Google is trying to turn AI security into a platform business, and Anthropic's Mythos has made the race feel immediate.
Google used I/O 2026 to push a broader AI message, but the security angle is where the stakes look sharpest for enterprise buyers. The company is not only selling access to frontier models. It is trying to show that model reasoning, threat intelligence, cloud infrastructure, and automated code repair can sit inside one security stack.
That matters because Anthropic's Claude Mythos Preview has become the model every serious AI security conversation now has to address. Anthropic announced Mythos on April 7, 2026, and said it would not release the model publicly because of its advanced cybersecurity capabilities. Instead, it put the model behind Project Glasswing, a controlled defensive program involving major technology, security, and financial partners.
Google sits in an unusual position in that contest. It is a Project Glasswing partner, and Mythos has been described as available in private preview to select Google Cloud customers through Vertex AI. At the same time, Google is building its own defensive AI story around Gemini, Big Sleep, CodeMender, and the threat intelligence it already sells into large organizations.
For security teams, the immediate implication is practical. If Google can package vulnerability research, code remediation, threat detection, and model governance inside tools that customers already use, it reduces the appeal of adding another standalone product. That is especially true in large companies where procurement, data controls, and security reviews already run through Google Cloud, Vertex AI, and adjacent enterprise systems.
That does not mean the startup market disappears. It means the generic AI security wrapper gets harder to defend. Smaller vendors will need to show sharper specialization, deeper workflow integration, or measurable results in areas where a broad platform is less likely to move quickly. The more platform companies bundle these features, the more buyers will ask what a separate tool does that the core stack cannot.
Google's timing is helped by the threat environment. According to a report from The Guardian on Google's May 11 threat-intelligence findings, criminal and state-linked groups are already using commercial AI models to scale attacks, refine malware, and experiment with vulnerability exploitation. That gives Google a direct reason to frame AI security as a current enterprise problem, not a future research debate.
Mythos Set The Bar
Anthropic forced the market to take this seriously. Its own technical write-up said Mythos performed strongly on computer security tasks and had been used in controlled settings to find and exploit vulnerabilities in real codebases. The company positioned Project Glasswing as a way to use the model defensively before similar capabilities become widely available elsewhere.
The reason Mythos drew so much attention is not just that it is powerful. Anthropic made restraint part of the product story. By saying the model was too risky for general release, it gave enterprise buyers and policymakers a clear signal that AI-assisted vulnerability research had moved beyond ordinary coding help.
That framing creates pressure on Google. The company cannot afford to be seen only as a distributor of Anthropic's security model if the category becomes central to enterprise AI. By connecting Gemini to Big Sleep, CodeMender, and its own threat intelligence, Google is making the case that it can own more of the stack itself.
Big Sleep gives Google a research story around finding unknown software flaws. CodeMender gives it a remediation story by using Gemini reasoning to help repair critical vulnerabilities. Those two pieces matter because security buyers do not only want faster discovery. They want fewer open risks sitting in backlogs while engineering teams decide what to fix first.
The Market Gets Narrower
The pressure will be felt most by startups selling broad AI security tooling into enterprises. If Google can fold similar capabilities into cloud contracts, coding tools, and managed security products, many customers will treat that as the default option. A bundled tool does not have to be perfect to win budget. It only has to be good enough, trusted enough, and easier to approve.
The stronger opportunity may be in narrower, higher-trust work. Vendors that understand regulated environments, sensitive codebases, software supply chains, or security operations workflows can still build real businesses. But they will need proprietary data, strong evaluation evidence, and clear proof that their tools improve outcomes rather than merely add another AI interface.
This is where the category is moving. The contest is no longer only about who has the smartest model. It is about who can turn frontier reasoning into a useful security product before buyers decide the platform layer has already taken the market. Google's I/O push suggests it knows Mythos changed the conversation, and it does not plan to let Anthropic define the space alone.
Also read: Japan to accept foreign stablecoins as legal payments from June, opening Asia's largest market • Google's Gemini Spark moves AI from chat to background work • Google is pushing Android app building into a faster, more agentic era
