Microsoft has unveiled plans to incorporate Anthropic’s Claude Mythos Preview model and other AI models into its Security Development Lifecycle, embedding AI directly into the stages where code is written and tested.
Rather than relying primarily on static analysis tools, Microsoft is adopting AI models capable of analyzing code dynamically and identifying complex vulnerabilities that might otherwise go undetected until later stages of development.
Released on April 7, Anthropic’s Mythos model has already demonstrated a previously unmatched ability to uncover critical flaws across operating systems and widely used software. Anthropic claimed that the model’s ability to find security vulnerabilities is so advanced that it should not be released to the public.
Microsoft gained access to the model through Anthropic’s Project Glasswing, a program that grants limited access to select tech firms for cybersecurity research. Within this framework, Microsoft is reporting measurable improvements to cybersecurity.
Microsoft’s strategy focuses on embedding AI deeper into the security workflow while extending its impact beyond internal development. Within engineering teams, AI models are being applied earlier in the coding process to identify and remediate issues before software is finalized.
For customers, Microsoft aims to provide clearer visibility into risk exposure across infrastructure, including patching gaps and externally accessible systems. In parallel, the company is building tools that can manage vulnerability detection and remediation at scale, including a multi-model scanning platform expected to enter preview in 2026.
Microsoft’s platforms, of course, form a substantial portion of global IT infrastructure. Enhancements to the company’s internal security practices could strengthen protections across this ecosystem without requiring direct adoption of the underlying AI models.
New Risks
The rise of advanced AI introduces a host of new risks. The same systems that accelerate vulnerability detection can also be used to identify and exploit weaknesses more quickly. Microsoft acknowledged that today’s AI capabilities are compressing the window between discovery and attack, increasing the importance of rapid mitigation.
Earlier, less reliable generations of security tools focused on identifying known issues through predefined rules. AI-driven systems, by contrast, can adapt based on prior findings, simulate attack scenarios, and operate continuously as code evolves. This is redefining expectations for securing software before deployment.
Despite these advances, any IT pro will tell you that AI cannot completely replace human expertise. Because these models rely on learned patterns, they may struggle to identify entirely new categories of vulnerabilities. Human oversight remains critical, particularly in high-risk or completely new scenarios.