Google Fires Back at Anthropic Mythos With CodeMender Security Agent

At Google I/O 2026, the company escalated the AI security arms race by inviting select experts to test the API for CodeMender, an "AI agent for code security" first previewed last October. Google DeepMind CTO Koray Kavukcuoglu positioned the tool as a way to "help secure the world's code bases" by both flagging and fixing vulnerabilities, The Verge reported.

The timing is unmistakable. Anthropic's surprise Claude Mythos Preview announcement in April sent shockwaves through the AI world — and reportedly reached as high as the Federal Reserve chair and top bank CEOs, per CNBC. Google's CodeMender API launch is the most direct competitive response yet from a major AI lab.

Anthropic's Mythos Preview discovered thousands of high‑severity vulnerabilities across every major operating system and web browser during internal testing, according to Aragon Research. The capability was so potent that Anthropic restricted the model to a closed group of infrastructure partners after an internal CMS leak exposed its offensive potential before safeguards were finalized.

Anthropic then launched Project Glasswing — a defensive initiative that includes rivals like Google and Microsoft but excludes the general public, The Verge reported. By creating a gated "defenders‑only" tier, Anthropic effectively set a new standard for high‑stakes AI deployment — one its competitors could not ignore. As Jim Lundy of Aragon Research wrote: "The restricted release of Claude Mythos has officially turned cybersecurity into the primary theater of the AI arms race."

The shift from general‑purpose chatbots to specialized security agents is strategic. As AI labs race toward IPOs, cybersecurity offers something chatbots don't: an enterprise revenue story with clear ROI. The Verge noted that Mythos "stands to make the company a lot of money if things go well with its early‑access enterprise users and government agencies." Google needs the same story.

Google's response plays to its strengths. Since Google owns both Chrome and Android — both successfully probed by Mythos — its approach is defensive and inward‑facing, Aragon Research noted: "harden the fort." The company is expected to integrate similar vulnerability‑research capabilities directly into its Google VRP (Vulnerability Reward Program) and Gemini infrastructure.

The Mythos‑CodeMender competition creates an existential problem for the traditional cybersecurity industry. Legacy vulnerability management and static analysis tools are built on known patterns, but frontier models represent a shift toward generative discovery that can find flaws these tools consistently miss, Aragon Research analyzed.

At RSAC 2026, Mandiant founder Kevin Mandia predicted that new AI models would be capable of "wreaking havoc on enterprise software stacks" — a prediction that materialized within two weeks of his keynote. "The risk of Mythos being used by bad actors is the reason that it is in preview mode," Lundy wrote. "The model literally can find all kinds of vulnerabilities. This is a wakeup call to everyone in enterprise software." The message to traditional security vendors: evolve into an AI‑augmented service or prepare for obsolescence as automated capabilities become the new baseline for digital defense.

For developers and security engineers, the Mythos‑CodeMender dynamic signals a fundamental shift in how vulnerabilities will be discovered and patched. The immediate implications are:

Tooling expectations are changing. Static analysis that catches known patterns won't cut it when frontier models can find novel zero‑days. Expect AI security audit to become a standard CI/CD step within 12‑18 months.

Pricing will be premium. Both Anthropic and Google are positioning security capabilities as enterprise‑tier products, not free‑tier features. Builders should budget for this as a separate line item, not assume it's bundled with API access.

OpenAI is the wildcard. Aragon Research expects OpenAI to launch a specialized Codex Security tier — internally called Spud — to compete for the same enterprise and government contracts that Project Glasswing currently monopolizes. The AI security market is about to get crowded, and builders will have real choice for the first time.