Microsoft’s AI Security Push

Microsoft said on April 22 it is plugging advanced artificial intelligence models into its security products to find flaws faster and speed up defensive response. (microsoft.com) The company said the push includes Project Glasswing, a partnership with Anthropic and other industry groups to test Claude Mythos Preview, spot vulnerabilities earlier, and coordinate mitigation. Microsoft said it evaluated the model with CTI-REALM, its open-source benchmark for detection engineering, and saw gains over earlier models. (microsoft.com) CTI-REALM is Microsoft’s March 20 benchmark for a security analyst’s day-to-day work: reading threat reports, exploring telemetry, and writing rules that can catch attacks in real systems. Microsoft says it processes more than 100 trillion security signals a day across endpoints, cloud systems, identity, and threat intelligence. (microsoft.com) The immediate problem is speed. Microsoft said newer models can chain together several low-severity bugs into a working exploit and generate proof-of-concept code, shrinking the time between discovery and attack. (microsoft.com) Anthropic has been making the same case from the model side. On April 7, the company said Mythos Preview had found “thousands” of major vulnerabilities in operating systems, browsers, and other software, and said about 40 additional organizations responsible for critical software infrastructure would get access through Glasswing. (usnews.com) Microsoft is not treating Anthropic as a one-off supplier. In November 2025, Anthropic said Claude models were added to Microsoft Foundry and Microsoft 365 Copilot, including the Researcher agent and Copilot Studio, expanding Microsoft’s use of outside models beyond OpenAI. (anthropic.com) Microsoft has also folded Anthropic into its enterprise contract structure. Microsoft Learn says Anthropic is being onboarded as a subprocessor for Microsoft Online Services, with Microsoft product terms and data protection rules applying when customers use Anthropic models through Microsoft services. (learn.microsoft.com) That arrangement still has limits. Microsoft says Anthropic-powered features are disabled by default for customers in the European Union data boundary and the United Kingdom, and they are not currently available in government or sovereign clouds. (learn.microsoft.com) Anthropic’s April 7 announcement showed how broad the security race has become: it named Microsoft, Amazon, Apple, CrowdStrike, Palo Alto Networks, Google, and Nvidia as Glasswing partners. Microsoft’s April 22 post put its role on the platform side, pairing outside models with Defender and its wider security stack rather than betting on a single model. (usnews.com) (microsoft.com) Microsoft’s closing message was that attackers are already using better AI, so defenders need the same tools embedded in production systems. The company said its strategy is “multi-model,” with more providers under evaluation as they become available. (microsoft.com)