Glasswing project
Project Glasswing is an initiative by IBM Technology focused on developing and applying effective methodologies for discovering vulnerabilities in AI and Large Language Models (LLMs).
Overview & Origins
The project emerged from the need to address security gaps in generative AI systems, moving beyond traditional application security to target model-specific failure modes. Key findings and methodologies were detailed in the “Security Intelligence” podcast episode “First findings from Project Glasswing” (2026-05-30) featuring experts from IBM’s security team.
Key Insights & Methodology
Details from the initial findings are documented in LLM Vulnerability Discovery Methodology. Core aspects include:
- Expert Panel Insights: Discussion led by Matt Kosinski, featuring:
- Kimmie Farrington (Security Detection Engineer): Focuses on detection engineering within AI pipelines.
- Dustin Heywood (aka EvilMog, Executive Managing Hacker): Provides offensive security perspectives and red-teaming strategies.
- Curtis Pitts (Lead CD Security): Addresses integration of security checks into continuous integration/deployment flows for AI models.
- Vulnerability Discovery: Emphasizes a structured approach to identifying prompt injection, data leakage, and model hijacking vectors specific to LLM architectures.
- Strategic Shift: Moves from manual, ad-hoc testing to systematic, repeatable vulnerability discovery processes tailored for the AI lifecycle.
Related Concepts
- ai-security
- large-language-models
- Penetration Testing
- ibm-technology