Over the past week, reaction to Anthropic’s Glasswing disclosure has split along familiar lines. At one end: alarm over an AI system capable of autonomously identifying and exploiting vulnerabilities. At the other: dismissive hot takes, arguing there is nothing new here. A more grounded view comes from a new briefing by the Cloud Security Alliance (CSA), led by Gadi Evron, CEO of Knostic and CISO-in-Residence for AI at the alliance; Rob T. Lee, chief AI officer and chief of research at SANS Institute; and Rich Mogull, chief analyst at CSA. The paper draws on a deep bench of contributors, including former CISA Director Jen Easterly, Bruce Schneier, former National Cyber Director Chris Inglis,...