Tag Archives: Amazon Web Services

2026, AI, AI & Machine Learning, Gadget Man, Security, Self Aware AI, Technology

Anthropic’s Project Glasswing Could Change Cybersecurity Forever

Leave a comment

There are moments in tech when you read an announcement and immediately realise that something important has shifted.

That was very much my reaction when I came across Project Glasswing, a newly announced initiative from Anthropic that is aimed squarely at one of the biggest looming problems in modern computing: what happens when AI becomes exceptionally good at finding software vulnerabilities. Source

According to Anthropic, Project Glasswing brings together a heavyweight list of partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks, all with the goal of securing critical software for what Anthropic calls the AI era. It is also extending access to more than 40 additional organisations that build or maintain important software infrastructure. Source

Now, that alone would be interesting enough, but the real headline here is the model sitting behind it all.

Anthropic says its unreleased model, Claude Mythos Preview, has already demonstrated the ability to find and exploit software vulnerabilities at a level beyond all but the most skilled human experts. That is a huge claim, and if it holds up in practice, it means we may have crossed into a very different phase of cybersecurity. Source

In plain English, this is not just about a chatbot helping someone write a bit of code more quickly. This is about AI being able to inspect complex software, spot weaknesses that humans and automated tools have missed for years, and in some cases work out how those weaknesses could be exploited. Anthropic says the model has already found thousands of high-severity vulnerabilities, including flaws affecting major operating systems and web browsers. Source

Some of the examples are rather startling. Anthropic says Mythos Preview uncovered a 27-year-old vulnerability in OpenBSD, a 16-year-old flaw in FFmpeg, and even chained together several Linux kernel vulnerabilities in a way that could escalate ordinary user access into full control of a machine. The company says those issues have now been responsibly disclosed and patched. Source

That, to me, is the bit that really lands.

Because for years we have tended to think of cybersecurity in terms of patching known issues, following best practice, keeping software up to date and hoping the really serious flaws are found by the good people before the bad people. But if AI systems are now reaching the point where they can autonomously discover dangerous bugs in code that has survived decades of scrutiny, then the pace of both defence and attack could increase dramatically. Source

Anthropic is clearly trying to frame Glasswing as a defensive first move. The company says it is committing up to $100 million in usage credits for Mythos Preview and $4 million in direct donations to open-source security organisations. The idea seems to be to put these capabilities into the hands of defenders, infrastructure operators and maintainers before similar systems become more widely available. Source

And that is probably the most sensible angle here.

Because whether we like it or not, the genie is not going back in the bottle. If one frontier AI lab can build a model that is frighteningly good at vulnerability discovery, others will too. Eventually, those capabilities will spread further. The question is not really whether AI will reshape cybersecurity. It is whether defenders can get enough of a head start to stop things getting seriously messy. That is an inference from Anthropic’s announcement and the examples it gives, rather than a direct claim from the company, but it feels like the unavoidable conclusion. Source

For those of us who run websites, servers, ecommerce platforms, mail systems or anything else connected to the wider internet, this should be a bit of a wake-up call. The old approach of leaving systems half-maintained, delaying updates, or assuming that obscure software will somehow stay below the radar looks even more risky in a world where AI can inspect code at speed and scale.

Project Glasswing may turn out to be remembered as one of those early milestone moments, the point where the cybersecurity industry publicly acknowledged that AI is no longer just a helpful assistant for defenders. It is becoming a serious force multiplier, and one that could work for either side.

That makes this announcement both exciting and slightly chilling.

And, in true Gadget Man fashion, it is exactly the kind of development that reminds us technology is never just about shiny new tools. It is also about consequences, responsibility and how quickly the world has to adapt when the rules suddenly change.

Source

Anthropic, Project Glasswing: Securing critical software for the AI era

2026, Amazon, Cloud, Cloud Storage, Middle East

AWS, Middle East Escalation and a Very Real Reminder That the Internet Is Physical

Leave a comment

Over the weekend something unusual happened.

The AWS Health Dashboard lit up with warnings across the Middle East regions, while at the very same time global news outlets were reporting escalating military action across the Gulf.

If you run infrastructure in the cloud, or even if you just assume “the cloud” is always there, this was a sobering moment.

Let’s unpack what actually happened.

What Amazon Web Services Said

According to the official AWS Service Health Dashboard:

“Objects struck the data centre, creating sparks and fire.”

That is not typical outage language.

AWS reported that two Availability Zones in the ME-CENTRAL-1 region were impaired due to a localized power issue. Power was shut off while emergency services responded, and recovery would require:

  • Repair of facilities
  • Restoration of cooling systems
  • Restoration of power systems
  • Coordination with local authorities
  • Safety assessments before re-energising the site

Customers were strongly advised to fail over to alternate regions, ideally in Europe.

This was not a minor API hiccup. EC2, S3, DynamoDB, the AWS Management Console and dozens of other services experienced elevated error rates.

The cloud, quite literally, caught fire.

Source: AWS Service Health Dashboard

At The Same Time… The World Was On Edge

Simultaneously, live coverage from BBC News reported dramatic escalation in the region:

  • Iranian strikes on a major gas plant in Qatar
  • A refinery fire in Saudi Arabia
  • Drones intercepted over Cyprus heading towards a UK base
  • Escalating conflict involving Israel, Lebanon and Iran
  • Reports that Iran’s Supreme Leader had been killed in US and Israeli strikes

Gas prices reportedly spiked sharply on international markets.

Source: BBC Live Coverage

AWS has not explicitly linked its data centre incident to military activity.

But when you read phrases like “objects struck the data centre” in the same time window as confirmed missile and drone activity across the Gulf, the coincidence is difficult to ignore.

The Myth of the Abstract Cloud

We talk about:

  • Serverless
  • Containers
  • Regions
  • Availability Zones
  • Multi-AZ architecture

All wonderfully abstract.

But this weekend was a reminder that the cloud is:

  • Concrete buildings
  • Power substations
  • Cooling plants
  • Diesel generators
  • Fibre routes
  • Security perimeters

Remove electricity and you remove the cloud.

Damage cooling systems and you shut down racks.

If local authorities tell you to keep power off, your “infinite scalability” suddenly looks rather finite.

Why This Matters To You

If you deploy only in one region, you are accepting regional geopolitical risk whether you realise it or not.

AWS always recommends multi-AZ design. Many organisations stop there.

But this incident affected more than one Availability Zone in the same region. That is the critical detail.

Multi-region redundancy is no longer theoretical resilience planning. It is operational reality.

If your backups sit in the same geography as your primary systems, that is not true disaster recovery.

The Bigger Lesson

We spend huge amounts of time worrying about:

  • Cyber attacks
  • Zero day exploits
  • Ransomware
  • Misconfigured S3 buckets

Yet physical risk is often treated as someone else’s problem.

This event shows that geopolitical instability can ripple directly into cloud availability.

Cloud providers are extraordinary at redundancy. But they are not immune to real world events.

When missiles fly and power grids are shut down, even hyperscale infrastructure feels it.

Final Thoughts From The Server Rack

I have long argued that we live in a world where digital and physical are inseparable.

This weekend was a perfect example.

A regional conflict.
Energy infrastructure under threat.
Data centres hit.
Gas markets spike.
APIs fail.

The internet is not floating in the ether. It is bolted to the floor.

If you are running production workloads, ask yourself one simple question:

If my region goes dark for 24 hours, what happens next?

If the answer is panic, then this weekend was your warning shot.

As ever, the smartest architecture is not the cleverest. It is the most resilient.

And resilience, increasingly, means geography.