Physical Address
4 Elgon Terrace, Kololo, Kampala, Uganda
Cloudflare has published new research examining how advanced artificial intelligence models are being used in cybersecurity, raising concerns about inconsistent safety responses and operational reliability during vulnerability assessments.
The findings were released through the company’s Project Glasswing initiative, an effort focused on testing the effectiveness of cyber-focused AI systems in real-world security environments. According to Cloudflare, the growing speed and sophistication of digital threats are forcing organisations to rethink traditional security approaches and prioritise systems designed to remain secure even when weaknesses exist.
As part of the research, the company evaluated an AI model known as Mythos across multiple production-level environments, including runtime infrastructure, protocol systems, edge computing environments, control systems, and open source software components. Researchers found that the model demonstrated an unusual ability to identify connections between smaller vulnerabilities and combine them into more serious attack scenarios that may be overlooked during standard security reviews.
However, Cloudflare also identified concerns around the consistency of AI safety behaviour during cybersecurity tasks. In some cases, the model declined to perform vulnerability analysis without providing clear reasoning or policy guidance. Researchers observed instances where the same security request produced different outcomes despite no meaningful change to the code being analysed, raising questions about predictability and transparency in AI decision-making.
The study further highlighted the continued importance of human expertise in cybersecurity operations. While the AI system generated useful findings, it also produced a high volume of speculative results and false alarms, particularly when analysing software written in memory-sensitive programming languages such as C and C++. This increased the workload for analysts, who were required to spend additional time separating genuine security risks from inaccurate outputs.
Cloudflare noted that the findings reflect a wider challenge facing the cybersecurity industry as AI systems become increasingly capable in both offensive and defensive applications. While frontier models may improve threat detection and vulnerability discovery, the company emphasised that organisations will need stronger governance, reliability standards, and human oversight to safely integrate these technologies into critical security workflows.
