Project Glasswing Has a Blind Spot. It's You (quodeq.ai)

Anthropic has launched Project Glasswing, an AI-driven system designed to rapidly identify zero-day vulnerabilities, outperforming human teams with an impressive 83.1% score on vulnerability reproduction benchmarks. In just weeks, Glasswing has uncovered thousands of long-overlooked bugs, including critical issues within major software systems like OpenBSD and FFmpeg. However, access to this groundbreaking tool is limited to only fifty partner organizations, raising concerns about equity in cybersecurity, particularly for smaller companies and open-source maintainers who may lack the resources to address newly discovered vulnerabilities. The significant gap between discovering vulnerabilities and having the capacity to fix them poses a pressing challenge for the broader software ecosystem. While larger companies with dedicated security teams can manage the workload effectively, startups and smaller teams may find themselves overwhelmed. The proliferation of exploits, particularly after Anthropic's 90-day public reporting window, could leave them vulnerable. In response, Victor Purcallas Marchesi has introduced Quodeq, an open-source code quality and security scanner that democratizes access to AI-driven security analysis. Unlike proprietary tools, Quodeq allows anyone—regardless of budget—to evaluate their code across multiple dimensions without the burden of cloud dependencies or vendor lock-in, empowering developers to address vulnerabilities proactively before they become targets.