The operational meaning of artificial intelligence in cybersecurity has fundamentally changed in 2026. Anthropic's Project Glasswing and the Claude Mythos Preview were not simply productivity milestones; they were signals that vulnerability discovery, exploit reasoning, secure code review, and software assurance are becoming faster and more scalable for attackers and defenders alike. At the same time, senior leaders are being forced to confront practical, near-term concerns: what AI adoption means for insurability, how governance translates into enforceable control, and how to enable innovation without introducing risk they cannot defend to boards, regulators, or insurers.

Security leaders have long approached AI with warranted skepticism, curbing adoption while building moderately effective safeguards within their span of control. That caution served a purpose, but it is no longer sufficient on its own. The adversarial community does not wait for institutional readiness, and AI amplifies attacker economics around weaknesses that already exist in most environments: identity sprawl, software supply chain opacity, cloud misconfiguration, insufficient monitoring, and slow validation cycles.

We all know AI introduced new risks, but what Anthropic’s Project Glasswing reveals is that the greater danger is how it accelerates the identification and exploitation of existing ones. The adversaries will soon have these tools at their disposal, and security leaders can no longer sit idly by waiting for their enterprise software to provide the AI defenses they need. We have to fight fire with fire. 

Everforth Apex's point of view is straightforward: organizations must treat AI as both a first-class attack surface and a force multiplier. We can’t slow down the race of AI, but we can manage our own machinery better. 

 

Enterprise AI Adoption Looks Like A Formula 1 Race

For several years, AI adoption within the CISO's office moved slowly, for good reason. Security leaders are naturally skeptical of embedding new technology into their environments, which they have worked so hard to protect. But skepticism alone doesn’t prevent others from adopting first and asking questions later. Inside the CISO’s own organization, users race to innovate and accelerate, seeking profits over security. Some organizations prohibited AI usage entirely, while others encouraged it aggressively. Databricks, for example, publicly announced cash bonuses of up to $1,000 for employees innovating with AI. Most enterprises landed somewhere in the middle, where business and technology teams outside the CISO's authority raced competitors to deploy AI in whatever ways they could. This aggressive adoption of AI empowers engineers to race full steam ahead, and it’s been a marvelous sight.

The scene that has been playing out over the last few years resembles a Formula 1 race: fast, loud, and full of risk. Business and technology teams race at lightning speed, plowing ahead with limited understanding of what was under the hood of their vehicles. The AI models themselves became unpredictable machinery, risking the entire enterprise for the sake of faster speeds. Researchers like Hyrum Anderson have documented cases of malicious code hidden inside models pulled from public repositories, capable of running hundreds of thousands of scans per second and morphing to evade antivirus detection. 

With the drivers and their unpredictable machines racing ahead, security teams became the pit crew, expected to fix problems in motion and prevent catastrophic crashes. But the defenders of enterprises and organizations have been playing a losing game. Security teams were given responsibility for AI risk without authority over how AI was deployed. 

To be clear, security teams have not been idle. Many leveraged AI through SaaS platforms whose vendors embedded large language models early. These products had early use cases, providing features such as automated report writing, low-code interfaces, and faster triage. Those were accessible early wins, easy for security leaders to adopt. But the embedded LLMs and "agents" inside SaaS platforms have carried teams only so far. The standard tooling provided a foundation, but the industry has reached a plateau. The next evolution requires a more purposeful, mission-aligned approach.

 

The Threat Is Already Here

Well before Glasswing was announced in April 2026, real incidents had already shown what AI was doing to the threat landscape. Three patterns stand out from the past 24 months.

1. In 2024, criminals used a deepfake video conference to impersonate executives at the engineering firm Arup, inducing 15 wire transfers totaling HK$200 million. The lesson: AI dramatically lowered the cost of high-quality social engineering against humans in finance functions.
2. In late 2025 and early 2026, researchers documented an AI-assisted intrusion spanning multiple Mexican government entities, in which a single operator used commercial AI tools to accelerate scripting, exploitation, and data analysis at a scale previously associated with much larger teams. The lesson: AI gives a single operator the operational reach of a team.
3. In February 2026, McKinsey's internal AI platform, Lilli, was autonomously compromised in a responsible-disclosure exercise. This case deserves particular attention because it was an end-to-end compromise of a live enterprise AI platform, not a laboratory demonstration. In under two hours, an autonomous agent selected the target on its own, mapped the attack surface through public API documentation, identified more than 200 documented endpoints (22 requiring no authentication), recognized that JSON keys were being reflected in database error messages, iteratively exploited a SQL injection vulnerability that standard scanning had missed, and gained read/write access to the production database. Reported accessible data included 46.5 million chat messages, 728,000 files, 57,000 user accounts, 3.68 million RAG document chunks, and writable system prompts that could have altered platform behavior for thousands of users.

The most dangerous shift here is not that attackers need wholly new techniques. It is that known techniques become cheaper, faster, and easier to apply at scale. Reconnaissance, code analysis, social engineering, exploit chain reasoning, and misconfiguration discovery can all happen autonomously, at machine speed.

 

Old Assumptions, New Realities

The shift we’re amidst right now breaks the operating assumptions that defined legacy security practices. Here are a few examples:

• Human experts are no longer the bottleneck in vulnerability analysis. Tools like Claude Mythos will become commonplace.
• AI-enabled security operations can scale triage and exploit reasoning at machine speed, ending the grace period organizations relied on for patching vulnerabilities.
• Identity governance can no longer focus only on people. Human, machine, and agent identities all shape the attack surface, and a single hijacked agent session can produce automated, high-speed data exfiltration.
• Point-in-time security reviews are no longer sufficient. An "approved" state goes stale within hours.
• Manual SOC triage cannot absorb the alert volume AI-enabled attacks produce. AI-enabled SOC is mandatory.
• Periodic governance approvals can no longer define control. Static policies cannot govern dynamic AI behaviors, leaving organizations insecure but compliant on paper. A framework for managing AI Governance becomes essential. 

The implications run beyond the security function itself. AI security now connects directly to enterprise control over operational risk, accountability to boards and regulators, and the underwriting decisions that shape cyber insurance and supply chain access. Three questions are worth asking: Can you defend your AI platforms against autonomous adversaries today? Can you reconstruct AI decision trails when a regulator asks? Can you show AI control attestation when underwriters and customers ask?

 

Everforth Apex’s AI Security Mission: Four Foundational Controls

To reduce time to triage, validate exposure continuously, and enforce governance in production, enterprises should consider custom, specific, and thoughtful AI use cases to force-multiply their defense posture. Humans will remain responsible for setting intent, thresholds, and approval boundaries, but automated systems can execute within those constraints. The Everforth Apex AI service catalog is deep, but we offer a starting point of four solutions that harden your defenses in an AI world.

1. Operational Enforcement: Using agentic AI within security operations is the most intuitive starting point. We need purposeful, custom deployment of agentic AI into security operations, and we need it now. Functions like SOC monitoring, patch management, vulnerability scanning, and incident triage all contain manual, repetitive components that are strong candidates for automation. Common SIEM products use AI, but are they custom-fit to your operations? 
   Alert fatigue is the most persistent example. Analysts spend a disproportionate share of their time investigating alerts that turn out to be benign. Everforth Apex's Knoesis addresses this directly, providing real-time AI-powered alert triage that classifies events, prioritizes high-risk activity, and surfaces predictive context. The right approach is surgical rather than generalized. It meets operations teams where they are, evaluating where automation genuinely creates value, and hardening the stack the customer already owns rather than running rip-and-replace. We built Knoesis for our own Security Operations and can enable other organizations with the same framework. 
    
2. Continuous Validation: Continuous Validation replaces the compliance-checkbox of penetration testing with real value. We conduct red teaming and penetration testing with autonomous, continuous assessments under adversarial conditions. In a world where zero-day vulnerabilities can be discovered and exploited by autonomous agents in hours, annual testing is structurally inadequate. Everforth Apex's pen testing covers seven AI-specific testing domains: API and infrastructure, prompt layer, RAG pipeline, agents and tools, output and leakage, safety and guardrails, and technical governance. We simulate how autonomous adversaries actually operate, rather than relying on static tests.
    
3. Defensible Governance: Governance of AI usage is where most organizations are currently weakest. In a CyberOne poll of 30 CISOs, only two said they could reconstruct the decision trail of every agent that touched regulated data in the last 90 days. The good news is, governance frameworks already exist. ISO/IEC 42001 and the NIST AI Risk Management Framework provide solid foundations, but they must be embedded in DevSecOps with real enforcement authority, not filed as policy documents. Everforth Apex's tiered AI Governance services meet the customer where they are. The menu of services includes Governance Starter assessments, Control Builder implementations, an Assurance Program for ongoing oversight, and vCISO/vCAIO leadership. 
   Lastly, Data Loss Prevention is also on the table again, for the first time in a big way in the last decade, and with good reason. As enterprise AI tools proliferate, sensitive information and intellectual property face greater exposure risk than at any point in recent memory. Proper governance requires a DLP program that aligns with the enterprise’s AI toolsets and usage.
    
4. Controlled Enablement: No one wants to slow down innovation and progress. Having a framework of guardrails around the builders can help keep the drivers moving fast around the track while preventing a crash. Software delivery teams now produce in days what previously took weeks, with a correspondingly larger blast radius. Everforth Apex's TotalSight operating model unifies the AI lifecycle around three pillars: Business Prioritization to rank use cases before code is written, Rapid Build for citizen and pro-code development across any Git-based platform, and Automated Governance through the AI Watchtower module, which continuously monitors performance, cost, and compliance across environments.

Together, these four controls form a continuous operating loop. Findings become alerts. Incidents become evidence. Lessons become controls. Controls enable safe innovation, which feeds new intent back into operations.
 

The Right Response Is Disciplined Acceleration

Glasswing-class capability signals a permanent shift in how software is built and attacked. The time between weakness and consequence will keep shrinking. Human-paced control cycles cannot keep up when adversaries function at machine speed.

What still works is architecture, identity controls, validation processes, telemetry, and operations built to absorb machine-speed change. What does not work is AI for the sake of AI, generic SaaS-embedded features treated as a complete AI strategy, or static governance that cannot keep pace with dynamic AI behavior.

The path forward is disciplined acceleration: agentic operations to absorb volume and accelerate triage, autonomous validation to verify controls under real adversarial conditions, living governance with audit-ready records, and enterprise AI control that enables innovation while preserving visibility into what AI can access, what actions it can take, and how outcomes are monitored. 

 

Read our whitepaper to learn more