Key takeaways:
- Project Glasswing and Anthropic’s Mythos model are accelerating the speed and scale at which software vulnerabilities can be discovered and exploited leveraging advanced AI tools.
- This signals a fundamental shift with cybersecurity fast evolving into a critical layer of AI infrastructure.
- The accelerating pace of change in the cybersecurity landscape and competitive dynamics may increasingly drive stock selection opportunities.
Project Glasswing: Advancing the evolution of cybersecurity
Anthropic’s Project Glasswing, announced in April 2026, aims to improve cybersecurity using next generation AI tools. As part of this initiative, launch partners including Apple, CrowdStrike, Microsoft, and Palo Alto Networks were given access to Mythos Preview – a general-purpose model that helps find vulnerabilities in operating systems and web browsers that isn’t available publicly. This initiative highlights the importance of the security software ecosystem, as advanced coding capabilities of models are making it easier and faster to discover and act on software vulnerabilities by bad actors.
The Mythos moment marked an inflection point for the industry, confirming that cybersecurity is not just foundational to AI adoption, it is critical AI infrastructure.
CrowdStrike CFO Burt Podbere1
5 key implications for the cybersecurity sector from Mythos and broad adoption of agentic AI:
- Accelerating the pace of vulnerability exploitation: AI reduces the time it takes for bad actors to find and exploit vulnerabilities in applications. This creates a need for faster and more robust responses by organisations, along with the potential for higher cybersecurity spend.
- Increased demand for multi-LLM protection: Enterprises are increasingly using multiple Large Language Models (LLMs) including internal models combined with external Application Programming Interfaces (APIs) to enable software applications to communicate with each other, and model routing systems for “best” model selection per query. This dynamic increases attack surface through multiple APIs and orchestration layers, increases data exposure risk and at times makes it harder to detect risks. We see implications for three types of security products from this dynamic:
- Increased demand for network security: According to Cisco, enterprise network traffic is projected to grow 2.5x by 2035, however with agentic AI adoption, traffic could see an increase of around 9x.2 Such an increase in traffic generated by agentic AI requires a focus on network security as a core foundation for AI adoption in organisations.
- Zero Trust architecture and endpoint security: Continuous verification of users, devices and systems by Zero Trust solutions can mitigate risks from AI-enabled attackers. Endpoint security helps protect against risk of “shadow AI” (unauthorised generative AI services) and data leakage.
- Identity security: Over time, the growing number of agents working alongside humans creates the need for strong identity security solutions. Managing information and systems each agent is able to autonomously access is also becoming an important governance consideration. Additionally, AI makes it easier for bad actors to steal login credentials from employees. Identity security and multifactor authentication helps reduce system level access and could help reduce the impact of a breach during an attack.
- Growing overlap between security and observability: Historically, observability (monitoring and diagnosing) focused on system performance, and security solutions focused on threat detection and prevention. Adoption of AI results in the creation of a shared data layer where threat detection is increasingly dependent on the telemetry streams (records of a security event) that were the core focus for observability, resulting in changing competitive dynamics between players in each sector.
- Growing importance of security in application development: Mythos enables faster discovery of bugs in software, resulting in more value and greater importance placed on identifying and fixing issues before applications move into production, while at the same time increasing overall efficiency and security of the process. Over time, this shift may also result in changes in the competitive landscape for the vulnerability management space within cybersecurity.
- Regulation is reinforcing cybersecurity as a strategic priority: The US Securities and Exchange Commission recently adopted new rules to enhance and standardise disclosure regarding cybersecurity risk for public companies, requiring disclosure of material incidents as well as periodic disclosure of risk management strategies more broadly. The evolving cybersecurity threat environment following Mythos could result in change to how cybersecurity risks are defined and disclosed over time, as well as what is defined as reasonable care for Chief Information Security Officers more broadly, over time resulting in an even greater focus on security within the IT budget.
Investing in cybersecurity through an active lens
In our view, Project Glasswing also highlights Anthropic’s growing potential as a key partner for many cybersecurity companies given its advanced capabilities, but also highlights the need for safe, secure and responsible deployment of advanced AI. We continue to monitor the evolution of capabilities as well as emergence of competitor models going forward. In tandem, we assess security software vendors’ AI-infused product offerings as more capabilities are embedded within existing platforms/products to respond to the evolving threat landscape.
According to Palo Alto Networks CEO Nikesh Aurora: “The events of the third quarter represent a watershed moment for cybersecurity and has elevated our category even higher on the CIO priority list”.3 AI-embedded cybersecurity growth looks to be a multi-year trend, with a McKinsey survey showing strong expectations for AI integration across security solutions (figure 1).
Figure 1: AI-embedded cybersecurity growth – A multi-year trend
Expected level of AI/machine learning integration across cybersecurity stack in the next 3 years (% of respondents)
Source: McKinsey & Co.; Securing the agentic enterprise: Opportunities for cybersecurity providers; 24 March, 2026. There is no guarantee that past trends will continue, or forecasts will be realised.
While the investor debate around disruption risk from AI model providers to software businesses more broadly continues, in our view, Mythos could shift this narrative for a set of critical security providers to one of partnership, centred around protection and governance as more organisations adopt agentic AI.
Given the accelerating pace of change in the security technology landscape and competitive dynamics, we believe this shift will increasingly drive stock selection opportunities in the sector for active technology investors like us.
References made to individual securities do not constitute a recommendation to buy, sell or hold any security, investment strategy or market sector, and should not be assumed to be profitable. Janus Henderson Investors, its affiliated advisor, or its employees, may have a position in the securities mentioned.
1 CrowdStrike Q1 2027 earnings call transcript.
2 Cisco Report 2026: AI Impact on Wide Area Networks.
3 Palo Alto Networks Inc. Q3 FY2026 earnings call transcript.
Adoption traffic: Network activity generated when an organization rolls out, tests, or integrates new security tools, software, or configurations. Agentic AI: An AI system that uses sophisticated reasoning and iterative planning to autonomously solve complex, multi-step problems. Vast amounts of data from multiple data sources and third-party applications are used to independently analyse challenges, develop strategies and execute tasks.
Attack surface: All possible points where an unauthorised user could attempt to access a system.
Bad actors: Individuals or groups that intentionally cause harm to digital devices or systems. Threat actors exploit vulnerabilities in computer systems, networks and software to perpetuate various cyberattacks.
Endpoint security: Protection of individual devices such as laptops or servers from cyber threats.
Generative AI: Refers to deep-learning models that train on large volumes of raw data to generate ‘new content’ including text, images, audio and video.
Large Language Model (LLM): A specialised type of artificial intelligence that has been trained on vast amounts of text to understand existing content and generate original content.
Observability: Tools and processes used to monitor system performance and diagnose issues.
Zero Trust security: A model where no user or device is trusted by default; verification is required at every step.
These are the views of the author at the time of publication and may differ from the views of other individuals/teams at Janus Henderson Investors. References made to individual securities do not constitute a recommendation to buy, sell or hold any security, investment strategy or market sector, and should not be assumed to be profitable. Janus Henderson Investors, its affiliated advisor, or its employees, may have a position in the securities mentioned.
Past performance does not predict future returns. The value of an investment and the income from it can fall as well as rise and you may not get back the amount originally invested.
The information in this article does not qualify as an investment recommendation.
There is no guarantee that past trends will continue, or forecasts will be realised.
Marketing Communication.
Important information
Please read the following important information regarding funds related to this article.
- Shares/Units can lose value rapidly, and typically involve higher risks than bonds or money market instruments. The value of your investment may fall as a result.
- If a Fund has a high exposure to a particular country or geographical region it carries a higher level of risk than a Fund which is more broadly diversified.
- The Fund is focused towards particular industries or investment themes and may be heavily impacted by factors such as changes in government regulation, increased price competition, technological advancements and other adverse events.
- This Fund may have a particularly concentrated portfolio relative to its investment universe or other funds in its sector. An adverse event impacting even a small number of holdings could create significant volatility or losses for the Fund.
- The Fund may use derivatives with the aim of reducing risk or managing the portfolio more efficiently. However this introduces other risks, in particular, that a derivative counterparty may not meet its contractual obligations.
- If the Fund holds assets in currencies other than the base currency of the Fund, or you invest in a share/unit class of a different currency to the Fund (unless hedged, i.e. mitigated by taking an offsetting position in a related security), the value of your investment may be impacted by changes in exchange rates.
- When the Fund, or a share/unit class, seeks to mitigate exchange rate movements of a currency relative to the base currency (hedge), the hedging strategy itself may positively or negatively impact the value of the Fund due to differences in short-term interest rates between the currencies.
- Securities within the Fund could become hard to value or to sell at a desired time and price, especially in extreme market conditions when asset prices may be falling, increasing the risk of investment losses.
- The Fund could lose money if a counterparty with which the Fund trades becomes unwilling or unable to meet its obligations, or as a result of failure or delay in operational processes or the failure of a third party provider.