Glasswing vs Agents SDK：多雲安全治理 vs Agent 協調框架

從單點防禦到多雲治理：Glasswing 與 Agents SDK 的架構差異

在 2026 年，AI 安全的戰場已從「單點防禦」轉向「多雲治理」。Anthropic 的 Glasswing 計畫與 OpenAI 的 Agents SDK 代表了兩種不同的架構路徑：一種是跨組織的多雲安全治理協議，另一種是模型原生 Agent 協調框架。兩者都試圖解決同一問題——如何讓 AI Agent 在複雜系統中安全地執行任務——但採取了完全不同的權衡。

Glasswing：多雲安全治理協議

Glasswing 是 Anthropic 發起的跨組織安全協議，AWS、Apple、Broadcom、Cisco、CrowdStrike、Google、JPMorganChase、Linux Foundation、Microsoft、NVIDIA 與 Palo Alto Networks 聯合參與。核心前提是：

Claude Mythos Preview 已達到能夠超越除了最熟練人類之外的漏洞發現與利用能力。

關鍵特徵：

• 多雲協議：跨雲提供商的標準化安全檢查
• 模型原生防禦：使用 Claude Mythos Preview 進行漏洞掃描與修補
• 跨組織協作：開源維護者、企業、政府共同參與

實踐數據：

• Mythos Preview 在 Cybersecurity Vulnerability Reproduction benchmark 上達到 83.1%，對比 Opus 4.6 的 66.6%
• 在 Terminal-Bench 2.0 上達到 92.1%（4 小時超時限制）
• 自主發現並報告了數千個零日漏洞，包括 OpenBSD 與 FFmpeg 的 27 年與 16 年舊漏洞
• 在 SWE-bench 上 77.8%，BrowseComp 上使用 4.9× 更少 tokens

部署邊界：

• 局部漏洞檢測（本地代碼庫）
• 二進制黑盒測試
• 端點安全掃描
• 系統滲透測試

權衡：

• ✅ 跨組織協同，可擴展到數千組織
• ✅ 標準化安全流程
• ❌ 依賴模型可用性（目前為研究預覽版）
• ❌ 治理協議的採用成本

Agents SDK：模型原生 Agent 協調框架

Agents SDK 是 OpenAI 發布的 Agent 開發框架，核心定位是：

讓 Agent 在電腦上的檔案與工具上工作，並透過原生沙箱執行以安全地完成工作。

關鍵特徵：

• 模型原生 Harness：直接對齊模型執行模式
• 沙箱感知協調：容器級隔離，可 snapshot/重置
• Agentic Primitives：MCP、技能（skills）、AGENTS.md、apply patch、shell 工具
• Manifest 抽象：可移植工作區描述（本地檔案、S3/GCS/Azure Blob/R2）

實踐數據：

• 支援 sandbox-aware orchestration（容器級隔離）
• 可 snapshot agent 狀態並在失敗後恢復
• 可路由 subagents 到隔離環境
• 可跨容器並行化工作以加快執行

部署邊界：

• 文件與代碼分析
• 系統命令執行
• 跨步驟協調（長時間任務）
• 多工具與多系統整合

權衡：

• ✅ 模型原生能力最大化
• ✅ 沙箱安全執行
• ❌ 依賴單一模型供應商
• ❌ 需要容器基礎設施

對比：治理 vs 工具

商業化角度：從工具到治理

Glasswing 的商業化潛力在於企業級安全即服務：

• 安全檢測即服務：按漏洞數量或 tokens 收費
• 企業合約：為 Fortune 500 提供定製化安全協議
• 政府合作：國家級基礎設施保護

Agents SDK 的商業化潛力在於企業 Agent 平台：

• 開發者工具：提供 Agent 開發框架
• 企業 Agent 諮詢：幫助企業部署 Agent
• Agent 運營商：托管 Agent 託管服務

兩者的結合——Glasswing 提供安全治理協議，Agents SDK 提供 Agent 開發框架——可能會形成一個完整的安全 Agent 產業鏈。

部署場景：混合架構

一種可行的部署場景是：

1. Glasswing 層：跨組織安全協議，定義什麼是「安全的 Agent 執行」
2. Agents SDK 層：提供具體的 Agent 執行框架，實現安全協議
3. 企業落地：
   • 企業內部 Agent 使用 Agents SDK
   • 通過 Glasswing 協議與外部系統交互
   • 安全團隊使用 Glasswing 模型進行安全掃描

實踐案例：

• Datavault AI：100 美國城市物理私有邊緣雲，零信任網絡
• Microsoft：每日分析 400 兆網絡流，AI 是安全防禦核心
• CrowdStrike：早期採用 Glasswing，認為「沒有回頭路」

結論

Glasswing 與 Agents SDK 代表了兩種不同的解決方案——一種是治理層級的協議，另一種是工具層級的框架。在 2026 年，我們可能會看到一個混合架構：Agents SDK 用於 Agent 開發與執行，Glasswing 用於跨組織安全協議與治理。

這種架構的挑戰在於：

• 模型可用性：Mythos Preview 目前為研究預覽版，Opus 將帶來新的安全防護
• 治理採用：企業是否願意參與跨組織安全協議
• 權限邊界：Agent 沙箱逃逸與模型輸出安全

但這也是一個不可逆轉的趨勢：AI Agent 將成為安全與運營的核心工具。關鍵不是選擇 Glasswing 還是 Agents SDK，而是理解它們如何共同塑造未來的安全架構。

來源：

• Anthropic Project Glasswing (2026-04-07)
• OpenAI Agents SDK Announcements (2026-04-15)
• Google DeepMind News (2026-03-31)

From single point of defense to multi-cloud governance: architectural differences between Glasswing and Agents SDK

In 2026, the AI security battlefield has shifted from “single point defense” to “multi-cloud governance.” Anthropic’s Glasswing project and OpenAI’s Agents SDK represent two different architectural paths: one is a cross-organizational multi-cloud security governance protocol, and the other is a model-native Agent coordination framework. Both are trying to solve the same problem—how to get AI agents to safely perform tasks in complex systems—but with completely different trade-offs.

Glasswing: A multi-cloud security governance protocol

Glasswing is a cross-organization security protocol launched by Anthropic, with participation from AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA and Palo Alto Networks. The core premise is:

Claude Mythos Preview has reached a point where it can surpass the vulnerability discovery and exploitation capabilities of all but the most skilled humans.

Key Features:

• Multi-Cloud Protocol: Standardized security checks across cloud providers
• Model Native Defense: Use Claude Mythos Preview for vulnerability scanning and patching
• Cross-organizational collaboration: Open source maintainers, enterprises, and governments participate together

Practical data:

• Mythos Preview achieved 83.1% on the Cybersecurity Vulnerability Reproduction benchmark, compared to 66.6% for Opus 4.6
• 92.1% on Terminal-Bench 2.0 (4 hour timeout limit)
• Independently discovered and reported thousands of zero-day vulnerabilities, including 27- and 16-year-old vulnerabilities in OpenBSD and FFmpeg
• 77.8% on SWE-bench, using 4.9× fewer tokens on BrowseComp

Deployment Boundary:

• Local vulnerability detection (local code base)
• Binary black box testing
• Endpoint security scanning
• System penetration testing

Trade-off:

• ✅ Cross-organization collaboration, scalable to thousands of organizations
• ✅Standardized safety procedures
• ❌ Dependency model availability (currently in research preview)
• ❌ Adoption costs of governance protocols

Agents SDK: Model-native Agent coordination framework

Agents SDK is an Agent development framework released by OpenAI. Its core positioning is:

Let Agents work on files and tools on your computer, and execute them through a native sandbox to complete their work securely.

Key Features:

• Model Native Harness: directly align model execution mode
• Sandbox-aware coordination: container-level isolation, snapshot/resetable
• Agentic Primitives: MCP, skills, AGENTS.md, apply patch, shell tool
• Manifest Abstract: Portable workspace description (local archive, S3/GCS/Azure Blob/R2)

Practical data:

• Support sandbox-aware orchestration (container-level isolation)
• Ability to snapshot agent state and recover after failure
• Routeable subagents to isolated environments
• Work can be parallelized across containers for faster execution

Deployment Boundary:

• File and code analysis
• System command execution
• Coordination across steps (long tasks)
• Multi-tool and multi-system integration

Trade-off:

• ✅ Maximize the native capabilities of the model
• ✅ Sandbox safe execution
• ❌ Reliance on a single model supplier
• ❌ Requires container infrastructure

Comparison: Governance vs Tools

| Glasswing | Agents SDK | |------|-----------|------------| | Core Goals | Security Governance Protocol | Agent Development Framework | | Collaboration scope | Cross-organization multi-cloud | Agent within a single organization | | Execution Mode | Model Scan/Patch | Agent Coordination/Execution | | Permission Model | Governance Level Agreement | Minimum Permissions in the Sandbox | | Scalability | Cross-organization protocols (potential: thousands of organizations) | Single-organization agent scale (potential: thousands of agents) | | Dependencies | Multi-cloud providers, model availability | Container infrastructure, model APIs | | Business Model | Use Credits, Enterprise Contracts | API Pricing, Enterprise Contracts | | Risk | Model output security, governance adoption | Sandbox escape, privilege escalation |

Commercialization perspective: from tools to governance

Glasswing’s commercialization potential lies in Enterprise Security as a Service:

• Security Detection as a Service: Charged by number of vulnerabilities or tokens
• Enterprise Contract: Provide customized security protocols for Fortune 500
• Government Cooperation: National Level Infrastructure Protection

The commercialization potential of Agents SDK lies in the Enterprise Agent Platform:

• Developer Tools: Provides Agent development framework
• Enterprise Agent Consulting: Help enterprises deploy Agents
• Agent Operator: Managed Agent hosting service

The combination of the two - Glasswing provides the security governance protocol, and Agents SDK provides the Agent development framework - may form a complete security Agent industry chain.

Deployment scenario: hybrid architecture

A possible deployment scenario is:

1. Glasswing layer: Cross-organization security protocol, defining what “secure Agent execution” is
2. Agents SDK layer: Provides a specific Agent execution framework to implement security protocols
3. Enterprise landing:
   • Internal Agents use Agents SDK
   • Interact with external systems via the Glasswing protocol
   • Security team uses Glasswing model for security scanning

Practice case:

• Datavault AI: 100 US Cities Physical Private Edge Cloud, Zero Trust Network
• Microsoft: 400 MB of network flows are analyzed daily, AI is the core of security defense
• CrowdStrike: Early adopter of Glasswing, thinking “there’s no turning back”

Conclusion

Glasswing and Agents SDK represent two different solutions - one is a governance-level protocol and the other is a tool-level framework. In 2026, we may see a hybrid architecture: Agents SDK for agent development and execution, and Glasswing for cross-organization security protocols and governance.

The challenges with this architecture are:

• Model Availability: Mythos Preview is currently a research preview, Opus will bring new security protections
• Governance Adoption: The enterprise’s willingness to participate in cross-organizational security protocols
• Permission Boundary: Agent sandbox escape and model output safety

But this is also an irreversible trend: AI Agents will become core tools for security and operations. The key is not to choose Glasswing or the Agents SDK, but to understand how they work together to shape the security architecture of the future.

Source:

• Anthropic Project Glasswing (2026-04-07)
• OpenAI Agents SDK Announcements (2026-04-15)
• Google DeepMind News (2026-03-31)