The Korea Information Security Industry Association (KISIA) is pushing for the launch of “K-Glasswing” (tentative name). The initiative is expected to become a core pillar of the government's inter-ministerial public-private framework designed to address AI vulnerabilities, serving as a focal point that unites the capabilities of cybersecurity firms, AI developers, and public agencies.
◇ The Rise of AI-Driven Cybersecurity Alliances
The United States has already launched specialized AI security projects led by prominent AI developers. Anthropic, through its “Glasswing” project, is driving a vulnerability detection initiative utilizing “Mythos,” a frontier AI model specialized in security. Similarly, OpenAI is building an AI-driven cyber defense ecosystem via its “Daybreak” project.
These initiatives operate primarily around companies and organizations from the U.S. and its allied nations. As AI emerges as a foundational technology for both cyberattacks and defense, access to these security-specific AI models is becoming a critical pillar of international cybersecurity cooperation.
South Korea participates in both U.S. projects through the Korea Internet & Security Agency (KISA). However, because the scope of utilization for these foreign frontier AI models remains limited, there is a pressing need to establish an independent domestic response system alongside international cooperation.
◇ K-Glasswing to Serve as an AI Vulnerability Diagnostic Hub
A key catalyst behind the K-Glasswing initiative is that global projects alone cannot accommodate the sheer volume of vulnerability assessment demands from South Korean enterprises and institutions. While the demand for vulnerability auditing across software, networks, and AI services is surging, domestic collaborative structures for systematic, AI-driven diagnostics are still in their infancy.
K-Glasswing is expected to fill this void. In its initial phase, the project will conduct security audits utilizing top-tier, open-source global AI models. This phase will be spearheaded by domestic offensive security firms. Because these systems must navigate hacking-related domains that are typically restricted for general users, the specialized expertise of security firms with real-world experience in discovering and verifying vulnerabilities is essential.
KISA's role will also be pivotal. KISA will share global technical trends and threat intelligence acquired through its participation in the Anthropic and OpenAI projects with the domestic private council. This will enable South Korean cybersecurity firms to leverage international insights and accelerate their response to evolving cyber threats.
◇ Collaborating on Specialized AI Security Models
In the long run, securing a sovereign, specialized AI security model for South Korea is seen as the ultimate objective. Because cybersecurity is directly tied to national security, relying solely on foreign frontier AI models poses structural risks; the nation must possess its own AI models tailored to the domestic security environment.
This imperative explains why leading South Korean AI developers--such as Upstage, LG AI Research, SK Telecom, and Naver Cloud--are being eyed as potential participants.
The vulnerability analysis data and verification results accumulated within K-Glasswing can serve as foundational assets for training a sovereign security AI model. For a security-specific AI model to mature, it requires a steady influx of real-world attack techniques, defense case studies, vulnerability types, and mitigation outcomes. Under this framework, security vendors can provide hands-on vulnerability analysis data, while AI developers integrate this data into model training and safety alignment.
“Consolidating domestic capabilities to strengthen vulnerability discovery and threat analysis is a highly pragmatic and strategic approach,” said Won-tae Lee, a special professor at Kookmin University. “Moving forward, K-Glasswing should evolve to become the foundation of a South Korean AI-CVD (Coordinated Vulnerability Disclosure) framework, ultimately collaborating with domestic AI firms to develop security-specific AI models and automated security agents.”
