Horizon3.ai joins Project Glasswing

On July 15, Horizon3.ai announced its participation in Anthropic’s Project Glasswing, an initiative focused on securing the world’s most critical infrastructure. Horizon3.ai will apply Claude Mythos to its own defensive security work and contribute its deep experience in offensive security, vulnerability research, and security validation to the program by helping evaluate how advanced AI can identify exploitable risk, accelerate security research, and strengthen defensive outcomes. With Claude Mythos, their goal is to apply that expertise where it matters most: finding exploitable vulnerabilities before threat actors do.

Founded by leaders from the national security community, Horizon3.ai has always believed that effective defense begins with understanding how attackers operate. That philosophy has shaped the company’s approach to offensive security, vulnerability research, and security validation, and closely aligns with Project Glasswing’s mission of advancing the responsible application of AI to strengthen the security of critical infrastructure and widely used software, the company said.

“AI is fundamentally changing cybersecurity,” said Snehal Antani, CEO and co-founder of Horizon3.ai. “Our mission has always been rooted in helping government agencies, critical industries, and commercial organizations stay ahead of attackers. That mission closely aligns with Project Glasswing’s focus on strengthening the security of critical infrastructure and the open-source software they depend on. We look forward to contributing our experience researching vulnerabilities, understanding exploitability, and validating real-world risk to help advance the responsible application of AI in cyber defense.”

For years, Horizon3.ai has focused on the vulnerabilities that actually get exploited – conducting responsible disclosures, building proof-of-concept exploits, and validating real-world risk across hundreds of thousands of production security assessments. That research has repeatedly produced high-impact findings in widely deployed enterprise technologies, many of which were later added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog, according to the company.

The research has always started in the same place: software that threat actors actually target, including enterprise remote monitoring and management platforms, SIEM appliances, IT management tools, telephony infrastructure, ticketing systems, widely deployed open-source software. Not every vulnerability matters. They’ve built their reputation on finding the ones that do.

Source: Horizon3.ai

Stay in the know with breaking news from across the IC and IC contracting landscape by becoming a paid subscriber to IC News. Your support makes our work possible.