Anthropic says its experimental cybersecurity AI has already uncovered more than 10,000 high- or critical-severity vulnerabilities across some of the world’s most important software systems, highlighting what could become one of the biggest challenges facing cyber security in the AI era.

Project Glasswing

The findings come from Project Glasswing, a restricted cybersecurity initiative launched by Anthropic to help protect critical software infrastructure before increasingly capable AI systems can be used by attackers.

At the heart of the programme is Claude Mythos Preview, a specialised version of Anthropic’s AI designed specifically for vulnerability discovery, software analysis, and cyber defence tasks.

Unlike publicly available AI models, Mythos Preview has only been made available to around 50 carefully selected partners, including organisations responsible for maintaining and defending some of the world’s most important digital infrastructure.

According to Anthropic, those partners have collectively used the system to find “more than ten thousand high- or critical-severity vulnerabilities across the most systemically important software in the world” in just one month.

The Scale Of What Was Found

Anthropic says its partners have identified more than 10,000 high- or critical-severity vulnerability candidates. Of those, over 1,700 have already been verified as genuine security flaws, while more than 1,000 have been confirmed as high- or critical-severity vulnerabilities.

The company says it’s also been using Mythos Preview internally to scan more than 1,000 open-source software projects that underpin large parts of the internet.

So far, Anthropic says the model has identified 6,202 potential high- or critical-severity vulnerabilities within those projects alone. After detailed assessment by independent security researchers, 1,094 have already been confirmed as genuine high- or critical-severity flaws.

One example involved a serious vulnerability in wolfSSL, a widely used cryptographic library deployed across billions of devices. Anthropic says Mythos Preview discovered a flaw that could have allowed attackers to forge digital certificates and impersonate legitimate online services. The vulnerability has since been patched.

Finding Bugs Is No Longer The Bottleneck

Perhaps the most important aspect of the announcement is that Anthropic believes the economics of cybersecurity may now be changing thanks to AI.

Historically, security teams struggled to find vulnerabilities quickly enough, but now the company believes the opposite problem is emerging.

As Anthropic explains: “Progress on software security used to be limited by how quickly we could find new vulnerabilities. Now it’s limited by how quickly we can verify, disclose, and patch the large numbers of vulnerabilities found by AI.”

In other words, AI may be becoming so effective at discovering software flaws that human security teams cannot process, investigate, and fix them quickly enough.

Industry-Wide

That concern appears to be reflected across the industry. For example, Anthropic points to reports from Microsoft that patch volumes are expected to continue rising, while Oracle has already accelerated its patching schedules. The company also says Cloudflare found 2,000 bugs across critical systems while using Mythos Preview, including 400 classified as high- or critical-severity. Mozilla reportedly found more than ten times as many vulnerabilities in one Firefox testing cycle compared with earlier testing using conventional methods.

More Than Just Vulnerability Hunting

Anthropic says Mythos Preview has also shown value beyond traditional vulnerability discovery.

For example, one banking partner reportedly used the system to identify and prevent a fraudulent $1.5 million wire transfer after attackers compromised a customer email account and used spoofed phone calls to support the fraud attempt.

The company argues this demonstrates how advanced AI could increasingly act as a defensive force multiplier, helping cyber defenders analyse vast quantities of information far more quickly than human analysts alone.

However, Anthropic is also being careful about how widely it releases these capabilities.

The company has not made Mythos Preview publicly available because it believes safeguards remain insufficient to prevent misuse.

As Anthropic notes: “At present, no company, including Anthropic, has developed safeguards strong enough to prevent such models from being misused and potentially causing severe harm.”

Why This Matters

The announcement seems to highlight a broader change taking place across cybersecurity.

For years, security professionals worried about attackers using AI to create phishing campaigns, malware, and social engineering attacks. Increasingly, attention is turning towards AI-assisted vulnerability discovery, where software flaws can be found at unprecedented speed and scale.

Anthropic itself acknowledges the challenge directly, saying: “The relative ease of finding vulnerabilities compared with the difficulty of fixing them amounts to a major challenge for cybersecurity.”

That challenge becomes even more significant if similar capabilities become widely available across the industry.

Although Anthropic has restricted access to Mythos Preview, the company openly states that models with comparable capabilities are likely to emerge elsewhere and eventually become more broadly accessible.

What Does This Mean For Your Business?

For businesses, the most important takeaway here is that vulnerability discovery is accelerating rapidly, which means the value of slow patching cycles is diminishing just as quickly.

Many organisations still spend weeks or months testing and deploying updates, particularly in operational technology, manufacturing, healthcare, and other environments where change control is complex. As AI systems become better at uncovering vulnerabilities, those delays could create increasingly attractive opportunities for attackers.

Anthropic is urging organisations to focus on fundamentals such as faster patch deployment, stronger network configurations, multi-factor authentication, and comprehensive security logging. Those recommendations are not new, but the urgency behind them is growing because AI is dramatically reducing the effort required to find weaknesses in software.

The wider message is that AI is changing the balance between attackers and defenders. For now tools such as Mythos Preview may provide what Anthropic describes as an “asymmetric advantage” for defenders. The question facing the cyber security industry is how long that advantage will last once similar capabilities become widely available.

In this Tech Insight, we look at how artificial intelligence is becoming so economically important that financial markets are starting to treat it like a tradable commodity.

Why?

For most businesses, AI is still thought of primarily as chatbots, virtual assistants, or productivity tools.

Behind the scenes, however, every AI request consumes computing resources that carry real costs. For example, every prompt submitted to ChatGPT, Claude, Gemini, or other large language models requires processing power, memory, storage, networking, and electricity.

Increasingly, those costs are being measured and priced using tokens, which are the units that represent how much information an AI system processes.

In practical terms, this means that tokens are becoming one of the fundamental economic building blocks of the AI industry. Every question asked, every document analysed, every image generated, and every AI agent action consumes them.

As AI adoption accelerates, token consumption is growing rapidly across governments, businesses, software providers, and consumers.

The Emergence Of AI Markets

It seems that growth is now attracting the attention of financial markets. For example, reports indicate that China’s Shanghai Futures Exchange is now exploring the development of futures contracts linked to AI tokens, while major US exchanges are examining futures products linked to AI computing power.

Although these developments remain at an early stage, they point towards a significant change in how AI infrastructure may eventually be bought and sold.

Traditionally, futures contracts allow organisations to manage uncertainty by locking in future prices for important resources. Airlines hedge jet fuel prices, manufacturers hedge metal costs, and energy companies hedge electricity and gas prices.

As AI becomes a core operational expense, similar financial mechanisms may begin emerging around AI infrastructure itself.

What Are Businesses Actually Buying?

One reason this development may seem unusual is that many organisations never directly see the underlying economics of AI. Most users simply pay a monthly subscription or software licence.

Behind those subscriptions, however, AI providers are already pricing services based on token usage, processing volumes, and computing consumption. The more powerful the model, the larger the context window, and the greater the volume of activity, the higher the underlying costs become.

Large organisations running AI-powered customer support, software development, research, analytics, and automation systems can consume vast quantities of tokens every day.

As AI becomes embedded across more business processes, controlling those costs becomes increasingly important.

The Infrastructure Race

This also helps explain why technology companies, cloud providers, semiconductor manufacturers, and investors are spending hundreds of billions of pounds on AI infrastructure.

The industry is currently experiencing one of the largest technology infrastructure buildouts in history.

New data centres are being constructed across the world. GPU manufacturers are expanding production. Cloud providers are investing heavily in additional capacity. Entire businesses are emerging to rent computing power to AI developers.

The underlying assumption is that demand for AI processing will continue growing for years. If that happens, the resources needed to power AI systems could become increasingly valuable in their own right.

A New Asset Class?

Some industry figures believe AI computing resources could eventually develop into an entirely new financial asset class, the logic being that businesses already trade commodities that are essential to economic activity, i.e., electricity powers factories, oil fuels transport networks, and natural gas supports manufacturing and heating.

AI is increasingly becoming part of the infrastructure that powers knowledge work, decision-making, automation, software development, customer service, and business operations.

As organisations become more dependent on AI, the costs associated with computing power and token consumption may become significant enough to justify dedicated financial markets.

This would allow companies to manage future price volatility and provide investors with new ways to gain exposure to the growth of AI infrastructure.

Why This Matters

The bigger story is not really about financial derivatives. The more important issue is that AI is increasingly being treated as a utility rather than simply a software product.

Most technology platforms charge for access to applications. Increasingly, AI providers are charging for consumption of intelligence itself. That distinction may sound subtle, but it represents quite a change.

Historically, businesses bought software licences but increasingly, they are purchasing access to processing capability, model capacity, and AI-generated outputs. It now seems that the financial markets are beginning to recognise that change.

What Does This Mean For Your Business?

For businesses, the emergence of AI-related futures markets is another indication that AI is rapidly becoming part of the world’s economic infrastructure rather than simply another technology trend.

Of course, most organisations won’t be trading AI token futures any time soon. However, they are likely to feel the effects indirectly as AI costs become more visible, more measurable, and more closely linked to underlying computing resources.

As AI becomes embedded into customer service, marketing, software development, administration, research, and operational workflows, understanding how AI usage translates into business costs will become increasingly important.

The wider significance is that the technology industry appears to be moving towards a future where intelligence itself becomes a metered resource. If financial markets are already beginning to build mechanisms for trading and hedging AI consumption, it suggests many investors and infrastructure providers believe AI will become as economically important as the utilities and commodities that underpin the modern economy today.

Microsoft has introduced a new Windows 11 policy that allows organisations to remove the Microsoft Copilot app from managed devices, giving IT teams greater control over how AI is deployed.

A New Copilot Removal Policy

The change arrived as part of Microsoft’s April 2026 Windows 11 update and introduces a policy called “Remove Microsoft Copilot app”.

According to Microsoft’s own documentation, “This policy setting allows you to uninstall Microsoft Copilot from devices in a targeted way.” The company explains that the policy applies only under specific circumstances, including where Microsoft Copilot was not installed directly by the user and has not been used recently.

Microsoft also states: “The Microsoft Copilot app will be uninstalled. Users can still re-install if they choose to.”

Although that may sound like a relatively minor technical change, it represents quite a notable change in Microsoft’s approach to AI deployment.

Why Microsoft Is Making The Change

For the past two years, Microsoft has invested heavily in positioning Copilot as a central part of the Windows and Microsoft 365 experience.

The company has integrated AI into Windows, Office applications, security products, development tools, search functions, and business workflows. Microsoft’s long-term strategy clearly assumes that AI assistants will become a standard part of everyday computing.

However, adoption has not always matched the enthusiasm coming from technology vendors.

Many organisations remain cautious about introducing AI assistants into business environments due to concerns around governance, licensing costs, staff training, compliance obligations, data protection, and uncertainty about where AI genuinely improves productivity.

The introduction of an official removal policy seems to suggest Microsoft now recognises that many organisations still want the ability to decide for themselves when, where, and how AI tools should be deployed.

Importantly, Microsoft has not positioned the policy as a rejection of AI. Instead, it is being presented as a management and governance tool that gives administrators greater control over managed devices.

What The Policy Actually Does

The policy is aimed primarily at Enterprise, Education, and other managed environments where IT teams oversee large numbers of devices.

Rather than preventing Copilot from ever being installed, the policy allows administrators to remove inactive installations that meet Microsoft’s criteria.

This distinction matters because Microsoft is not abandoning its AI strategy. The company is simply providing organisations with more flexibility around deployment.

The documentation makes clear that users retain the ability to reinstall Copilot if they choose to do so later.

It is also important to understand that removing the Copilot app does not remove artificial intelligence from Windows entirely.

AI-powered capabilities remain embedded across numerous Microsoft products and services, including Microsoft 365, security tools, developer platforms, cloud services, and various operating system features.

In practical terms, the policy removes one specific application rather than reversing Microsoft’s broader AI integration strategy.

A Wider Industry Trend

The change actually reflects a broader trend emerging across the technology industry.

Many software providers initially approached AI as a feature that should be added everywhere as quickly as possible. Increasingly, vendors are discovering that customers want flexibility, transparency, and control alongside innovation.

Businesses are often willing to adopt AI where there is a clear business case, measurable productivity gains, or operational benefits. Resistance tends to emerge when tools appear to be imposed without clear governance frameworks or obvious value.

This is particularly true in regulated sectors where organisations must consider compliance, security, auditability, and data handling requirements before introducing new technologies.

Microsoft’s decision to introduce a removal policy can therefore be viewed as a recognition that successful AI adoption depends as much on customer trust and organisational readiness as it does on technical capability.

What Does This Mean For Your Business?

For businesses, the announcement is less about uninstalling one application and more about the growing importance of AI governance.

Many organisations are still working out which AI tools genuinely improve productivity, which require additional oversight, and which may create unnecessary complexity or cost. The ability to manage deployment more precisely gives IT teams greater flexibility while those decisions are being made.

The wider significance is that the AI market appears to be entering a more mature phase. Rather than simply asking how quickly AI can be rolled out, businesses are increasingly asking where it delivers value, how it should be governed, and whether users actually want it.

Microsoft’s new policy suggests the company understands that customer choice will remain an important part of AI adoption, even as artificial intelligence becomes more deeply embedded throughout Windows and the wider software ecosystem.

A study of 75,000 brands has found that being talked about on YouTube may now be a stronger predictor of AI visibility than backlinks, domain authority, or even the size of a company’s website.

The Research

The findings come from SEO platform Ahrefs, which analysed brand visibility across ChatGPT, Google AI Mode, and Google AI Overviews to identify which factors were most closely associated with appearing in AI-generated responses.

The results suggest that the rules of online visibility may be changing as AI increasingly becomes the way people discover information, products, and services.

According to the study, mentions of a brand on YouTube showed the strongest correlation with AI visibility across all three platforms. These mentions included brand names appearing in video titles, transcripts, and descriptions.

Perhaps even more surprising was the fact that traditional SEO signals performed relatively poorly by comparison. Domain authority, backlinks, referring domains, and website size all showed significantly weaker relationships with whether a brand appeared in AI-generated answers.

Why YouTube Seems To Matter So Much

One reason YouTube may be proving so influential is that it occupies a unique position within the modern AI ecosystem.

Large language models learn from enormous volumes of publicly available text, and video transcripts have become one of the richest sources of conversational content on the internet. Google also regularly cites YouTube content within its own AI-generated responses, creating a feedback loop between the platform and AI search systems.

The study suggests that AI systems increasingly pay attention to where brands are being discussed, not simply what brands publish on their own websites.

As Ahrefs notes: “Your brand’s presence across the web—not just your own website—is what AI Overviews draw on when deciding whether to mention you.”

That represents a potentially significant change from traditional SEO thinking, which often focused heavily on optimising pages, building backlinks, and increasing domain authority.

Mentions Matter More Than Links

One of the most interesting findings was the strength of unlinked brand mentions.

Historically, SEO professionals have often focused on backlinks because search engines used them as a signal of authority. However, AI systems appear to place greater value on simply seeing brands discussed across a wide range of sources.

Ahrefs found that branded web mentions showed a much stronger relationship with AI visibility than backlinks. The company concluded: “Web mentions (0.664) correlate much more strongly than backlinks (0.218).”

The study also found that the strongest factors were all external signals rather than metrics controlled directly by a company’s own website. Branded web mentions, branded anchor text, and branded search volume all outperformed traditional technical SEO measurements.

Importantly, the findings do not suggest that backlinks or domain authority have become irrelevant. Rather, they suggest those signals may now form only part of a much wider picture that AI systems use when evaluating brands.

A Different Way Of Thinking About Visibility

The findings arrive at a time when AI-generated answers are increasingly replacing traditional search results.

Many users now receive answers directly from ChatGPT, Google AI Mode, or AI Overviews without ever clicking through to a website. This has led marketers to focus increasingly on how often AI systems mention their brands rather than where they rank on a search results page.

Ahrefs argues that visibility in AI search increasingly resembles reputation management rather than traditional SEO.

As the company explains: “The strongest correlations with AI Overview mentions are all off-site factors.”

The implication is that businesses may need to think less about producing ever larger volumes of content and more about encouraging genuine discussion across the wider web.

What Does This Mean For Your Business?

For businesses, the research suggests that visibility in AI search is becoming increasingly tied to brand awareness, reputation, and third-party discussion rather than purely technical SEO factors.

A strong YouTube presence may help, but the wider lesson is that AI systems appear to be paying close attention to what other people say about your business. Reviews, interviews, podcasts, media coverage, industry commentary, customer discussions, and creator content may therefore become increasingly important sources of visibility.

The study also challenges the idea that publishing more content automatically improves discoverability. Ahrefs found only a weak relationship between the number of pages on a website and AI visibility, suggesting that simply expanding content volume may deliver limited returns.

As AI search continues to evolve, businesses may need to think beyond their own websites and focus more heavily on building a presence across the wider digital ecosystem. The companies most likely to be recommended by AI increasingly appear to be those that people are already talking about, discussing, reviewing, and mentioning across the internet.

GCHQ says it has developed a blueprint for a national cyber defence capability that could use AI agents to help protect the UK’s most important infrastructure from increasingly sophisticated cyber attacks.

A New Approach To Cyber Defence

The proposed system, which could be operational within five years, would use what GCHQ describes as “cutting-edge agentic AI” to identify and respond to cyber threats at machine speed.

By embedding AI directly into national cyber defence systems protecting sectors such as energy, water, healthcare, transport, telecommunications, and financial services, GCHQ is proposing a fundamentally different approach to cyber security that relies far more heavily on automated threat detection and response.

Speaking during GCHQ’s inaugural Annual Lecture at Bletchley Park, Director Anne Keast-Butler revealed that “in the past few months, GCHQ has developed the blueprint for a new national cyber defence capability that will hardwire cutting-edge agentic AI into machine-speed cyber defence.”

Why GCHQ Believes Change Is Needed

The proposal reflects growing concern that cyber threats are becoming too numerous, too complex, and increasingly too fast for traditional defensive approaches.

According to Keast-Butler, the UK is entering what she described as a “new era of radical uncertainty, contested geopolitics and rapidly changing technology.”

The concern is not limited to criminal hackers. For example, GCHQ has repeatedly warned about increasing cyber activity linked to hostile states, particularly Russia and China, alongside growing threats to critical infrastructure, supply chains, democratic institutions, and public trust.

Keast-Butler warned that “Russia is scaling up its daily hybrid activity against the UK and Europe”, while GCHQ believes the country faces a “narrowing window for the UK and allies to stay ahead.”

At the same time, advances in artificial intelligence are transforming both attack and defence capabilities.

The rapid emergence of AI systems capable of discovering software vulnerabilities, analysing vast quantities of information, generating convincing phishing attacks, and automating complex tasks is creating new challenges for cyber defenders across government and industry.

As Keast-Butler observed, “the latest frontier AI is rapidly unearthing the fault lines in technologies that our society relies on every single day.”

How The Cyber Shield Could Work

Although detailed technical information remains limited, the concept appears to involve AI agents continuously monitoring critical systems, identifying anomalies, assessing threats, and potentially coordinating defensive responses far faster than human teams could achieve alone.

Reports suggest the system could allow government AI agents to work alongside private-sector security systems, creating a more coordinated national defence capability across multiple sectors.

The idea reflects a growing belief within the cyber security community that future defence systems will need to operate at machine speed if they are to keep pace with increasingly automated attacks.

However, it should be noted here that this does not mean removing humans from decision-making altogether. Rather, it suggests AI may increasingly handle the detection, analysis, prioritisation, and initial response stages, allowing human specialists to focus on higher-level investigation and strategic decisions.

Beyond Cyber Security Alone

The announcement also forms part of a wider transformation taking place inside GCHQ itself.

Keast-Butler revealed that the organisation is embedding frontier AI “responsibly and ethically” into its own operations to “enhance algorithms, translate foreign languages, and find needles in haystacks quicker than ever before.”

The agency is also preparing for emerging challenges associated with quantum computing, space-based technologies, and the protection of critical undersea cables and communications infrastructure.

In her lecture, Keast-Butler highlighted how technological change is accelerating across multiple fronts simultaneously, creating what she described as a “moment of consequence” for the UK and its allies.

Why This Matters

The significance of the proposal extends far beyond government networks.

For example, much of the UK’s critical infrastructure is actually owned and operated by private-sector organisations. Energy providers, telecommunications firms, transport operators, financial institutions, manufacturers, logistics companies, and healthcare suppliers all form part of the broader national infrastructure ecosystem.

If GCHQ succeeds in building an AI-driven cyber shield, it could become one of the first attempts anywhere in the world to create a national-scale cyber defence system built around autonomous AI capabilities.

The announcement also highlights how governments increasingly view cyber security as a national resilience issue rather than simply an IT problem.

Large-scale cyber attacks can disrupt supply chains, affect public services, damage economic activity, undermine confidence, and create wider national security risks. As a result, governments are looking beyond conventional security tools and exploring new approaches capable of operating at much greater speed and scale.

What Does This Mean For Your Business?

For businesses, the proposal is another reminder that cyber security is rapidly becoming more closely connected to national security, critical infrastructure protection, and artificial intelligence.

While a national cyber shield may eventually provide additional layers of protection, GCHQ’s message is not that organisations should wait for government systems to solve the problem. In fact, Keast-Butler urged businesses and citizens alike to make cyber security “ten times more urgent”.

The wider message is that AI is changing the economics of cyber security on both sides of the equation. Attackers are gaining access to increasingly capable tools, while defenders are being forced to adopt new technologies to keep pace.

As governments, businesses, and infrastructure operators increasingly turn to AI-powered defence systems, cyber security may become less about reacting to attacks after they happen and more about identifying and disrupting threats before they have an opportunity to cause harm.

DuckDuckGo says it has seen a surge in users following Google’s latest AI search announcements, highlighting growing concerns about AI-generated search results.

The privacy-focused search engine reported US app installs increased by an average of 18.1 per cent week-on-week after Google’s I/O conference, peaking at 30.5 per cent. Independent analytics firm Apptopia also reported a 29 per cent increase in US downloads.

The increase followed Google’s expansion of AI Overviews and AI Mode, which provide AI-generated answers directly within Search. Critics have raised concerns about accuracy, transparency, and reduced user control.

DuckDuckGo CEO Gabriel Weinberg claimed that “Google is force-feeding AI with no way to opt out” and said users should be able to choose “how much or how little AI they want”.

Businesses should remind staff to verify important information using trusted sources rather than relying solely on AI-generated summaries, particularly when making financial, legal, technical, or security-related decisions.