Moves by leading AI model developers to expand into cybersecurity are gaining pace.

OpenAI and Anthropic, which lead the large language model (LLM) market, have both recently stepped up efforts to strengthen security capabilities. Attention is on what changes this could bring to the security market and competitive landscape.

In late February, Anthropic introduced Claude Code Security, which scans code written by its AI coding tool Claude Code to find vulnerabilities and propose patches. It also recently introduced a "code review" function that automates reviews of AI-generated code. The code review function is integrated into the Claude Code platform and supports blocking errors and security vulnerabilities in large codebases in advance.

Anthropic launches AI-generated code review tool, strengthens Claude Code.

Anthropic's team also used its latest AI model, Claude Opus 4.6, to find a Firefox browser bug in 20 minutes. According to Mozilla, Claude found more high-risk Firefox bugs during a 2-week test in January than are typically reported worldwide over 2 months. Anthropic found more than 100 bugs over the 2 weeks, including 14 classified as high-risk.

Anthropic's Claude finds Firefox bug in 20 minutes.

OpenAI is also steadily increasing spending on security. OpenAI on the 6th unveiled the AI-based application security agent Codex Security. The company said Codex Security finds vulnerabilities in code repositories, verifies them and presents fixes. OpenAI also announced it would acquire Promptfoo, a startup specializing in AI security. Promptfoo was founded in 2024 and has developed technology to protect LLMs. OpenAI plans to integrate Promptfoo technology into its AI agent platform OpenAI Frontier through the acquisition.

After Anthropic, OpenAI also steps up security offensive, unveils Codex Security. OpenAI to acquire AI security startup Promptfoo, deploy for AI agent security.

It also compiled moves by companies in Korea and abroad around AI.

LG Uplus and Fortinet signed a memorandum of understanding at MWC26 in Barcelona, Spain, to strengthen the competitiveness of security services. The two companies will step up cooperation on new services including SASE (Secure Access Service Edge) optimized for cloud environments.

LG Uplus to cooperate with Fortinet on developing next-generation security services.

Edge device security company Security Platform will jointly develop a security-enhanced drone applying post-quantum cryptography (PQC) with The Peach, which supports the global defense supply chain with NDAA-compliant non-Chinese drone systems. Integrated access control and account management (IAM) company Netand introduced its Kubernetes access control solution, HIWARE for K8S. Fasoo will participate in the RSAC 2026 Conference in San Francisco, introducing AI-based data security products as well as private (on-premises) LLMs, AI-ready data management and AX consulting. Integrated security company Logpresso issued a report titled "North Korean IT workforce disguised employment OSINT analysis" analyzing patterns of North Korean IT workers taking overseas remote IT jobs using fake identities.

Security Platform and The Peach to jointly develop PQC-applied security-enhanced drone. Netand unveils Kubernetes access control solution, strengthens cloud security lineup. Fasoo steps up push into global market with private LLM 'Ellm'. Logpresso releases report analyzing disguised employment by North Korean IT workers.

Threat-informed third-party risk management (TPRM) company SecurityScorecard has established a Korea branch.

TPRM security firm SecurityScorecard establishes Korea branch, appoints Cheongha Woo (우청하) as branch head.

AI cybersecurity startup Kai Cyber Inc. raised $125 million in funding and also introduced an AI agent-based security platform. Kevin Mandia, who sold Mandiant to Google for $5.4 billion, founded a new AI-based cybersecurity startup, Armadin, and raised investment. Cybersecurity startup Cyrake raised $45 million in seed funding. Cyrake provides a security platform that operates within a company's own infrastructure.

Kai raises $125 million, develops agent-based AI security platform. Armadin founded by Kevin Mandia raises $190 million, takes on challenge of developing autonomous security agents. Cyrake raises $45 million, bets on on-premises AI-based security platform.

The Personal Information Protection Commission and the Ministry of Science and ICT are preparing measures to strengthen the effectiveness of the information security and privacy protection certification system. They are reviewing measures including expanding certification requirements and strengthening standards, overhauling review methods by introducing preliminary reviews and applying technical and on-site demonstration-type reviews, strengthening post-certification management to prevent data breaches, and improving review quality by strengthening oversight of review bodies and enhancing reviewer expertise.

How to strengthen effectiveness of information security and privacy protection certification system?

Hacking using AI is also becoming more sophisticated. Researchers at red team security startup CodeWol said they hacked McKinsey's internal AI platform with their AI agent in 2 hours and obtained read and write access across the entire chatbot.

Security startup hacks McKinsey AI with AI: "Fully autonomous, no human intervention."

There is also talk that open-source project maintainers are facing heavier burdens as AI agents flood them with reports of security flaws. Most reports lack specific evidence and are at a level that cannot answer follow-up questions, increasing maintainers' difficulties, it is said. There is also talk that as AI agents spread, it has become increasingly difficult for security companies to detect and respond to cases of AI being misused. Pindrop CEO Vijay Balasubramaniyan said, "The binary decision of whether to give agents access is over," and added, "Because agents assert identity on behalf of a person or institution, or act entirely independently, we now have to judge on a spectrum."

Flood of AI-driven security flaw reports leaves open-source maintainers struggling. Spread of AI agents makes security industry a key battleground for spotting malicious bots.