AI Security Advances Underscore Ongoing Gap in Runtime Application Protection

According to a recent LinkedIn post from StackHawk, investor reaction to Anthropic’s AI security tooling has been notably mixed. The post contrasts a selloff in cybersecurity names following the launch of Claude Code Security with a subsequent rally after Anthropic’s Project Glasswing coalition with Microsoft, AWS, Apple, Google, and CrowdStrike.

The post highlights that AI models such as Claude Mythos Preview reportedly identified thousands of zero‑day vulnerabilities across major operating systems and browsers with minimal human input. It suggests, however, that these advances remain focused on code analysis rather than on runtime security testing of live applications.

StackHawk’s commentary points to a structural gap between static or AI‑driven code review and detection of runtime issues such as broken object level authorization (BOLA) and broken function level authorization (BFLA). These vulnerabilities are framed as emerging from application behavior, middleware, and infrastructure rather than source code alone.

For investors, the post implies that while large‑scale AI initiatives and cloud partnerships may support sentiment for established cybersecurity vendors, they may not fully address runtime security needs. This gap could sustain demand for specialized application security testing tools, potentially benefiting companies positioned around runtime testing even as AI code analysis becomes more capable.

The analysis also references community concerns about false positives, non‑determinism, and even reported vulnerabilities within Claude Code itself, suggesting technical and operational risks remain. If these concerns persist, they could temper expectations of rapid AI‑driven disruption and support a more diversified investment thesis across both AI‑enhanced code analysis and runtime security segments.