The Engineers Building Both Sides of the AI Security War

A new breed of security team is quietly writing the rules for how artificial intelligence gets used in cyberattacks and defenses. Most companies have never heard of them.

ThreatVectr Newsdesk· 3 min read
Photoreal news-editorial style 16:9 image of a dark server room with faint green code reflections across black rackmount hardware, a single keyboard resting on
Share

Key points

  • Anthropic invited more than 50 organisations in April to test Claude Mythos, its advanced AI security tool, under a programme called Project Glasswing.
  • OpenAI launched a parallel programme called Daybreak, giving selected organisations early access to GPT-5.5 for security testing.
  • Cisco has published its AI security harness, called Foundry Security Spec, as open-source software, built around 13 specialised AI roles and roughly 130 individual requirements.
  • Security teams using these AI tools have already uncovered thousands of vulnerabilities, including some flaws that had sat undetected in core technologies for decades.
  • "Yellow teams", a term first used at the Black Hat security conference in 2017, are the engineering groups now responsible for turning AI security tools into something actually usable in production.

Two of the most powerful AI security tools ever built are currently in the hands of a small number of companies. The engineers inside those companies are learning something uncomfortable: the same technology that finds your weaknesses can just as easily be handed to someone who wants to use them against you.

Anthropics Claude Mythos and OpenAIs GPT-5.5 are not consumer chatbots. They are purpose-built AI systems designed to hunt for software vulnerabilities, weaknesses in code that attackers can use to break into systems, at a scale and speed no human team can match. Early access came through Project Glasswing and the Daybreak programme respectively. The organisations inside those programmes are still figuring out what they are holding.

Why does this matter to people who aren't security engineers?

Because the same tools finding holes in company systems right now will eventually be available to criminals. Every bank, hospital, retailer, and school that runs software, which is all of them, sits downstream of whatever these teams figure out in the next twelve months.

In practice, the AI does not arrive ready to use. James Robinson, the chief information security officer (the senior executive responsible for a company's security) at Netskope, a cloud security firm, was candid about his first session with Mythos. The model flagged an internal server as dangerously exposed because it lacked a password. What the AI missed was that the server was intentionally hidden from the public internet and posed no real risk. A human analyst would have known that in seconds. The model did not.

The failure mode here is assuming you can just point one of these models at your systems and trust the output. You cannot. Not yet.

The fix is something called a harness: a layer of software wrapped around the AI that tells it what it is allowed to do, what it must ignore, and how it should report what it finds. Think of it as a job description and rulebook combined. Without one, the AI produces a flood of false alarms.

Cisco built its harness, the Foundry Security Spec, and released it publicly so other companies could learn from it. It uses 13 separate AI agents, each with a defined role, handling everything from finding bugs to writing the final report. Microsoft's MDASH system runs more than 100 specialised agents through a five-step process. Cloudflare's harness follows eight steps. These are not small engineering projects.

The teams doing this work are called yellow teams. They sit between the red teams, who attack systems to find weaknesses, and the blue teams, who defend. Yellow teams build the tools both sides depend on.

Levi Bolourie, a senior security executive at Zscaler, a network security company, put it plainly: if defenders do not start using AI to sort through security alerts, the volume of those alerts will simply bury them.

One thing the post-mortem will say, if a company gets hit by an AI-assisted attack in the next two years, is that the engineering team was never brought into the security conversation early enough.

Get your developers into the room now, before the models become widely available to attackers.

© 2026 Threat Vectr