Cybersecurity vendors and IT giants are rolling out AI-powered products and services with an aim to help organizations protect themselves from the threats posed by the new generation of frontier AI models, which can not only detect software vulnerabilities but also rapidly generate exploits.
Anthropic’s Claude Mythos Preview put those risks into focus when it was announced last month, with the AI vendor limiting access to the model to a few dozen companies and developers as part of its
Project Glasswing initiative.
Some of the companies involved with Glasswing are applying what they learned with Mythos to develop advanced security techniques that are now being made available to enterprises.
Google,
IBM, and Red Hat are among the companies to have recently unveiled offerings.
CrowdStrike, in late April,
launched Project QuiltWorks, a framework powered by AI models from Anthropic and OpenAI, supported by a coalition that included other companies like
Accenture,
EY,
IBM Cybersecurity Services,
Kroll, and
OpenAI, to address the rising number of vulnerabilities in production code that frontier models are discovering. The problem is that the AI models are discovering security flaws – and developing exploits – faster than human security pros can respond.
“The defensive timeline in cybersecurity is changing faster than most organizations are prepared for,” the cybersecurity vendor wrote in a blog post when announcing Project QuiltWorks. “For years, defenders operated with an assumption that there would be some delay between vulnerability disclosure and exploitation. That delay created a window for patching, mitigation, and detection. It wasn’t perfect, but it gave security teams time to act. Frontier AI is removing that buffer and changing how organizations must consider cyber risk.”
Bringing on insurance
CrowdStrike this week extended the reach of the project, from protecting against threats to mitigating the financial exposure. The vendor is working with players in the cyber insurance industry – including Coalition, Liberty Mutual, Resilience, Lockton, and Marsh – to include actuarial intelligence, underwriting expertise, and financial protection in the framework.
The move gives organizations and MSSPs the technical help needed to detect, prioritize, and remediate vulnerabilities, which in turn gives cyber insurance companies the confidence to underwrite risk from frontier AI models.
“Frontier AI risk does not stop at technology. It lands on the balance sheet,” Daniel Bernard, chief business officer at CrowdStrike, told MSSP Alert. “That’s why the insurance layer matters.”
Organizations need to understand more than the technical aspects of the risk. There is also a business impact and financial exposure, and they need to know how to protect against it, Bernard said.
“Cyber insurers face the same reality,” he said. “They cannot underwrite frontier AI risk blindly. They need confidence that organizations have the right protections in place before they take on that exposure.”
Accelerating attacks
Tim MalcomVetter, general manager of security at Coalition, told MSSP Alert the problem with frontier AI is that it not only creates an entirely new category of cyber risk, but significantly accelerates the speed with which threat actors can weaponize security flaws and turn an incident into a financial loss for the victim.
“The timeline between exposure and impact is more compacted than ever, raising the stakes for organizations and reinforcing the need for continuous visibility into risk,” MalcomVetter said, adding that cyber insurance works best when it’s paired with solutions that can outpace threat actors that are using AI. “The goal is not simply to insure against frontier AI risk, but to help organizations understand their exposure, reduce it before an incident occurs, and ensure they have the financial protection they need if a loss does happen.”
'A major opportunity for MSSPs'
MSSPs have to understand that AI is fundamentally changing how organizations need to think about exposure, remediation, operational resilience, and financial risk, according to Bernard. It’s why CrowdStrike calls its initiative “QuiltWorks” and not “PatchWorks,” he said.
“MSSPs should take away one thing: patching is just phase one of AI’s disruption to cybersecurity,” he said. “This is bigger than fixing vulnerabilities. It’s about bringing the ecosystem together to help organizations securely adopt AI.”
The ecosystem includes frontier models, CrowdStrike’s Falcon platform, its services expertise, and now cyber insurance agents.
“This creates a major opportunity for MSSPs,” Bernard said. “Customers are going to need trusted operators who can help them navigate this new environment at scale. MSSPs are uniquely positioned to help customers operationalize remediation, continuously reduce exposure, and adapt as AI accelerates both innovation and risk.”
He added that “the organizations that move early here are going to help define what managed security looks like in the AI economy.”
Understanding the threat
Organizations are understanding the threat as well, he said. Coalition is hearing similar themes in both frontier model risks and legacy threats. The difference is “now clients are also concerned that threat actors will be moving even faster and with a higher volume of attacks, when they already feel overwhelmed by their current volume of alerts to investigate,” MalcomVetter said.
With the expanded focus on remediation, Project QuiltWorks lets organizations more precisely measure their financial exposure to frontier AI risk and, through adversary intelligence, vulnerability telemetry, and underwriting insights, can prioritize those exposures that are most likely to lead to operational and financial loss.
The visibility into risk exposure and remediation frameworks gives insurers the information they need to confidently underwrite frontier AI risks. Also, the combination of CrowdStrike, ecosystem partners, and insurance companies creates a continuous feedback loop based on everything from AI-driven vulnerability discovery to claims data.
MalcomVetter said including carriers and others in the cyber insurance field in Project QuiltWorks is an important step in protecting organizations against such threats.
“Frontier AI models have expanded the bounds of what’s possible, and that could threaten the financial underpinnings of cybersecurity risk, much of which is transferred to insurers like Coalition,” he said.
AI risks and protections
Project QuiltWorks – and the expanded reach out to the cyber insurance world – comes a few months after CrowdStrike released its
2026 Global Threat Report, which detailed the effects of AI and automation in cybersecurity, noting that last year, the average breakout time – the amount of time between an initial network compromise and the moment the bad actor begins moving laterally – fell to 29 minutes.
It also outlined how both threat groups and defenders are using AI in their operations.
“This is an AI arms race,”
Adam Meyers, head of counter adversary operations at CrowdStrike,
said in a statement at the time.