AI Is Rewriting the Cybersecurity Stack

• Anthropic’s Project Glasswing, an industry-wide initiative built around the restricted-access Claude Mythos Preview model, is bringing frontier AI into vulnerability discovery at scale, with 12 launch partners and more than 40 additional organizations participating.
• The security perimeter is expanding beyond endpoints and networks into code, AI agents, agent identities, private connectivity, and the software supply chain.
• In the ROBO Global Artificial Intelligence Index? (THNQ), this theme maps most directly to Network & Security, while also touching Cloud Providers, Big Data/Analytics, Business Process, and Semiconductors.

That became harder to ignore after Anthropic launched Project Glasswing, a controlled cybersecurity initiative built around Claude Mythos Preview, the company’s most capable model to date. Anthropic is not releasing Mythos to the public. Instead, 12 launch partners (including AWS, Microsoft (MSFT), Google (GOOGL), NVIDIA (NVDA), JPMorgan Chase (JPM), and Palo Alto Networks (PANW) plus more than 40 additional organizations are using it to find and fix vulnerabilities in foundational software systems. Anthropic has committed $100 million in usage credits to the effort.

The timing matters. Cybersecurity is a speed problem. Attackers scan faster than enterprises patch. Developers ship faster than security teams can review. And AI agents, which are software programs that can take actions on their own, are starting to plug into internal tools, private databases, cloud environments, and developer workflows. That expands the security perimeter from networks and endpoints to code, AI agents, and the broader software supply chain.

Palo Alto Networks (PANW), a Project Glasswing launch partner, gave the clearest early data point. In one month it disclosed 26 CVEs (publicly cataloged security flaws) covering 75 underlying issues, versus its usual run rate of fewer than five CVEs per month. PANW estimates that organizations have a three-to-five-month window to outpace adversaries before similar AI capabilities flow more broadly.

CrowdStrike (CRWD), a Project Glasswing founding member, is approaching the problem from a different angle. Rather than focusing only on using AI to find flaws, CrowdStrike is focused on protecting the AI agents themselves as they run inside customer environments. In its 2026 Global Threat Report, the company said that attacks by adversaries using AI had jumped 89% year-over-year. As CrowdStrike framed it: “Anthropic builds the model. CrowdStrike secures AI where it executes.”

See more: Cybersecurity Stocks Find Their Footing?

AI coding tools help developers to ship faster, but that speed creates a new problem: enterprises need stronger controls over what AI agents can access and what tools they bring with them. Two companies showed how this layer is forming. JFrog (FROG) launched a registry to govern the connectors that let AI agents plug into outside tools, such as project management software or internal databases, treating those connectors with the same scrutiny as traditional software. Cloudflare (NET) launched Cloudflare Mesh, which lets humans, code, and AI agents reach internal company systems through a private, encrypted network rather than the open internet.

Speaking at J.P. Morgan’s Global Technology, Media & Telecom Conference on May 19, JFrog leadership framed the opportunity directly. AI models may write the code, but enterprises still need a governance layer to track what gets built, what gets approved, and what gets deployed. “Governance is the next thing,” said Jeffrey Schreiner, vp of investor relations at JFrog. “We’ve had Cloud. We’ve got Cloud and Security today as growth drivers. As we move to a more autonomous world, your governance is going to be critical.”

This is where AI cybersecurity starts to look less like a product category and more like infrastructure. Enterprises need vulnerability discovery, secure development tools, ways to verify the identity of AI agents, private network connectivity, and monitoring systems that can keep up with AI-driven activity.

From a ROBO Global Artificial Intelligence Index? (THNQ) perspective, cybersecurity fits naturally into the Network & Security subsector, which represented 14% of THNQ’s industry classification, as of the March 31, 2026 factsheet. The same theme also reaches into Cloud Providers, Big Data/Analytics, Business Process, and Semiconductors, reflecting how security is becoming part of the broader AI deployment stack.

The takeaway for investors is straightforward. AI is widening the attack surface. It is also arming the defenders. The companies that help enterprises secure code, govern AI agents, and protect the connections between them sit at one of the most consequential layers of the next phase of AI adoption.

For more news, information, and analysis, visit the Artificial Intelligence Content Hub.

THNQ is the underlying index for the ROBO Global Artificial Intelligence ETF (THNQ) and the L&G Artificial Intelligence UCITS ETF (AIAI.LN).

VettaFi is the index provider for THNQ ETF and AIAI.LN, for which it receives an index licensing fee. However, THNQ ETF and AIAI.LN are not issued, sponsored, endorsed, or sold by VettaFi. VettaFi and its affiliates have no obligation or liability in connection with the issuance, administration, marketing, or trading of THNQ ETF and AIAI.LN.