BY COLIN ELLINGSON, FULTON MAY SOLUTIONS
Your tier-one software vendors are using AI to clean up their code. The thousands of mid-market tools running your plant are not. That gap is Project Glasswing—and it’s the most underreported risk on your production floor right now.
Fulton May Solutions’ Q2 2026 Strategic Cybersecurity Report: Resilience and Risk in the Manufacturing Sector identifies Project Glasswing as one of the defining supply chain dynamics of the year. If you’re responsible for uptime, continuity, or vendor management in a manufacturing environment, here’s what you need to understand—and what you can do about it before it becomes a line-down event.
What Is Project Glasswing?
Project Glasswing refers to the accelerating effort by a small group of large, well-resourced software vendors—think Microsoft, Google, and a handful of other “alpha” players—to use frontier AI models to proactively scan their own codebases, surface legacy vulnerabilities, and remediate them at scale before attackers can weaponize them.
It sounds like good news. And for the organizations using those platforms, it is—to a point.
The problem is what’s left behind. The Q2 2026 report puts it plainly: roughly 12 major vendors are participating in Glasswing-style programs. The manufacturing sector runs on thousands of software dependencies. The vast majority of them—your MES vendors, your SCADA integrators, your remote monitoring tools, your logistics platforms—are not running AI-powered remediation programs. They are wide open to the same AI-accelerated discovery techniques that Glasswing is designed to defend against.
That exposure is what the report calls your “long-tail” vendor risk, and it sits directly beneath your production floor.
Why This Risk Has Changed in 2026
To understand why Project Glasswing matters right now, you need to understand what frontier AI has done to the attack timeline.
In 2022, the average time from vulnerability disclosure to exploit was 32 days. That was already uncomfortably short. In 2026, that window has collapsed to under five days—and in some cases, hours. Frontier AI models have demonstrated the ability to autonomously identify vulnerabilities that sat undetected for decades. The Q2 2026 report documents Claude Mythos identifying a 27-year-old bug in a security-hardened system and achieving unauthenticated root access—autonomously, for under $50.
That’s not a theoretical scenario. That’s the operational baseline.
What this means for manufacturing leaders: your patch cycle is no longer a risk management strategy. It’s a liability. When an AI can find an exploit and weaponize it in less time than your maintenance team can schedule a patching window, your traditional defenses are structurally outpaced.
The vendors covered by Project Glasswing have resources and incentives to keep pace. Your niche OT software vendor—the one whose support contract you renewed three years ago and whose remote access credentials are still active on your network—almost certainly does not.
A Scenario: How This Plays Out on the Floor
Picture a mid-size automotive parts manufacturer. Eighteen months ago, the operations team deployed an AI-assisted quality inspection tool from a mid-market software vendor. The tool connects to production-line sensors, writes quality data to a cloud dashboard, and requires persistent remote access from the vendor’s support team for updates and troubleshooting.
The integration went smoothly. No one flagged the vendor access as a standing risk because it had always been there—and because the tool was working.
In Q2 2026, an attacker uses a publicly available frontier AI model to scan the vendor’s platform for vulnerabilities. Within hours, they identify an unpatched flaw in the vendor’s remote access agent—a piece of software the vendor hasn’t updated in 14 months. They use that foothold to move laterally from the vendor’s environment onto the manufacturer’s network.
From there, the attacker doesn’t need to do anything dramatic. They don’t encrypt files or demand a ransom—not yet. They quietly map the IT/OT environment, identify which production systems the quality inspection tool touches, and wait. When they act, they isolate a critical production zone. The line stops.
The per-hour cost of that downtime—factoring in lost output, idle labor, expedite costs, and customer penalty clauses—runs well into the tens of thousands. The root cause isn’t a phishing email or a weak password. It’s a trusted vendor’s unpatched software, persistent access credentials that were never reviewed, and no visibility into what that vendor connection was actually doing on the network.
This is not a hypothetical. It’s a composite of breach patterns the Q2 2026 report documents as active threats in the manufacturing sector today.
The Core Problem: Visibility and Ownership
Most mid-market manufacturers don’t have a full picture of which vendors have active access to their environments, what permissions those connections carry, or when those access grants were last reviewed. On the OT side, this problem is compounded by devices that were never designed to support modern security agents—legacy industrial controllers, embedded systems, and PLCs that can’t be patched without voiding warranties or breaking production.
The Q2 2026 report identifies a striking statistic: only 9% of organizations have microsegmented the majority of their critical systems. That 91% gap represents the blast radius available to an attacker who gets in through any single entry point—including a vendor’s compromised update agent, an OAuth token from a third-party integration, or a credential harvested from a personal device used on the corporate network.
The Vercel/Context.ai breach documented in the report is instructive: malware introduced through a consumer-grade game cheat on an employee’s personal device allowed attackers to steal OAuth tokens and use them to bypass enterprise firewalls entirely. Credentials, not perimeter controls, were the attack surface. The same dynamic applies every time a vendor technician VPNs into your environment using credentials that haven’t been audited in 18 months.
Visibility and ownership are the twin prerequisites for everything else. You can’t protect what you can’t see. You can’t enforce what no one owns.
What Controls Actually Fit Manufacturing Realities
The good news: the controls that address Project Glasswing exposure don’t require ripping out legacy infrastructure or shutting down production lines to implement. They’re designed to work around operational constraints—because in manufacturing, security that interrupts the line doesn’t get deployed.
Here’s a practical checklist drawn from the Q2 2026 report’s recommendations:
Vendor Access & Policies
- Audit all active vendor access credentials quarterly. Treat OAuth grants and VPN accounts as a vendor-risk function. Revoke anything that isn’t tied to a current, documented business need.
- Enforce just-in-time access for vendor connections. Persistent, always-on vendor access is unnecessary for most support functions. Require vendors to request access for specific maintenance windows.
- Define and enforce a vendor remote access policy. Document which vendors have access, to what systems, with what permissions, and who internally owns that relationship. If no one owns it, it’s a gap.
Network Segmentation & IT/OT Visibility
- Implement Zones and Conduits (IEC 62443). Logically group OT assets by security requirements and define the only authorized communication paths between zones. This prevents lateral movement without requiring physical rewiring.
- Deploy identity-aware microsegmentation. For unpatchable legacy devices, network-level segmentation is the primary compensating control. Move policy enforcement to the switch level so every port is a policy enforcement point.
- Use virtual patching for legacy OT devices. Deploy IPS-like signatures at the network layer to block known exploits targeting devices that can’t receive vendor patches. This covers your exposure window without touching the device itself.
Data Controls & Credential Hygiene
- Audit AI tool integrations for data access scope. Any AI tool connected to production data should have explicit, documented permissions. Default configurations frequently expose more than intended—treat “sensitive” flagging as something you must verify, not assume.
- Review environment variables and API keys across production systems. The Q2 2026 report identifies non-sensitive defaults as a hidden data-leak surface. An attacker who gets access to your deployment environment can exfiltrate hundreds of secrets simultaneously.
- Require MFA on all vendor-facing accounts. Credential theft is the entry vector of choice in 2026. MFA doesn’t eliminate the risk, but it raises the cost of exploitation substantially.
Monitoring Basics
- Shift from perimeter monitoring to behavioral monitoring. In 2026, the attacker often has valid credentials. Behavioral analytics—detecting deviations from normal access patterns—catches what signature-based tools miss.
- Extend monitoring to AI agents and automated workflows. If you’ve deployed AI tools that act autonomously on production data (logistics optimization, quality inspection, inventory management), those agents need behavioral oversight. Machine-speed permission abuse can cause material financial damage before a human analyst can respond.
- Correlate IT and OT signals. Threats that originate on the IT side and traverse into OT are invisible when monitoring systems don’t share context. Unified visibility across both environments is a prerequisite for detecting the lateral movement pattern described in the scenario above.
From the Q2 2026 Report
“What is our ‘Supply Chain Siege’ exposure outside of Project Glasswing? While 12 ‘alpha’ vendors (like Microsoft and Google) are using AI to clean their code through Project Glasswing, the thousands of mid-market software dependencies in our supply chain are not. We must identify our exposure to these ‘long-tail’ vendors who remain wide open to AI-accelerated discovery.”
— Q2 2026 Strategic Cybersecurity Report: Resilience and Risk in the Manufacturing Sector, Fulton May Solutions
This question—framed in the report as a board-level decision support item—gets at the heart of why Project Glasswing matters beyond the IT security function. It’s a supply chain question. It’s a vendor management question. And for any operations leader who owns uptime accountability, it’s a business continuity question.
What to Do First
If you’re coming to this with limited bandwidth and a full production schedule, the highest-leverage starting point is deceptively simple: know what’s connected.
Run a vendor access audit. List every third-party tool, integration, or remote access credential active in your environment. For each one, identify who internally owns the relationship, when the access was last reviewed, and what systems it touches. That inventory is the foundation for everything else—and most manufacturers don’t have it.
From there, the Q2 2026 report recommends prioritizing microsegmentation of your most critical OT zones, implementing virtual patching for legacy devices you can’t update, and transitioning your monitoring posture toward behavioral detection. None of these require production downtime to initiate. All of them can be scoped to fit maintenance windows.
The companies navigating 2026’s threat environment without incident aren’t necessarily the ones with the largest security budgets. They’re the ones who know what they have, own what they’re responsible for, and have closed the visibility gap before an attacker found it first.
Get the Full Q2 2026 Manufacturing Cybersecurity Report
The complete report includes the full Project Glasswing analysis, board-level financial impact frameworks, the 2026 Velocity Gap Metric, and a detailed action plan for mid-market manufacturers. Built for operations leaders who need defensible decisions, not technical jargon.
Colin Ellingson is a cybersecurity strategist at Fulton May Solutions, focused on operational resilience and IT/OT security for mid-market manufacturers.






