The most consequential cybersecurity development of 2026 is one that most tax and accounting firms have not heard of. It has a name. Project Glasswing. And it has changed what good cloud security looks like for any firm holding sensitive financial data. Most of the cloud security tips circulating in trade publications a year ago are now incomplete, because the threat model under them has shifted.
Anthropic released Mythos under Project Glasswing earlier this year, an autonomous AI system that hunts zero-day vulnerabilities in operating systems and browsers. The model has already surfaced thousands of previously unknown flaws.
What makes the program different from prior security research is the access model. Mythos operates inside a restricted consortium of about eleven members. AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks. Each member runs the model against its own platforms and against the large enterprise environments it operates. Findings flow upstream to the platform vendor. Patches ship through normal update channels before the public sees a CVE.
For organizations whose stack is built on consortium-aligned platforms, the dynamic is favorable. Vulnerabilities get found and closed before attackers can weaponize them. For organizations whose vendors are not in the consortium, or whose patching discipline lags, the math runs the other way. The same flaws exist in their environment. Attackers will eventually find them. The window between discovery and exploitation belongs to whoever moves fastest.
Regulators have noticed. Central banks have flagged the pattern as systemic cyber risk. The Bundesbank, the European Central Bank, the Bank of England, and the Federal Reserve have all weighed in. Securities regulators in Australia and across the Asia-Pacific region have done the same. Their concern is not the technology. Their concern is the asymmetry. Some organizations now have a structural advantage. Others have a structural exposure. The gap will widen.
For tax and accounting firms, that asymmetry has a specific shape. Here is what changed, why it matters more for this industry than most, and what every firm should ask the people responsible for keeping its data safe.
What Project Glasswing Actually Does
Glasswing is a vulnerability discovery and disclosure pipeline. The discovery layer is Mythos, an AI system that reads code, models attack surfaces, and identifies exploitable flaws faster than any human team. The disclosure layer is the consortium itself.
Members run the model against their own platforms and the enterprise environments they operate. When Mythos finds a flaw in Microsoft Windows, the finding goes to Microsoft. When it finds something in VMware, the finding goes to Broadcom. When it touches Cisco gear, Cisco gets the notice.
The vendor receives the vulnerability with detail no human researcher could produce at scale. They build a patch. The patch ships through the standard update channel. The public sees a CVE number and a patch advisory, never the gap between discovery and fix.
This is not theoretical. Mythos has already surfaced thousands of vulnerabilities across consortium platforms. Most have been patched silently. Some were severe enough that regulators flagged the pattern as material to financial-system risk.
Three things follow.
First, the consortium creates a class of vendors with privileged early visibility into flaws in their own products. That privilege flows downstream to anyone running their software, because the patches arrive through normal update mechanisms.
Second, the same logic does not extend to vendors outside the consortium. A small or mid-size hosting provider running a niche hypervisor, an unpatched Linux distribution, or a custom-built endpoint stack does not get this benefit. Their flaws still exist. Mythos will eventually find them through other discovery paths, or attackers will find them first.
Third, patch latency matters more than it did a year ago. The window between vendor patch release and customer deployment has always been a risk window. With AI-accelerated discovery feeding the upstream pipeline, the volume of patches will rise. Slow patchers will not just be exposed. They will be exposed to a higher volume of vulnerabilities than before, with a sharper attacker community on the other side.
The Two-Class System
There is now a clear split.
Class A: organizations whose primary infrastructure vendors are inside Project Glasswing. They benefit from upstream vulnerability discovery and silent patching. Their attack surface shrinks each month, often without them knowing the specific flaws closed. As long as they apply patches promptly, they ride a flywheel.
Class B: organizations whose vendors are outside the consortium, or whose patching cadence is slow enough that the upstream benefit gets lost. They face the same threat landscape with fewer structural defenses. Their exposure is not static. It compounds.
The asymmetry is not about brand prestige. It is about pipeline access. Microsoft is in. Broadcom is in. Cisco is in. CrowdStrike is in. AWS is in. Most of the world’s serious enterprise infrastructure runs on those vendors. Most of the world’s tax and accounting infrastructure does too. The question for any firm is not whether the asymmetry exists. The question is whether their hosting and IT provider has positioned them on the right side of it.
Regulators frame this as systemic risk because they can see what most operators cannot. A measurable gap is opening between organizations with consortium-aligned stacks and disciplined patching, and organizations without either. The first group is getting safer faster. The second is staying still while the threat landscape moves.
For an industry that holds the most sensitive personal financial data in the United States, staying still is not a neutral position.
Why Tax and Accounting Firms Sit at the Center of This
A tax preparer’s filing cabinet, physical or digital, contains the highest-density personal financial data in the economy. Social Security numbers. Bank account routing details. Brokerage statements. K-1s. Dependents’ identity records. Wage histories. Multi-year financial trajectories.
Three regulatory pressures sit on top of that data.
The first is IRS Publication 4557, which requires every paid preparer to maintain a written information security plan. Most small firms first encountered this rule on Form W-12. It is not optional. The IRS treats data security as a condition of practice.
The second is the FTC Safeguards Rule, expanded in 2023 to define tax preparers as financial institutions under GLBA. The rule mandates risk assessment, encryption, multifactor authentication, vendor oversight, and a designated qualified individual. It also requires written incident response plans. Mid-size firms with twenty or more employees face the most direct enforcement exposure.
The third is the AI threat layer. Most tax firms have started thinking about AI as an internal productivity question. The cybersecurity question is the bigger one. AI has made attackers faster, phishing more convincing, and reconnaissance against soft targets cheaper. The same automation that drafts a tax research memo can write a credible IRS impersonation email targeted at a specific preparer’s client list.
These three pressures are not separate. They compound. A firm’s compliance posture, its operational reliability, and its security against AI-enabled attackers are the same problem with three names. The vendor that hosts the firm’s software and runs its managed IT is a primary control surface for all three.
Project Glasswing matters more here than in many other industries because of who has access. A small accounting firm cannot run Mythos itself. It cannot negotiate consortium membership. Its only path to the upstream benefit is through the vendors that sit between it and the platforms. If those vendors are aligned with consortium partners and patch quickly, the firm sits on the safe side of the asymmetry. If they are not, the firm is exposed in a way that compounds with the AI threat curve regulators are already warning about.
What a Glasswing-Aligned Provider Looks Like in Practice
Verito has been mapping its stack against the consortium since the disclosure became public. Every primary infrastructure vendor in our hosting environment is a Glasswing partner.
Microsoft. Windows Server 2016, 2019, 2022, and 2025. Active Directory. Remote Desktop Services. Windows desktops. Microsoft is the dominant operating system partner in the consortium, which means most of what Mythos finds in any consortium-aligned environment ultimately routes through Microsoft’s update channels. We deploy those updates monthly and absorb out-of-band releases through Datto RMM.
Broadcom. VMware vSphere, vCenter, and ESXi. The hypervisor layer underneath every dedicated environment we operate. Broadcom is a consortium launch partner. Hypervisor vulnerabilities have a particular character because a single flaw can break tenant isolation. Discovery routed through this layer is high-leverage.
Cisco. Networking, Umbrella SIG, and segmentation security. Cisco is in the consortium and surfaces routing, firewall, and DNS-layer findings that flow back through standard advisories.
CrowdStrike. Falcon endpoint protection on every server and workstation we manage. CrowdStrike is a consortium launch partner and a primary recipient of endpoint-related Mythos findings, which feed into Falcon’s detection logic and platform updates.
AWS. Where applicable for our public-facing services and select workloads. AWS is in the consortium for the platform and managed-service surfaces that touch our environment.
The implication is direct. Verito does not need access to Mythos. We are a downstream beneficiary of the discovery pipeline by virtue of vendor selection. The flaws Mythos finds in our stack get patched through the same vendor channels we already monitor. Our work is to deploy those patches fast enough to close the window the consortium opens for us.
That is where the second change comes in. Patch latency is now a security control, not a maintenance metric. We are putting a formal patch latency SLA in place for Microsoft monthly and out-of-band releases through Datto RMM. We are also reviewing our ESXi and vCenter patching cadence with the same lens. The discovery pipeline matters only if deployment keeps up.
For a firm evaluating a hosting and managed IT provider in 2026, the test is not how confident the marketing copy reads. The test is whether the stack, the patching SLA, and the operational discipline put your data on the right side of the asymmetry.
Cloud Security Tips: Five Questions Every Firm Should Ask Its Provider
Most tax firms do not know what runs underneath their cloud hosting. That was acceptable when patching cadence was a low-stakes operational concern. It is no longer acceptable. The cloud security tips below are written as direct questions, because the answers a provider gives are more useful than any glossy white paper.
Five questions cut through marketing language and surface the actual security posture.
- Is your hosting environment built on Glasswing consortium vendors? The answer should be specific. Microsoft for the OS layer. Broadcom or AWS for virtualization. Cisco or a consortium peer for networking. CrowdStrike or a consortium peer for endpoint. If the answer is vague or names vendors outside the consortium, the asymmetry is working against the firm.
- What is your patch latency SLA on Microsoft monthly and out-of-band releases? Look for a number measured in days, not weeks. With AI-accelerated discovery upstream, the deployment window is the security boundary.
- Who runs your hypervisor patching cadence and how often? VMware patching is operationally disruptive, and many providers delay it. Delays at the hypervisor layer compound risk because a single flaw can break tenant isolation.
- What endpoint platform protects your servers and workstations? CrowdStrike, SentinelOne, Microsoft Defender, and a small group of others have the threat-intelligence capacity to keep up with AI-accelerated attacker tooling. A boutique or rebadged endpoint product likely does not.
- How do you handle AI-enabled phishing and impersonation against my clients? This is where the AI threat layer meets the human layer. Email security alone is not sufficient. A serious provider should have an answer covering content inspection, sender authentication, training cadence, and incident response.
If a provider cannot answer these in plain language, the issue is posture, not communication. Tax firms storing the most sensitive data in the country deserve specifics. Smaller practices deserve the same answers larger firms get; the asymmetry does not scale down.
How the Tax and Accounting Hosting Market Compares
Three providers come up most often when firms evaluate hosting and managed IT. Rightworks, Ace Cloud Hosting, and Verito.
Rightworks (formerly Right Networks). The largest provider in the segment by client count. United States headquartered. Long history serving the accounting profession. Hosts the standard application stack including QuickBooks, Lacerte, ProSeries, Drake, and a long list of others. Acquired by K1 Investment Management. Operates SOC 2 compliant infrastructure. Offers shared-tenant and dedicated environments. Public information indicates a broad service catalog including digital workflow tools and professional services adjacent to hosting. Their scale is real and their accounting-industry presence is established. Public reporting also indicates a record of restricting which third-party applications can run inside their environment, which can be a friction point for firms with custom tool stacks. (For a deeper side-by-side, see Verito vs. Rightworks for cloud hosting.)
Ace Cloud Hosting. A multi-vertical hosting provider with a meaningful accounting practice. Headquartered in India with United States-facing operations. An authorized Intuit hosting provider. ISO 27001 certified. SOC 2 compliant. Hosts the standard accounting application stack. Serves customers across multiple industries beyond tax and accounting, which broadens the customer base while distributing the domain focus.
Verito. United States headquartered. Tax and accounting only. Founded in 2016. Over 1,000 firm clients. G2 4.9 out of 5 across more than 150 verified reviews. NPS of 95. 100% uptime since founding. Sub-60-second average support response. 92% first-touch resolution. Stack built entirely on Glasswing consortium vendors. Patch latency SLA in formal rollout. Month-to-month commercial terms on every product. Every firm runs on dedicated, private servers, not shared infrastructure. (See VeritSpace plans and pricing.)
The honest read for a firm weighing these three is that the right answer depends on what the firm values most. Rightworks brings the scale and product catalog of the category leader. Ace brings a price-competitive option backed by reasonable certifications. Verito brings vertical focus, a stack now structurally aligned with the dominant cybersecurity discovery pipeline, and a support profile shaped by serving only one industry.
What we believe matters more than any of the above is the question of who treats security as the primary product. For Verito, security is the primary product. Hosting is the delivery mechanism. The compliance posture, the vendor selection, the patching discipline, and the support model are all built around protecting the most sensitive data in the country. That framing is not marketing language. It is operational reality.
The Bigger Picture
Project Glasswing is not the last development of its kind. It is the first widely visible example of a pattern that will repeat.
AI-driven vulnerability discovery will accelerate. The volume of patches will rise. The asymmetry between consortium-aligned organizations and the rest will widen. Regulators will move from warnings to expectations to requirements, particularly for industries that hold consumer financial data. The FTC Safeguards Rule will not be the last regulatory layer added to tax and accounting cybersecurity in this decade.
For firms, the practical translation is direct. The hosting and managed IT relationship is now a security relationship. The vendor selection question is now a regulatory question. The patching cadence question is now a board-level question, because a slow patch on a Glasswing-routed flaw is the kind of incident that ends with a firm’s name in a state attorney general’s enforcement notice.
For Verito, the operational discipline that made sense in 2024 is not sufficient for 2026. That is why the two changes our security and infrastructure leads are putting in place matter. A formal Microsoft patch latency SLA. An ESXi and vCenter patching cadence review. Both are small mechanical changes. Both are also the difference between a Glasswing-aligned stack performing as designed and the same stack squandering its structural advantage on slow operations.
The firms that survive the next five years of this curve will be the ones that internalize the asymmetry now. The ones that do not will not get a warning before the gap closes around them.
Closing
If you run a tax or accounting practice and have not asked your provider whether your stack is consortium-aligned, ask. If you have not asked what their patch latency SLA is, ask that too. If the answers are vague, the answer to your decision is also clear. The cloud security tips in this article are only useful if a firm acts on them, and the action starts with a conversation that has specifics on both sides.
Verito built a hosting and managed IT business that does one thing. Protect tax and accounting firms. The stack we picked turned out to be the right stack for the AI-driven cybersecurity environment regulators are now warning about. That was not luck. It was a specific bet on which platforms would be operating at the frontier of security investment as AI raised the stakes.
The bet has paid off. The work now is making sure our operational discipline matches the structural advantage. That work does not announce itself in marketing language. It happens in patch windows, RMM dashboards, and SLAs measured in days.
It just works. Securely.
Talk to a Verito engineer about how a Glasswing-aligned stack would change your firm’s security posture.
Cam Majors is co-founder and Chief Revenue Officer of Verito Technologies, a cloud hosting and managed IT provider built exclusively for tax and accounting firms. Verito has served over 1,000 firms since 2016 and maintains 100% uptime since founding.
