Zscaler joins Anthropic Project Glasswing on cyber AI
Zscaler has joined Project Glasswing, Anthropic's cybersecurity initiative, giving it access to Claude Mythos Preview.
The company plans to integrate the model into its secure software development lifecycle to identify vulnerabilities in its software stack and Zero Trust Exchange. It will also share findings with the wider Project Glasswing group, which Anthropic has limited to organisations that operate or protect critical infrastructure.
The move places Zscaler among a small group of participants using Anthropic's model, which Anthropic describes as able to identify software flaws and generate exploit code faster than human researchers. The announcement said the model has already found thousands of high-severity vulnerabilities across major operating systems and browsers.
Zscaler presented the development as part of a broader shift in cyber defence. It argued that patching flaws after discovery is no longer enough when AI systems can continuously scan internet-facing services at scale. Instead, organisations need to reduce what is visible online rather than rely solely on detecting and fixing weaknesses after exposure.
Architecture shift
Much of the announcement focused on Zscaler's long-standing case for zero-trust network design. Traditional security models built around firewalls, virtual private networks and perimeter defences assumed attackers moved at human speed, it said. That assumption, Zscaler argued, no longer holds when AI can automate reconnaissance and vulnerability discovery.
Zscaler said zero trust should be treated as a network architecture, not an added product layer. In practice, that means users do not connect directly to a network, applications are not exposed to the public internet, devices are verified before access is granted, and each connection is tied to a confirmed identity.
The company argued that if an application has no public IP address, open port or discoverable internet presence, attackers cannot easily reach it even if a software flaw exists. That distinction matters more, it said, as AI models improve at finding weaknesses in internet-facing systems.
Operational use
Beyond internal software testing, Zscaler will also integrate Anthropic's Opus 4.7 model into its AI Red Teaming and Agentic SecOps products. These tools are designed to help customers detect and respond to AI-related threats and govern autonomous software agents that can access data and interact with other systems.
The announcement also linked AI security risks to data loss, not just network intrusion. Zscaler said organisations increasingly face the possibility that their own AI tools could move sensitive information out of approved environments. It argued that controls need to inspect requests across software-as-a-service applications, private applications, email and encrypted traffic.
Zscaler also used the Project Glasswing announcement to highlight the scale of its platform. It said 40% of the Global 2000 use its services and that it processes more than 500 billion transactions a day, drawing on a large volume of security signals to distinguish ordinary traffic from hostile probing before a connection is established.
That point is central to Zscaler's market position. Rivals across the cybersecurity sector are also trying to show how AI can improve detection, automate analysis and protect increasingly distributed corporate systems. Zscaler, however, is using the announcement to emphasise network invisibility and access control as its primary response to AI-assisted attacks.
The company described the current shift as comparable to earlier changes driven by cloud computing, mobile devices and software-as-a-service adoption, when older perimeter-based approaches lost ground. In its view, AI represents another break with past assumptions, one moving faster than earlier technology cycles.
"If you are reachable, you are breachable."