SecurityThreat Economics is a weekly Security Unlocked column that translates threat intelligence into market signals, tracking where capital, risk, and adversary behavior intersect.
Glasswing Redefines AI Security as a Relationship Product
Anthropic’s Project Glasswing commitment of $100 million in usage credits to a vetted partner network, combined with $4 million in direct funding for open-source security organizations, is the largest single AI-security investment announced by a model provider. The business model embedded in Glasswing is worth examining on its own terms.
The partners (AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, Linux Foundation, Microsoft, NVIDIA, Palo Alto Networks) are not paying for access to Claude Mythos Preview. They are co-investing in the program by committing to responsible disclosure practices and coordinated vulnerability reporting. Anthropic is building strategic depth with the companies most likely to be its enterprise customers, while framing the capability restriction as a safety policy. Both framings are accurate; they are not mutually exclusive.
The market signal here is structural. AI security capability is being offered as a relationship product, not a mass-market product. That creates a two-tier market: organizations inside the Glasswing circle get access to vulnerability intelligence generated by the most capable security AI in existence, and organizations outside it do not. The competitive implications for security vendors who are not in the partner network, and whose products may be the ones Mythos is finding vulnerabilities in, are significant. Glasswing partners get advance warning. Everyone else gets the CVE after disclosure.
The $21 Billion Denominator
The FBI’s 2025 Internet Crime Report landed this week with a number that will anchor every cyber insurance pricing conversation for the next year: $20.877 billion in reported US losses, a 26% increase over 2024’s $16.6 billion. The actual figure is almost certainly higher, given IC3’s known underreporting baseline, but the directional signal is clear.
The line item to watch is the one that appeared for the first time: AI-related fraud at $893 million across 22,364 complaints. Insurers will need to determine how AI-assisted fraud claims should be classified and whether existing policy language covers deepfake voice and video used in business email compromise and investment scam scenarios. The classification question is not academic. If AI-generated social engineering falls under existing BEC policy language, insurers absorb the cost within current premium structures. If it requires a new category, underwriting models need to be rebuilt.
Investment scams ($6.57 billion), BEC ($2.77 billion), and tech support fraud ($1.46 billion) remain the top three loss categories, and all three are now being enhanced by AI-generated content at scale. The conversion of AI capabilities into fraud infrastructure is at production volume, not theoretical.
Storm-1175 and the Insurance Premium Question
Microsoft’s analysis of Storm-1175 this week identified healthcare as a primary target sector for the group’s Medusa ransomware operations. Combined with the Massachusetts hospital ambulance diversion incident reported in the same window, the timing creates a specific pressure point in the cyber insurance market.
Storm-1175’s documented 24-hour exploitation-to-encryption timeline changes the claims landscape. The standard insurer defense in claims disputes, that the organization should have patched faster, becomes less tenable when the attacker is weaponizing vulnerabilities before their public disclosure. The gap between “we would have patched if we had time” and “there was no time” has narrowed to the point where coverage disputes will increasingly turn on architectural controls (segmentation, behavioral detection, backup isolation) rather than patch velocity. Healthcare organizations that relied on patching as their primary risk mitigation strategy face both operational and coverage exposure.
CISA’s KEV Catalog as a Procurement Lever
The Ivanti EPMM CVE-2026-1340 addition to the CISA Known Exploited Vulnerabilities catalog, with a four-day remediation deadline for federal agencies, continues a pattern worth tracking from an investment perspective. Vendors who repeatedly appear in the KEV catalog face compounding scrutiny in federal contract renewals.
Ivanti has had consistent KEV presence across 2025 and 2026. The Fortinet FortiClient EMS addition (CVE-2026-35616) in the same update cycle puts another major vendor in the same spotlight. The federal market risk to these companies is meaningful, not because any single KEV listing is disqualifying, but because the pattern creates procurement friction that competitors can exploit. The Qualys analysis published this week, drawing on a billion remediation records, reinforces the dynamic: most critical flaws are being exploited before defenders finish patching at human speed. Vendors whose products repeatedly appear in that gap face a market positioning problem that their sales teams will need to address explicitly.
Developer Security Tooling: The Next VC Cycle
The convergence of GlassWorm, Contagious Interview, TeamPCP, and the Claude Code CVE cluster on the developer environment as attack surface creates a market signal that venture capital will follow. The thesis is straightforward: developer machines hold cloud credentials, private keys, source code access, and CI/CD pipeline permissions. Compromising one developer is equivalent to a low-level supply chain attack without needing to compromise an upstream package registry.
Socket’s detection of the Contagious Interview packages across five ecosystems demonstrates that the product category (package provenance verification) is commercially viable. The question for the next 12 months is which incumbent security vendors acquire into the space versus which startups emerge to own it. Wiz, Palo Alto Networks (Prisma Cloud), and Snyk are the most obvious acquirers. The startup opportunity sits at the intersection of package provenance verification, IDE extension security review, and CI/CD pipeline hardening, three capabilities that do not currently exist in a single product.
The North Korean Contagious Interview expansion to 1,700 malicious packages across npm, PyPI, Go Modules, crates.io, and Packagist is not just a threat intelligence finding. It is a market sizing data point. When state-sponsored actors invest in maintaining parallel publishing infrastructure across five separate ecosystems, the attack surface they are exploiting is large enough to sustain a security product category.
Where the Money Points
The combination of AI security capability concentration (Glasswing creating a two-tier market), AI fraud losses appearing in the IC3 report as a formal category, and developer environment compromise scaling to five ecosystems simultaneously points toward a market structure shift in 2026.
Security investment is moving upstream, toward the development pipeline and AI infrastructure layer, rather than downstream toward traditional endpoint and perimeter products. The companies that can credibly address developer environment security, AI serving infrastructure vulnerabilities, and AI-enabled fraud detection simultaneously are positioned for growth. The companies that built their market position on vulnerability management at human speed and traditional endpoint detection face a structural challenge. Storm-1175’s 24-hour exploitation window and Mythos-class scanning capabilities are compressing the market for products whose value proposition depends on the assumption that defenders have time to react. That assumption is expiring.