Please ensure Javascript is enabled for purposes of website accessibility Project Glasswing and Mythos: Redefining the cybersecurity landscape - Janus Henderson Investors - Italy Professional Advisor
Per investitori professionali in Italia

Project Glasswing and Mythos: Redefining the cybersecurity landscape

Anthropic’s Project Glasswing and its Mythos model underscore how AI is accelerating both vulnerability discovery and the complexity of enterprise security environments. Portfolio managers Ana Chkhikvadze and Richard Clode believe this reinforces cybersecurity’s evolution into critical AI infrastructure, with implications for spending, the competitive landscape, and stock selection.

Cyber security NL
29 Jun 2026
5 minute read

Key takeaways:

  • Project Glasswing and Anthropic’s Mythos model are accelerating the speed and scale at which software vulnerabilities can be discovered and exploited leveraging advanced AI tools.
  • This signals a fundamental shift with cybersecurity fast evolving into a critical layer of AI infrastructure.
  • The accelerating pace of change in the cybersecurity landscape and competitive dynamics may increasingly drive stock selection opportunities.

Project Glasswing: Advancing the evolution of cybersecurity

Anthropic’s Project Glasswing, announced in April 2026, aims to improve cybersecurity using next generation AI tools. As part of this initiative, launch partners including Apple, CrowdStrike, Microsoft, and Palo Alto Networks were given access to Mythos Preview – a general-purpose model that helps find vulnerabilities in operating systems and web browsers that isn’t available publicly. This initiative highlights the importance of the security software ecosystem, as advanced coding capabilities of models are making it easier and faster to discover and act on software vulnerabilities by bad actors.

The Mythos moment marked an inflection point for the industry, confirming that cybersecurity is not just foundational to AI adoption, it is critical AI infrastructure.

 

CrowdStrike CFO Burt Podbere1

5 key implications for the cybersecurity sector from Mythos and broad adoption of agentic AI:

  1. Accelerating the pace of vulnerability exploitation: AI reduces the time it takes for bad actors to find and exploit vulnerabilities in applications. This creates a need for faster and more robust responses by organisations, along with the potential for higher cybersecurity spend.
  2. Increased demand for multi-LLM protection: Enterprises are increasingly using multiple Large Language Models (LLMs) including internal models combined with external Application Programming Interfaces (APIs) to enable software applications to communicate with each other, and model routing systems for “best” model selection per query. This dynamic increases attack surface through multiple APIs and orchestration layers, increases data exposure risk and at times makes it harder to detect risks. We see implications for three types of security products from this dynamic:
    • Increased demand for network security: According to Cisco, enterprise network traffic is projected to grow 2.5x by 2035, however with agentic AI adoption, traffic could see an increase of around 9x.2 Such an increase in traffic generated by agentic AI requires a focus on network security as a core foundation for AI adoption in organisations.
    • Zero Trust architecture and endpoint security: Continuous verification of users, devices and systems by Zero Trust solutions can mitigate risks from AI-enabled attackers. Endpoint security helps protect against risk of “shadow AI” (unauthorised generative AI services) and data leakage.
    • Identity security: Over time, the growing number of agents working alongside humans creates the need for strong identity security solutions. Managing information and systems each agent is able to autonomously access is also becoming an important governance consideration. Additionally, AI makes it easier for bad actors to steal login credentials from employees. Identity security and multifactor authentication helps reduce system level access and could help reduce the impact of a breach during an attack.
  3. Growing overlap between security and observability: Historically, observability (monitoring and diagnosing) focused on system performance, and security solutions focused on threat detection and prevention. Adoption of AI results in the creation of a shared data layer where threat detection is increasingly dependent on the telemetry streams (records of a security event) that were the core focus for observability, resulting in changing competitive dynamics between players in each sector.
  4. Growing importance of security in application development: Mythos enables faster discovery of bugs in software, resulting in more value and greater importance placed on identifying and fixing issues before applications move into production, while at the same time increasing overall efficiency and security of the process. Over time, this shift may also result in changes in the competitive landscape for the vulnerability management space within cybersecurity.
  5. Regulation is reinforcing cybersecurity as a strategic priority: The US Securities and Exchange Commission recently adopted new rules to enhance and standardise disclosure regarding cybersecurity risk for public companies, requiring disclosure of material incidents as well as periodic disclosure of risk management strategies more broadly. The evolving cybersecurity threat environment following Mythos could result in change to how cybersecurity risks are defined and disclosed over time, as well as what is defined as reasonable care for Chief Information Security Officers more broadly, over time resulting in an even greater focus on security within the IT budget.

Investing in cybersecurity through an active lens

In our view, Project Glasswing also highlights Anthropic’s growing potential as a key partner for many cybersecurity companies given its advanced capabilities, but also highlights the need for safe, secure and responsible deployment of advanced AI. We continue to monitor the evolution of capabilities as well as emergence of competitor models going forward. In tandem, we assess security software vendors’ AI-infused product offerings as more capabilities are embedded within existing platforms/products to respond to the evolving threat landscape.

According to Palo Alto Networks CEO Nikesh Aurora: “The events of the third quarter represent a watershed moment for cybersecurity and has elevated our category even higher on the CIO priority list”.3 AI-embedded cybersecurity growth looks to be a multi-year trend, with a McKinsey survey showing strong expectations for AI integration across security solutions (figure 1).

Figure 1: AI-embedded cybersecurity growth – A multi-year trend

Expected level of AI/machine learning integration across cybersecurity stack in the next 3 years (% of respondents)

Source: McKinsey & Co.; Securing the agentic enterprise: Opportunities for cybersecurity providers; 24 March, 2026. There is no guarantee that past trends will continue, or forecasts will be realised.

While the investor debate around disruption risk from AI model providers to software businesses more broadly continues, in our view, Mythos could shift this narrative for a set of critical security providers to one of partnership, centred around protection and governance as more organisations adopt agentic AI.

Given the accelerating pace of change in the security technology landscape and competitive dynamics, we believe this shift will increasingly drive stock selection opportunities in the sector for active technology investors like us.

References made to individual securities do not constitute a recommendation to buy, sell or hold any security, investment strategy or market sector, and should not be assumed to be profitable. Janus Henderson Investors, its affiliated advisor, or its employees, may have a position in the securities mentioned.

1 CrowdStrike Q1 2027 earnings call transcript.

2 Cisco Report 2026: AI Impact on Wide Area Networks.

3 Palo Alto Networks Inc. Q3 FY2026 earnings call transcript.

Adoption traffic: Network activity generated when an organization rolls out, tests, or integrates new security tools, software, or configurations. Agentic AI: An AI system that uses sophisticated reasoning and iterative planning to autonomously solve complex, multi-step problems. Vast amounts of data from multiple data sources and third-party applications are used to independently analyse challenges, develop strategies and execute tasks.

Attack surface: All possible points where an unauthorised user could attempt to access a system.

Bad actors: Individuals or groups that intentionally cause harm to digital devices or systems. Threat actors exploit vulnerabilities in computer systems, networks and software to perpetuate various cyberattacks.

Endpoint security: Protection of individual devices such as laptops or servers from cyber threats.

Generative AI: Refers to deep-learning models that train on large volumes of raw data to generate ‘new content’ including text, images, audio and video.

Large Language Model (LLM): A specialised type of artificial intelligence that has been trained on vast amounts of text to understand existing content and generate original content.

Observability: Tools and processes used to monitor system performance and diagnose issues.

Zero Trust security: A model where no user or device is trusted by default; verification is required at every step.

Queste sono le opinioni dell'autore al momento della pubblicazione e possono differire da quelle di altri individui/team di Janus Henderson Investors. I riferimenti a singoli titoli non costituiscono una raccomandazione all'acquisto, alla vendita o alla detenzione di un titolo, di una strategia d'investimento o di un settore di mercato e non devono essere considerati redditizi. Janus Henderson Investors, le sue affiliate o i suoi dipendenti possono avere un’esposizione nei titoli citati.

 

Le performance passate non sono indicative dei rendimenti futuri. Tutti i dati dei rendimenti includono sia il reddito che le plusvalenze o le eventuali perdite ma sono al lordo dei costi delle commissioni dovuti al momento dell'emissione.

 

Le informazioni contenute in questo articolo non devono essere intese come una guida all'investimento.

 

Non vi è alcuna garanzia che le tendenze passate continuino o che le previsioni si realizzino.

 

Comunicazione di Marketing.

 

Glossario

 

 

 

Important information

Please read the following important information regarding funds related to this article.

Janus Henderson Horizon Fund (il “Fondo”) è una SICAV lussemburghese costituita il 30 maggio 1985 e gestita da Janus Henderson Investors Europe S.A. Janus Henderson Investors Europe S.A. può decidere di risolvere gli accordi di commercializzazione di questo Organismo d'investimento collettivo del risparmio in conformità alla normativa applicabile. Questa è una comunicazione di marketing. Consultare il prospetto dell’OICVM e il KIID prima di prendere qualsiasi decisione finale di investimento.
    Specific risks
  • Le Azioni/Quote possono perdere valore rapidamente e di norma implicano rischi più elevati rispetto alle obbligazioni o agli strumenti del mercato monetario. Di conseguenza il valore del proprio investimento potrebbe diminuire.
  • Un Fondo che presenta un’esposizione elevata a un determinato paese o regione geografica comporta un livello maggiore di rischio rispetto a un Fondo più diversificato.
  • Il Fondo si concentra su determinati settori o temi d’investimento e potrebbe risentire pesantemente di fattori quali eventuali variazioni ai regolamenti governativi, una maggiore competizione nei prezzi, progressi tecnologici ed altri eventi negativi.
  • Questo Fondo può avere un portafoglio particolarmente concentrato rispetto al suo universo d’investimento o altri fondi del settore. Un evento sfavorevole riguardante anche un numero ridotto di partecipazioni potrebbe creare una notevole volatilità o perdite per il Fondo.
  • Il Fondo potrebbe usare derivati al fine di ridurre il rischio o gestire il portafoglio in modo più efficiente. Ciò, tuttavia, comporta rischi aggiuntivi, in particolare il rischio che la controparte del derivato non adempia ai suoi obblighi contrattuali.
  • Qualora il Fondo detenga attività in valute diverse da quella di base del Fondo o l'investitore detenga azioni o quote in un'altra valuta (a meno che non siano "coperte"), il valore dell'investimento potrebbe subire le oscillazioni del tasso di cambio.
  • Se il Fondo, o una sua classe di azioni con copertura, intende attenuare le fluttuazioni del tasso di cambio tra una valuta e la valuta di base, la stessa strategia di copertura potrebbe generare un effetto positivo o negativo sul valore del Fondo, a causa delle differenze di tasso d’interesse a breve termine tra le due valute.
  • I titoli del Fondo potrebbero diventare difficili da valutare o da vendere al prezzo e con le tempistiche desiderati, specie in condizioni di mercato estreme con il prezzo delle attività in calo, aumentando il rischio di perdite sull'investimento.
  • Il Fondo potrebbe perdere denaro se una controparte con la quale il Fondo effettua scambi non fosse più intenzionata ad adempiere ai propri obblighi, o a causa di un errore o di un ritardo nei processi operativi o di una negligenza di un fornitore terzo.