Project Glasswing: What It Means for Your CI/CD Pipelines

Blog post

Protect your workflows today, or get exploited tomorrow

David Widen
David Widen
April 8, 2026
Last week, Anthropic announced Project Glasswing - a cybersecurity initiative powered by their new Claude Mythos Preview model. The headline: an AI model that can autonomously discover software vulnerabilities better than most human security researchers. It has already found several vulnerabilities in decades-old software that is widely used by individuals and enterprises worldwide.
Anthropic is working with AWS, Apple, Cisco, and others as launch partners. Over 40 organizations maintaining critical infrastructure have been given access. It's one of the largest AI-driven cybersecurity initiatives we've seen to date.
However, there's something that should keep us all awake at night: if AI can find these vulnerabilities, it can exploit them. This is especially applicable to CI/CD pipelines. In fact, there have been 5 major CI/CD attacks over the past 3 weeks - and those are only the ones we know about.

Why CI/CD Pipelines Should Be Top-of-Mind

Project Glasswing focuses on vulnerabilities in operating systems, browsers, and open-source libraries. However, the implications extend far beyond application code.
Pipelines are where your most sensitive operations happen. They pull secrets from vaults, authenticate to cloud providers, sign container images, push to production registries, and deploy to Kubernetes clusters. Every one of these operations involves credentials, tokens, and network connections that represent high-value targets.
The attack vector is already proven. Earlier this year, Aquasec's open-source CVE scanner Trivy was compromised when attackers updated GitHub Actions tags to point to malicious code. And then LiteLLM was compromised. And then the axios npm package. And several others too. Within a span of 3 weeks.

The Scale of the Problem

Most enterprises manage hundreds or thousands of GitHub Actions Workflows. In our experience working with enterprise customers, the typical organization has significant gaps in basic CI/CD security hygiene:
  • Unpinned third-party actions. Workflows reference actions by version tag (e.g., actions/checkout@v4) instead of commit SHA, leaving them vulnerable to exactly the type of supply chain attack that hit Trivy.
  • Overly permissive token scopes. Workflows use default or write-all permissions for GITHUB_TOKEN instead of defining the minimum permissions each job actually needs.
  • No network egress controls. GitHub-hosted runners can connect to any external endpoint. There's no firewall, no allowlist, no visibility into where your pipeline data is going.
  • Hardcoded or poorly managed secrets. Credentials appear in workflow files, get passed between steps insecurely, or are accessible to jobs that don't need them.
  • No continuous compliance monitoring. Even organizations that have written compliance specifications for CI/CD have no automated mechanism to enforce them. Compliance is a point-in-time exercise, and drift is invisible.

What Organizations Should Do Right Now

This should be a major wake-up call for every enterprise. The fact that Claude Mythos can actively find vulnerabilities means attackers will leverage that same model to exploit your organization. This isn't happening tomorrow, its happening right now. Organizations need to take concrete steps to secure their CI/CD pipelines now or they'll end up as case studies in another CVE report.
We built CodeCargo to help protect your GitHub Actions estate from these type of attacks. Here's what you can do right now:
  1. Get Visibility Into Your Automation Estate. You can't secure what you can't see. CodeCargo provides deep insights into your GitHub Actions, workflows, dependencies, call graphs, and network egress.
  2. Enforce Supply Chain Security Controls. Pin GitHub Actions to specific commit SHAs. Fork important 3rd party GitHub Actions. Get rid of pull_request_target.
  3. Implement Network Egress Controls. Setup network egress policies with CargoWall. It's open-source software, you can use it for free. Connect it to the CodeCargo platform for stronger command-and-control capabilities.
  4. Automate Compliance at Scale. Upload your human-readable workflow compliance rules to CodeCargo - we handle the rest. We scan every GitHub Actions workflow, recommend fixes, and track drift over time.
  5. Lock Down AI-Generated Workflows. CodeCargo will scan AI-generated GitHub Actions workflows to ensure they follow best-practices and significantly reduce their attack surface.

Key Takeaways

Project Glasswing is a net positive for the industry. Having Anthropic, AWS, Google, and others collaborating on AI-driven vulnerability discovery will make open-source software more secure. However, the underlying message is clear: AI has reached a capability threshold where it can autonomously discover and exploit vulnerabilities at a pace and scale that humans cannot match.
CodeCargo can help strategically strengthen your CI/CD pipeline security today. Contact us to schedule a demo, or you can setup CodeCargo Starter edition for free today.
C

CodeCargo Team

The CodeCargo team writes about GitHub workflow automation, developer productivity, and DevOps best practices.

Previous Post
Enterprise Compliance for GitHub Actions Workflows
Next Post
CargoWall Quickstart - Up and Running at Light Speed