News

AI Shifts Cybersecurity's Hardest Problem from Finding Flaws to Fixing Them

• By John K. Waters
• 06/16/2026

For decades, one of cybersecurity's most difficult challenges has been finding vulnerabilities before attackers do. A growing number of security professionals now say artificial intelligence is changing that equation, shifting the focus from discovering flaws to fixing them quickly enough to prevent exploitation.

At the center of that shift is Anthropic's Project Glasswing, a cybersecurity initiative that provides selected organizations with access to Claude Mythos Preview, an advanced AI model designed to identify software vulnerabilities and potential attack paths.

According to Anthropic, Project Glasswing has expanded to more than 150 organizations across more than 15 countries and has helped identify more than 10,000 high- or critical-severity vulnerabilities in participating organizations and software projects. The figures were disclosed by the company in materials describing the initiative.

The program gained additional attention last week when BT Group became the first U.K. company to publicly join the initiative. According to BT and reporting by TechRadar, the telecommunications company plans to use the technology to strengthen defenses across its networks and customer systems. BT said it currently blocks approximately 4 million cyber attacks each day.

The development reflects a broader trend in which AI companies are positioning advanced models as cybersecurity tools for governments, critical infrastructure operators, and large enterprises.

According to Anthropic, Project Glasswing participants include organizations from sectors such as telecommunications, healthcare, energy, and government. The company also lists major technology and financial firms, including Microsoft, Google, Apple, Nvidia, Amazon Web Services, CrowdStrike, Cisco, and JPMorgan Chase as participants or collaborators in cybersecurity-related efforts.

Security experts say one of AI's most significant advantages is its ability to analyze large code bases rapidly and identify relationships among vulnerabilities that may be difficult for human analysts to recognize.

According to reporting by The Wall Street Journal, executives at Visa involved with the initiative said the model can connect multiple lower-severity vulnerabilities into realistic attack chains, helping defenders identify risks that might otherwise go unnoticed.

The promise of the technology, however, is accompanied by concerns about misuse.

Anthropic has stated that Claude Mythos Preview is not broadly available because the same capabilities that can help defenders identify vulnerabilities could potentially assist attackers in locating weaknesses more efficiently. The company has said access is restricted to vetted organizations because of concerns that advanced cybersecurity models could be used for offensive purposes if released widely.

Those concerns have become increasingly prominent as governments and regulators examine the security implications of frontier AI systems. Anthropic has positioned Project Glasswing as a defensive cybersecurity initiative while maintaining restrictions on public access to the underlying model.

The result is a growing debate over whether AI's greatest impact on cybersecurity will come from strengthening defenses, making attacks more sophisticated, or both.

For now, supporters of the technology argue that AI is helping organizations address a longstanding problem: the inability to identify and remediate vulnerabilities fast enough. If the technology continues to improve, cybersecurity professionals say the bottleneck may no longer be finding flaws, but determining which ones to fix first.