumes something will get through

If you’re relying on break-fix support or an IT provider who only calls when something breaks, the threats showing up in April 2026 should concern you.

Worried about where you stand? Talk to NSI Tech. We’ll walk you through what a real security posture looks like — not a pitch deck, just an honest assessment.

Need help with any of this? NSI Tech has you covered.

Talk to us