British Telecom has signed onto Anthropic’s Project Glasswing, a push to use artificial intelligence for finding security holes in software before attackers can exploit them. The move brings one of the UK’s biggest telecom providers into a program that aims to automate vulnerability scanning with large language models.
What Project Glasswing targets
Project Glasswing is Anthropic’s effort to turn its generative AI models into code auditors. Instead of just writing or summarizing code, the AI is trained to spot common vulnerabilities like buffer overflows, SQL injection points, and authentication flaws. By joining the project, BT gets early access to those scanning tools and presumably feeds back findings to improve the models.
For a telecom giant that runs networks spanning millions of customers and businesses, automated scanning has obvious appeal. Manual code reviews are slow and expensive. Software supply chains now include thousands of open-source components, each a potential entry point for a breach. If an AI can scan a codebase in minutes rather than weeks, the time between a vulnerability being introduced and a patch being written could shrink dramatically.
Why BT is a natural fit
BT’s cybersecurity arm has long focused on protecting critical national infrastructure. The company runs one of the largest private networks in the UK and handles data for government agencies, banks, and healthcare providers. A breach in its system wouldn’t just affect phone bills; it could disrupt emergency services or financial transactions.
Anthropic, the San Francisco-based AI lab behind the Claude model family, has made safety a core part of its brand. Project Glasswing is part of that mission — building AI systems that can defend other systems. Getting a telecom operator like BT involved gives Anthropic real-world deployment data and stress tests that isolated lab environments can’t provide.
No details on rollout yet
Neither BT nor Anthropic has disclosed timelines, financial terms, or how deeply the scanning tools will be integrated into BT’s existing security pipeline. It’s also unclear whether the AI scanning will be offered as a service to BT’s enterprise clients or kept internal.
What is known: BT will participate in the project’s research phase, contributing vulnerability datasets and use cases. That could help Anthropic refine its models on the kind of code that actually runs in large telecom networks — code that mixes legacy systems, third-party software, and custom-built infrastructure.
Regulatory and trust questions
Using an AI to scan code raises its own set of risks. If the model flags a false positive, engineers chase a ghost. If it misses a real vulnerability, the system becomes a false sense of security. Regulators in the UK and Europe are watching how AI is deployed in critical sectors, and any incident involving BT’s network would attract scrutiny.
BT has not said whether the AI scanning will be audited by an independent third party or how it plans to handle the privacy implications of uploading proprietary code to Anthropic’s cloud. Those questions remain open as the partnership gets underway.
