When Anthropic shipped its first secure code review product in February, the security vendor stocks took a nose dive and the reaction from practitioners was almost uniformly dismissive. The market is an idiot. CrowdStrike doesn’t do AppSec. Claude doesn’t touch CrowdStrike’s business. All technically correct. All missing the point.

Three months later, OpenAI has stacked six overlapping cyber-flavored launches into one quarter and Anthropic has built a defender-facing product line with its own policy narrative. The vendors who treated the first move as a one-off AppSec experiment are about to find out that none of this was about AppSec.

Six lab-driven cyber launches in four months

The cadence is the signal. No category gets this much attention from OpenAI and Anthropic by accident.

  • Feb 2026Anthropic
    Secure Code Review
    Find real vulnerabilities in real repos
  • Feb 2026OpenAI
    Trusted Access for Cyber
    Vetted enterprise tier for security use
  • Mar 2026OpenAI
    Codex Security
    Agent harness aimed at code-security work
  • Apr 2026OpenAI
    GPT 5.5 Cyber
    Tuned variant for cyber tasks
  • May 2026Anthropic
    Mythos
    Defender-facing agent product + policy push
  • May 2026OpenAI
    Daybreak
    Partner-branded cyber tier (positioning, not new model)
Read this list as a marketing strategy, not a product roadmap. The overlap is the point — each launch is another shape of the same wedge.

The market math doesn’t support a market play

Start with the numbers, because the numbers settle the “is this a cyber land grab” question quickly.

  • Total global cybersecurity spend in 2025 is roughly $200B and growing mid-single digits.[1]
  • Anthropic’s reported annualized run rate is in the tens of billions; OpenAI’s is larger.[2]
  • CrowdStrike, the bellwether endpoint vendor that took the biggest beating on the February news, runs at roughly $3B in annual revenue.[3]

Taking allof CrowdStrike’s business would move Anthropic’s top line by single-digit percentage points. Owning the entire SAST market would barely register. If the labs were chasing cybersecurity dollars, they would be the worst capital allocators in tech.

They aren’t. The cyber launches are buying something else.

What the launches are actually buying

1. The most defensible enterprise demo they have.Most agent demos in 2025 were embarrassing — book a flight, summarize an inbox, almost shop for groceries. Cyber work is structurally different. A real bug is a real bug. A successful exploit reproduction is unambiguous. The output is verifiable in a way that “the model wrote a strategy doc” never is. For labs trying to convince skeptical buyers that agents work, security work is the one enterprise domain where the receipt is the bug.

2. A policy and regulatory story. If frontier models lower the cost of vulnerability discovery and exploit construction — and the public evidence increasingly suggests they do — the labs need a counter-narrative before regulators write one for them. Arming defenders flips the framing from AI is making the threat worse to AI is the only thing keeping up. The UK government’s reported reaction to being left out of Anthropic’s Mythos rollout was not skepticism. It was envy. That is exactly the policy posture the labs want governments to adopt.

3. A trust wedge into the most skeptical buyer. Cybersecurity teams are professionally paid to distrust new vendors, and CISOs sit on the budget gate for almost every enterprise AI deployment. Shipping a tool that finds real bugs and helps a security team look good is the cheapest possible way to convert the most important enterprise gatekeeper from an objector into a sponsor. Once the CISO trusts the lab’s agent in the SOC, the conversation about the lab’s agent everywhere else gets easier.

4. A wedge that doesn’t cost much.The lab investment in security-specific tooling appears modest relative to the marketing it generates. A repo-scanning harness on top of a frontier model is not where the R&D dollars go. The strategic leverage is high, the build cost is low, and the press coverage is loud.

The real prize is the bottleneck on everything else

Back in January 2026 we argued that cybersecurity is a connected system, not a list of specialties. The labs see it the same way, but they see it as one specific constraint: nothing about enterprise AI deployment moves until security is satisfied.

The bottleneck looks like this. A frontier model has been demonstrably capable of useful agentic work for at least a year. Production deployment inside enterprises remains slow. The blocker is rarely the model’s capability. It is some combination of: nobody knows how to scope an agent’s blast radius, nobody knows how to audit a prompt-injection event, nobody owns the AI Bill of Materials, nobody has mapped which controls a non-deterministic system actually needs.

That stack is the SecProve AI security layer of the domain map — and it is the gate. If the labs sell the gate, the rest of the map opens. That is why a $200B market is worth going after even when the math says it shouldn’t be.

Category boundaries are about to dissolve

The traditional cybersecurity product categories — SAST, DAST, EDR, SIEM, SOAR, ASPM, ITDR — were built around the seams between tools. They map to humans buying things, not to how the work actually flows. Lab-built tools won’t respect those categories because the labs don’t experience the categories. They experience problems.

Watch what is already happening downstream. Vendors built around a single category are quietly expanding into adjacent ones because they know the labs are going to land in their original lane: code-scanning vendors are adding endpoint detection, endpoint vendors are adding identity, identity vendors are adding posture management. Each of these moves looks like growth strategy. It is mostly displacement avoidance.

For practitioners, this means the cleanest mental model is not which vendor owns which acronym. It is which problem you need solved, who currently owns it, and which adjacent domain is one product release from absorbing it. The SecProve domain map is built around exactly that view — practice domains organized by what the work actually is, with explicit edges to the domains that the work depends on.

What this means if you work in security

Three things change, and one thing doesn’t.

What changes: the AI-security skill set stops being optional.Every defender hired in the next 24 months will be asked questions about prompt injection, agent authorization, model supply chain, RAG data leakage, and the audit story for non-deterministic decisions. These were specialty topics in 2024. They are baseline in 2026. If your team doesn’t have a credible answer for how do we govern this Claude-powered workflow? the lab will happily provide one, and your seat at that table shrinks.

What changes: tool consolidation is going to accelerate. If a single lab agent can plausibly handle code review, log triage, and detection tuning, the budget that previously funded three vendors starts looking like one line item with three checkboxes. The smart defensive posture is to evaluate which of your tools are buying you unique signal versus which are buying you category coverage that an agent can replicate.

What changes: the CISO’s job description.The center of gravity shifts from selecting and tuning tools to governing autonomous systems that increasingly do the selecting and tuning. NIST CSF 2.0’s elevation of Govern as a first-class function in 2024 looks more prescient every quarter.[4]

What doesn’t change: the seams still fail first. Whether the agent is human or a model, incidents will continue to land in the gap between identity and detection, the gap between supply chain and exposure, the gap between cloud config and governance. A lab agent that can’t see across those seams is just a faster way to produce the same blind spots. The defenders who win the next cycle are the ones who already think across the map.

The takeaway

Stop reading the lab cyber launches as a play for cybersecurity revenue. Read them as a play for the trust, the policy cover, and the deployment unlock that lets frontier agents live inside the dev and infrastructure stack of every enterprise on earth. Cyber is the wedge. The bottleneck is the product.

That reframing changes what defenders should care about. Less “which vendor wins SAST.” More “what does the control plane look like when half my team’s output is agent-generated and the agent is rented from the same vendor selling the security tool reviewing it.” That is the question the next decade of security work is built on, and it is not on most 2026 roadmaps yet.

See where AI security connects
Open the Cyber Systems Model →

51 domains, including the 9 AI-security domains the labs are quietly competing to own. No signup required.

References & further reading

  1. Gartner (2025). Forecast: Information Security and Risk Management. Aggregate global spend figure used here is in the $190–215B range across major industry analyst estimates for calendar 2025.
  2. Reported revenue run rates for OpenAI and Anthropic vary by source and timing of disclosure. The argument in this article only requires that lab run rates are large enough that the entire commercial cybersecurity market is small relative to them — a claim every public estimate supports.
  3. CrowdStrike Holdings, Inc. fiscal 2025 annual revenue. ir.crowdstrike.com.
  4. NIST (2024). Cybersecurity Framework (CSF) 2.0. doi.org/10.6028/NIST.CSWP.29. Govern is added as a sixth core function, explicitly positioned as integrating across the other five.