New at Horizon3.ai

Horizon3.ai Joins Anthropic’s Project Glasswing to Help Defend Critical Infrastructure with the Attacker’s Perspective

SAN FRANCISCO–July 15, 2026– Horizon3.ai, the AI-Native Proactive Security Company behind NodeZero®, today announced its participation in Anthropic’s Project Glasswing, an initiative focused on securing the world’s most critical infrastructure. Horizon3.ai will apply Claude Mythos to its own defensive security work and contribute its deep experience in offensive security, vulnerability research, and security validation to the program by helping evaluate how advanced AI can identify exploitable risk, accelerate security research, and strengthen defensive outcomes. With Claude Mythos, their goal is to apply that expertise where it matters most: finding exploitable vulnerabilities before threat actors do. 

Forged in National Security, Focused on the Adversary

Founded by leaders from the national security community, Horizon3.ai has always believed that effective defense begins with understanding how attackers operate. That philosophy has shaped the company’s approach to offensive security, vulnerability research, and security validation, and closely aligns with Project Glasswing’s mission of advancing the responsible application of AI to strengthen the security of critical infrastructure and widely used software. 

“AI is fundamentally changing cybersecurity,” said Snehal Antani, CEO and co-founder of Horizon3.ai. “Our mission has always been rooted in helping government agencies, critical industries, and commercial organizations stay ahead of attackers. That mission closely aligns with Project Glasswing’s focus on strengthening the security of critical infrastructure and the open-source software they depend on. We look forward to contributing our experience researching vulnerabilities, understanding exploitability, and validating real-world risk to help advance the responsible application of AI in cyber defense.” 

A Track Record Built on Exploitability

For years, Horizon3.ai has focused on the vulnerabilities that actually get exploited – conducting responsible disclosures, building proof-of-concept exploits, and validating real-world risk across hundreds of thousands of production security assessments. That research has repeatedly produced high-impact findings in widely deployed enterprise technologies, many of which were later added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog.

The research has always started in the same place: software that threat actors actually target, including enterprise remote monitoring and management platforms, SIEM appliances, IT management tools, telephony infrastructure, ticketing systems, widely deployed open-source software. Not every vulnerability matters. They’ve built their reputation on finding the ones that do. 

This year, their AI-assisted research surfaced CVE-2026-34197, a remote code execution vulnerability in a widely deployed open-source message broker, and CVE-2026-48558, a critical authentication bypass in a remote monitoring and management platform. Both landed on CISA’s KEV Catalog after threat actors moved to exploit them following public disclosure.

Securing Our Future

Generative AI has changed the vulnerability research landscape. Previous tasks such as reverse engineering, harness building, and getting up to speed on a codebases’ architecture are orders of magnitude faster. What would take an experienced engineer weeks takes days. Agentic skills, pipelines, and MCP servers exist for almost every piece of the workflow now. 

Having enough trained eyes to review the world’s software has always been a bottleneck of securing it. Current publicly available models excel at identifying unsafe patterns in code, but without a proper harness or being driven by an experienced researcher, fail to reliably associate disparate information that helps distinguish a bug from an exploitable vulnerability.

The technology is moving fast. What matters is what you do with it. As Antani puts it, “The future of cybersecurity won’t be defined by who has access to the most powerful AI. It will be defined by who can combine AI, security expertise, and operational discipline to reduce real-world risk. That’s the challenge in front of all of us.” 

“It is an exciting time to be in this space, and we look forward to every new model release and evaluating the capabilities of Anthropic’s Mythos to see the gaps close even further,” said Zach Hanley, Chief Attack Engineer at Horizon3.ai. “In the few days we have had access to Mythos, we’ve already identified impactful vulnerabilities, and we look forward to detailing some of those findings publicly.”

About Horizon3.ai

Horizon3.ai, the AI-Native Proactive Security Company behind NodeZero®, shifts the advantage from attackers to defenders by giving organizations the power to fight AI with AI. NodeZero, the World’s Best AI Hacker™, autonomously tests your defenses at machine speed, safely finds and prioritizes exploitable attack paths, instantly verifies fixes, and drives a continuous hack, fix, verify loop. More than 5,500 organizations including the NSA, CISA, Fortune 100 giants, and major healthcare providers trust Horizon3.ai to prioritize what matters and for security you can prove.

Follow HORIZON3.ai on LinkedIn and X.

Horizon3.ai Media Contact

Stephen Gates

press@horizon3.ai

How can NodeZero help you?
Let our experts walk you through a demonstration of NodeZero®, so you can see how to put it to work for your organization.
Get a Demo
Share: