The best cyber defense is offense

When Anthropic unveiled its new AI model Mythos in April, it did something almost unheard of in the race to commercialize artificial intelligence: it refused to release the product. 

The reason was alarming: Mythos can autonomously find and exploit zero-day vulnerabilities, including a 27-year-old flaw in the OpenBSD operating system and a chain of Linux kernel vulnerabilities. Anthropic corralled more than 40 technology and finance firms into a consortium called Project Glasswing to deploy Mythos defensively, hunting bugs before attackers can weaponize them. 

Treating this simply as a threat is understandable but wrong. 

What’s missing from the narrative 

Every headline defaults to the same story: Bad actors may use these tools to attack faster and at greater scale than ever before. CrowdStrike’s CTO has noted that the window between vulnerability discovery and weaponization has collapsed from months to minutes. This concern is real. AI significantly lowers the barrier to entry for cyberattacks.  

However, this framing misses the more important half of the equation. Defenders have always faced a structural disadvantage in cybersecurity. They must protect every surface, while an attacker only needs one crack. The implicit assumption behind the “AI = more risk” narrative is that only attackers will access these new capabilities. This same model, which can craft an exploit, can also audit millions of lines of legacy code, flag insecure configurations, and generate patches at machine speed. This can be done continuously, comprehensively, and at a cost that legacy tooling cannot match.  

The Mythos situation clearly makes this case. Anthropic withheld the model not because defense is impossible, but because it wanted defenders, not attackers, to get there first. Project Glasswing is an experiment in answering the question: “Can good actors outpace bad ones when both have access to the same capabilities?” The early thesis is yes, provided organizations move quickly.

What the data are telling us 

According to the 2026 AlixPartners Disruption Index, which surveyed 3,200 executives across 11 countries and 10 industries, cybersecurity has become the top digital investment priority globally, cited by 41% of executives, edging out AI itself at 38%. That reflects a growing understanding that every major digital investment is simultaneously a security bet.  

The same research finds that cyber and data privacy threats have rapidly climbed the threat rankings, and executives explicitly link that surge to the proliferation and increasing sophistication of AI tools. Critically, however, the report also notes that companies are pouring capital into AI-enabled detection, monitoring, and automation. They are using machine learning to spot anomalous behavior in real time, contain breaches faster, and strengthen increasingly complex cloud- and data-center-heavy environments. AI has made cyber risk systemic, but it has also become the indispensable tool for managing it.  

From reactive to proactive 

This isn’t necessarily about spending more on security. It’s about fundamentally shifting your posture. In the old model, you wait for an alert, investigate, and remediate. The new model uses AI to continuously scan your environment the way an attacker would, identify what is exploitable, and close the gap. 

Through AI-assisted capabilities deployed through cybersecurity solutions, AlixPartners has been supporting clients through a phased, secure AI rollout that enhances security monitoring at the endpoint and general monitoring level. These capabilities, backed by different AI models, allow for enhanced threat detection over existing tools. 

This is precisely the logic behind Project Glasswing, and it’s one that forward-thinking organizations are already applying. Patching a vulnerability before exploitation is always cheaper than cleaning up after a breach. For the first time, AI makes comprehensive pre-emptive scanning operationally feasible rather than merely aspirational. 

The window is now 

The Mythos delay will not last forever. Anthropic’s own executives acknowledge that rival models will soon match these capabilities, and not all of them will be withheld from the open market. Similar AI-assisted vulnerability tools have already begun to appear, most notably in China, but none have come close to the scale and autonomy that Mythos represents. The organizations that treat today’s headlines as a reason to accelerate their cyber-related AI investments will be better positioned than those who treat it as a reason to wait. 

Another client recently shifted investment toward AI-enabled detection and response after recognizing the limits of perceived offensive advantage. By leveraging AI to ingest data and identify anomalous behavior, the client was able to accelerate threat triage, improve detection speed, and reduce false alerts. The result was a measurable increase in resilience in operational reality. 

The accelerating pace of model development is not simply a threat to manage. It is a window for action, and it is open right now.