Guest article by Ondřej Fedorčák
Director of Optaglio a.s. | Board Member of International Optical Technologies Association (IOTA, formerly IHMA)
For years, the narrative of “progress” in identity management has been singular: the future is digital. We’ve been told that plastic cards and paper passports are relics of a bygone era, destined to be replaced by Mobile IDs (mDL), cloud-based certificates, and seamless biometric gates. But with the unveiling of Anthropic’s Glasswing, that narrative hasn’t just slowed down—it has hit a brick wall.
Yesterday, Anthropic unveiled Project Glasswing (https://www.anthropic.com/glasswing) – an ambitious industry-wide initiative to secure the world’s most critical software in the age of advanced AI. At its heart is Claude Mythos Preview, a frontier AI model that Anthropic has deliberately chosen NOT to release publicly. Why? Because this model can autonomously discover and exploit thousands of high-severity zero-day vulnerabilities in every major operating system, web browser, and critical software stack – often flaws that have survived decades of human scrutiny and millions of automated tests.
The implications are profound and immediate. For the first time, we have clear evidence that AI has crossed a threshold where it can outperform all but the most elite human hackers at finding and chaining vulnerabilities. Anthropic itself warns that, without safeguards, the proliferation of such capabilities could lead to “severe” fallout for economies, public safety, and national security.
As someone who spends every day at the intersection of high-security physical engineering and global identity standards, I see the arrival of models like Glasswing as a “Day Zero” event for digital-only security. If we continue to rush toward purely software-based identity without a physical anchor, we aren’t just innovating; we are building a house of cards in a hurricane.
The End of “Software-Only” Trust
To understand why Glasswing changes everything, we have to look at what it actually does. By achieving unprecedented levels of autonomous reasoning and multimodal “vision-to-code” capabilities, Glasswing can deconstruct and bypass the very logic that software-based security relies on.
When identity is “just code”—an encrypted certificate on your phone or a digital signature in a state database—it exists in an environment where AI now has the home-field advantage.
- The Vulnerability of Mobile-ID: If an AI can simulate human interaction and exploit zero day software vulnerabilities at machine speed, a “secure” mobile wallet becomes a liability.
- Database Breaches: Any centralized state database holding digital identities is now a higher value target. An AI capable of navigating complex systems can potentially alter records or forge “valid” digital credentials that are indistinguishable from the real thing.
- Deepfake Identity: Software-only verification (like taking a “liveness” selfie for a bank app) is effectively dead. If the AI can generate a perfect, real-time video stream that bypasses biometric filters, the “digital person” is no longer trustworthy.
- The Reality Check: In a world of Glasswing-level AI, software can no longer be used to definitively secure other software. You cannot solve a digital fire with digital gasoline.
The Return to the Physical Anchor
We are already seeing a shift in the market. Despite the hype around digital apps, the demand for high-security passports and ID cards is actually increasing. Why? Because a physical document provides something a digital file never can: a hardware-level barrier that AI
cannot “hack” remotely.
I predict we are about to witness a significant “re-physicalization” of security across several sectors:
1. Airports and border control. Contactless e-gates relying on mobile-ID or digital passports have been rolled out aggressively. With AI driven compromise of the supporting software, these systems will increasingly require redundant human oversight. Expect airport authorities to reintroduce (or expand) manual checks immediately after the gate – officers verifying physical documents side-by-side with digital scans. The convenience of fully automated flow will give way to layered security, at least for high-assurance travel corridors.
2. Banking and financial services. Online loan applications, mortgage approvals, and high-value transfers increasingly depend on app-based KYC. When the cost of a potential AI-orchestrated breach (or successful synthetic-identity fraud) exceeds the savings from automation, institutions will revert to human verification by trained staff. It is simply cheaper and safer to have a responsible officer review a physical ID card or passport than to rely solely on a mobile app whose backend could be silently compromised.
3. Licensing and regulated professions. Driver’s licences, firearms permits, professional certifications, and healthcare access credentials are moving to digital formats. Yet for any transaction carrying legal liability or public-safety risk, governments will demand physical artefacts that cannot be forged remotely. A police officer in the field or a licensing clerk needs something they can hold, tilt under light, and verify instantly – without depending on network connectivity or potentially hacked backend systems.
4. Broader societal impacts. Voting systems that rely on digital identity for remote or hybrid processes, corporate access controls for sensitive facilities, and even pharmaceutical prescriptions tied to national digital health IDs all face the same vulnerability. In high-stakes scenarios, the marginal cost of maintaining a physical layer is negligible compared to the systemic risk of total reliance on software.
The pattern is clear – digital solutions excel at convenience for low-risk interactions. For anything involving significant value, liability, or national security, physical documents provide an irreplaceable anchor of trust.
Optaglio Bridges the Gap
At Optaglio, we have always operated on the principle that the best security is “optical and physical.” You cannot remote-login to a hologram. You cannot use a script to rewrite the microscopic structures of a high-end security patch.
We are continuing our work on a new generation of physical security features specifically designed for the AI era. Our goal is simple: to make it easy for a human—a police officer in the field, a clerk at a bank, or a border guard—to distinguish the “Original” from the “Fake” in seconds.
Our solutions for passports and ID cards use advanced electron-beam lithography to create visual effects that are:
- Impossible to replicate with digital printers.
- Resistant to AI-generated “optical illusions.”
- Intuitive for the human eye to verify without needing a smartphone.
Governments are beginning to wake up to this reality. We are seeing a surge in new requirements for physical security that goes beyond mere aesthetics. They are looking for “unhackable” physical anchors that stay in the citizen’s pocket, not just on a server.
Conclusion: The Hybrid Path
This isn’t an “anti-tech” stance. Digital tools are wonderful for convenience. But identity is not about convenience; it’s about certainty. If Glasswing truly represents the new ceiling for AI capabilities, then the “software-only” experiment has reached its logical limit. To protect our states, our finances, and our personal identities, we must maintain the physical link. The most sophisticated AI in the world still cannot reach out and touch a physical document. And in that gap between the digital and the physical, we find our safety.
The future of security isn’t just in the cloud. It’s in our hands
