Can Glasswing Stop the AI Backlash?
I think there’s a path to to transform Anthropic’s Project Glasswing into real, independent governance that restores trust in American AI
Outside of my academic research, I’ve spent the last eight years advising tech companies large and small on how to navigate an increasingly complex political world, and how to build governance structures that can help them to restore trust where it’s most needed and most lacking.
In case you haven’t noticed, the AI industry has political problems.
The federal government declared Anthropic a “supply chain risk.” Anti-AI activists are lobbing Molotov cocktails and firing bullets at Sam Altman’s house. Voter sentiment has turned sharply against AI, and the latest data suggests that anti-AI populism is the Democratic party’s best messaging strategy heading into the midterms. Now, amidst claims that Anthropic’s new model might create novel security threats, major figures are even wondering if the labs will have to be nationalized.
At the root of all of these fears is a sense of a loss of control—a sense that AI companies are usurping the powers of the state, deciding things that the people and their elected government should get to decide, and doing it in invisible ways we can’t see or understand.
Straight into this maelstrom flies Project Glasswing, Anthropic’s effort to generate alignment and awareness for the purportedly unprecedented capabilities of its new ‘Mythos’ model.
By recruiting over 50 organizations, including AWS, Apple, Google, Microsoft, CrowdStrike, JPMorganChase, and the Linux Foundation, to test and vet the model before public release, Glasswing marks the most robust attempt yet at meaningful self-governance for frontier models.
It’s driven by Anthropic and doesn’t include all the other labs, doesn’t have any binding authority to block model launches, and doesn’t deliver any explicit relief from legal liability or government buy-in for participants. Some cynics seem to think this is a pure marketing play.
Despite these very real concerns, I think Glasswing could prove to be a very meaningful step towards genuine self-regulation of the form I called for in my previous piece on lab governance, The Enlightened Absolutists.
The question is whether, if you look at the bigger picture, a project of its nature has the teeth to temper the rapidly hardening debates around the politics of AI. What does it take to turn something like Glasswing into a credible governing body?
History, research, and my own experiences helping to design self-regulatory bodies for Meta (with varying degrees of success) all suggest that it would need to include the whole industry and not be led by one lab, credibly constrain the labs with legal force, and protect not just against novel cybersecurity threats but against a broader array of threats in ways that build political trust.
A badly designed version of Glasswing could become a cartel that stifles innovation and forces competitors to beg for licenses that Anthropic and other incumbents may feel incentivized to withhold. We have to get the details right.
And that’s what I try to start doing in this piece—propose some specific ideas for how we could grow Glasswing into a whole-industry self-regulatory body with broad trust and focused but important powers to prevent the misuse of AI, all without having to wait for a Congress that’s unlikely to act.
Glasswing: a new governance consortium?
As announced, Glasswing is just a temporary initiative. But there is clearly a path to making it more permanent and broader, so that it helps to address not only the acute cybersecurity challenges posed by Mythos but the broader political quagmire coming for AI. Anthropic itself is apparently thinking in this direction, as Alex Heath has reported:
This instinct is informed by history. Industries have repeatedly built cross-company governance structures when they recognized that any single member’s failure could threaten the legitimacy of the entire sector.
After Three Mile Island, every nuclear utility in the United States joined the Institute of Nuclear Power Operations, recognizing that a meltdown at any one plant would produce a political backlash against all of them. The securities industry has operated under self-regulatory organizations since the 1930s, with FINRA supervising broker-dealers under SEC oversight. Underwriters Laboratories turned private safety certification into a de facto market requirement by embedding its standards into building codes, insurance requirements, and retailer policies.
There’s something of a pattern across these historical cases, though it’s easy to over-extrapolate. Self-governance is more credible when it combines at least four crucial ingredients: independent assessment by people with genuine expertise, incentives that make nonparticipation costly, broad enough participation to prevent free-riding, and an external backstop from regulators, insurers, or courts that gives the system’s judgments real weight.
When those conditions don’t hold, self-governance can devolve into trade associations with impressive rhetoric or standards bodies that nobody is obligated to follow.
I played a small role in helping to design Meta’s Oversight Board, a quasi-independent entity with binding legal authority to overrule the company on content moderation decisions. The Board meets many of these key conditions. It has real legal authority and a team of impressive, worldwide free expression experts. But it has not yet obtained the cross-industry participation that would solidify its role. That’s what Glasswing will need to do, and much more quickly.
Even the success stories of self regulation come with caveats, too. The nuclear industry’s safety record improved markedly after INPO, but nuclear energy itself stagnated in the United States for decades. Self-governance can build credibility without necessarily maintaining the space for companies to innovate, and this is absolutely essential for AI.
The question, then, is whether Glasswing can develop all four of these conditions or whether it will plateau as something that looks credible on paper but doesn’t actually constrain behavior.
What Glasswing needs to become
So what would it take to grow Glasswing from an Anthropic-led initiative into the kind of industry-wide governance body that could meaningfully rebuild trust?
It needs to include everyone at the frontier.
The legitimacy of self-governance depends on having everyone who’s relevant participate. As long as OpenAI is outside the system (and arguably xAI, too), it looks like an Anthropic-led club rather than an industry standard. For this to work, everyone needs to be in.
This might not be easy. Already, OpenAI has responded to Glasswing by announcing its own security initiative. In the announcement, they go out of their way to criticize Glasswing, indirectly, for the way Anthropic has hand-picked the participants. They write:
“Democratized access: Our goal is to make these tools as widely available as possible while preventing misuse. We design mechanisms which avoid arbitrarily deciding who gets access for legitimate use and who doesn’t.”
Shots fired!
But maybe there are paths forward. The project would be a lot more palatable if it were genuinely not led by Anthropic. An independent governance structure with its own board, its own funding, and its own decision-making processes would make joining feel less like submitting to a competitor’s oversight and more like participating in a shared industry institution.
There are also ways to increase the benefits of joining. The more other kinds of partners participate, the more valuable membership becomes. Cloud providers and major enterprise customers who require Glasswing certification from any model they deploy would create powerful market incentives. If AWS, Google Cloud, and Azure all conditioned access on Glasswing participation, opting out would mean forgoing the dominant distribution channels.
The history of self-governance tells us that these network effects are powerful. UL became a de facto requirement not because manufacturers believed in safety testing but because building codes, insurers, and retailers all relied on UL certification. Glasswing—or the independent version of it—needs the same kind of structural pull.
It needs to accelerate innovation, not slow it down
In a world of cutthroat competition with China and immense opportunities from AI, Glasswing cannot function as a licensing regime that slows deployment to a crawl. It needs to be seen as enabling innovation by delivering fast, predictable, but rigorous evaluations that restore public trust in AI.
That probably means standardized testing protocols that labs can design against in advance, not open-ended review processes where nobody knows what the bar is or how long the wait will be. It means tight feedback loops where identified problems lead to concrete fixes rather than indefinite holds.
More important than the speed of the reviews is that the project makes companies feel that it’s leaving them better off by improving the trust deficits that threaten to lead to catastrophic slowdowns—like bans on data centers, or other policies that populist politicians are starting to float.
If the labs see joining this consortium as a way to ship models that society trusts, it will give them the reassurance they need to continue accelerating model development.
It needs to create strong commitments
Self-regulation rebuilds trust by tying companies’ hands. Instead of saying “trust us that we won’t do harm,” effective self-regulation allows companies to say “we can’t do harm.” This only works if the governance structure actually ties the companies’ hands, though.
Advisory recommendations that Anthropic and other labs can ignore, or regulatory structures that Anthropic or other labs can unilaterally dismantle, do not create this credibility. The commitments need to be binding in some meaningful sense, whether through contractual obligations, insurance conditions, regulatory incorporation, or reputational mechanisms with real teeth.
There are plenty of ways to do this that don’t require waiting for Congress to pass new laws. For one example, under Section 5 of the FTC Act, companies that publicly commit to a self-regulatory code and then violate it can face significant legal liability for deceptive practices. The Digital Advertising Alliance was built in close collaboration with the FTC on exactly this model. Companies that join must state their adherence to DAA principles, which establishes the FTC as an enforcement backstop. If they don’t honor the codes they sign up for, the FTC has stated explicitly that they could face enforcement actions. The DAA has issued over 120 compliance actions under this framework, and the FTC itself has cited DAA principles as a basis for its own enforcement.
The same kind of logic could apply to a Glasswing-style body. If a lab publicly joins and then ignores the consortium’s findings, it has made a representation to the public that it isn’t living up to. That’s an existing enforcement lever, no new legislation required. And there are plenty of other related mechanisms that can be explored, too.
And it will need to expand beyond cybersecurity
The framing around Glasswing right now is almost entirely about whether Mythos creates novel cybersecurity threats and whether the consortium can identify and mitigate them before launch. That’s a legitimate concern, but it’s also a narrow one, and it risks reducing Glasswing to an exercise in vulnerability scanning when the actual political crisis facing AI is much larger.
The political crisis is about power. It’s about whether a handful of companies will make decisions that reshape economies, labor markets, information ecosystems, and the balance between citizens and their governments, and whether anyone outside those companies has a meaningful say. Cybersecurity is one dimension of that problem. It is not the whole problem, and arguably not the most important one. If Glasswing remains limited to cybersecurity, it will be useful but it will not address the deeper reasons the public has lost trust in the AI industry.
The path forward
If Glasswing can develop along these lines, it becomes something genuinely new, the beginning of the kind of self-regulatory model that I argued in The Enlightened Absolutists is the only viable path between nationalization and unchecked corporate power.
None of this requires waiting for Washington. Congress is unlikely to pass meaningful AI legislation anytime soon, and the technology is moving faster than any legislative process can keep up with anyways.
Fortunately, the legal mechanisms for credible self-governance already exist, the historical precedents are instructive, and many of the necessary industry participants are already in the room. What’s missing is the institutional design that turns a promising Anthropic initiative into a durable, independent, industry-wide body with real authority.
That’s a solvable problem, and solving it would give the United States something potentially special: a governance framework for frontier AI that is fast enough to keep pace with innovation, credible enough to rebuild public trust, and robust enough to make the case against nationalization on the merits rather than on faith. The window won’t stay open for long. The labs should move now.