Follow ZDNET: Add us as a preferred source on Google.

ZDNET’s key takeaways

• Anthropic, OpenAI, and Google tools can automate code debugging.
• But cybersecurity is too complex a problem for these tools to solve.
• AI’s biggest contribution may be to reduce avoidable software flaws.

Can you trust the companies that are building AI to make the technology safe for the world to use?

That is one of the most pressing questions you face this year as a user of AI, and it is not an academic question. As real-world deployments of the technology proliferate, novel kinds of risks are emerging with potentially catastrophic impact, demanding fresh solutions. 

Also: 10 ways AI can inflict unprecedented damage in 2026

To the rescue come the major creators of AI models, OpenAI, Anthropic, and Google. All three offer tools that could mitigate failures and security breaches in LLMs and the agentic programs built on top of them. 

(Disclosure: Ziff Davis, ZDNET’s parent company, filed an April 2025 lawsuit against OpenAI, alleging it infringed Ziff Davis copyrights in training and operating its AI systems.)

Wall Street observers think there is a real possibility that AI firms’ tools will displace the traditional cybersecurity offerings from companies such as Palo Alto Networks, Zscaler, and Check Point Software. A related field, called observability, is also threatened, including firms such as Dynatrace that sell tools to detect system failures. 

Also: Why encrypted backups may fail in an AI-driven ransomware era

The notion that most or all of the world’s software problems will be solved by software creators at the source, before programs enter the wild, is indeed tantalizing. No more denials of service, no more ransomware, no more supply chain attacks if you get it right from the start.

Only, it’s not that simple.

The challenge is greater than the potential achievements of any tool or approach. The risks of software, including AI models and agents, are too broad in scope for those companies to resolve on their own. 

It will take all of the traditional security and observability tools to fix what ails AI. It will also take novel forms of data engineering. In fact, the solution may even require the fundamental redesign of AI programs themselves to address the root causes of risk. 

Could AI make cybersecurity obsolete?

The stocks of cybersecurity firms were shaken recently when Anthropic unveiled Claude Code Security, an extension of its popular Claude Code tool that can automate some code writing. 

Anthropic said Claude Code Security will allow “teams to find and fix security issues that traditional methods often miss,” with a dashboard that displays potential issues and proposes patches to address the issues. 

Also: AI threats will get worse: 6 ways to match the tenacity of your digital adversaries

The intent is that a human analyst reviews the findings and proposals to make the final decision. Claude Code Security is “available in a limited research preview.”

The result of over a year of cybersecurity research, Claude Code Security does not merely police code made with Claude Code. Anthropic has used the tool to find hundreds of vulnerabilities “that had gone undetected for decades, despite years of expert review.”

Likewise, OpenAI in October unveiled Aardvark, what the firm calls an “agentic security researcher powered by GPT‑5.” In private beta at the moment, Aardvark undertakes the same kind of automatic code scanning as that promised by Anthropic. “Aardvark works by monitoring commits and changes to codebases, identifying vulnerabilities, how they might be exploited, and proposing fixes,” said OpenAI.

Three weeks before Aardvark’s launch, Google’s DeepMind research unit unveiled CodeMender, which the firm called “a new AI-powered agent that improves code security automatically.”

Like Anthropic’s tool, CodeMender is meant not simply to secure Google creations but to be a broad security tool. In six months of development, DeepMind noted, CodeMender had “already upstreamed 72 security fixes to open-source projects, including some as large as 4.5 million lines of code.”

Unlike Anthropic and OpenAI, DeepMind emphasizes not only proposing fixes but also automatically applying fixes to code. So far, the program is only being used by DeepMind researchers. DeepMind emphasized that “Currently, all patches generated by CodeMender are reviewed by human researchers before they’re submitted upstream.”

All three offerings, most observers agree, immediately threaten the role of tools in categories such as ‘AppSec,’ ‘Software Composition Analysis,’ and ‘Static Application Security Testing.’ That capability covers companies and tools such as Snyk, Jfrog, Mend, GitHub Dependabot, Semgrep, Sonatype, Checkmarx, and Veracode.

Claude Code Security’s introduction “drove renewed weakness across high-growth software names, particularly in observability and cloud security,” wrote William Power, a software analyst with investment firm R.W. Baird & Co.

Also: Why enterprise AI agents could become the ultimate insider threat

It’s reasonable to assume that, as Anthropic, OpenAI, and DeepMind emphasize, you will probably want to work with tools that are coming from the same vendors who are building the code that is proliferating the LLM-based software that will increasingly displace traditional packaged applications. 

The technology has the added appeal that it’s integrated into these companies’ coding platforms. Claude Code Security and Aardvark are already integrated, in preview form, into the Claude Code and OpenAI Codex tools. While CodeMender is still a research project, it’s clear that at some point it could be part of Google’s AI Studio development tool for Gemini, Imagen, and its other models.

A problem bigger than a single tool

However useful those tools prove themselves, cybersecurity is too broad a field, and the problem is too great in scope and too profound in its root causes, for code-scanning tools to make AI outputs safe. 

Within the realm of scanning source code, analyzing issues, and patching or redesigning, the problem is larger than a single piece of source code. Modern software is known in the field as an “artifact,” a composition of numerous files from many sources. A given program includes libraries, frameworks, and other elements that must all perform reliably together.

In a recent blog post, JFrog’s CTO and co-founder, Yoav Landman, explained that, “Code is no longer the final product. It is an intermediate step. The real output — the thing that gets shipped, deployed, and executed — is a binary artifact: A container image. A package. A library. A compiled release.” 

Also: Rolling out AI? 5 security tactics your business can’t get wrong – and why

Within the broader realm of technology, scanning and fixing code is a small portion of what cybersecurity firms, such as Palo Alto, Zscaler, and Check Point, do, or what Dynatrace, Splunk, and Datadog do in observability. 

Firewalls exist at a more basic level than as an application that secures the perimeter of a computer network. Their role is to keep out bad actors before they can get near vulnerable code. So-called endpoint security tools similarly ensure that compromised host computers do not become launch pads for attack. Meanwhile, a “Secure Access Service Edge” tool is cloud-based software that identifies and authenticates users on a network so that only the right parties interact with programs. 

None of those issues is resolved by having less buggy source code. Tools such as “Security Information and Event Management” (SIEM) sit above the network and the apps. These tools tell a security professional what is happening across a computer fleet in real time. 

While it is nice to fix code before it ships, SIEM does things that scanning code will never do. The tool shows things as they develop that demand urgent attention because they’re already causing issues. If the code is buggy, it can wait, and probably should wait. When something potentially catastrophic is happening across an entire computer network, time is of the essence. 

Also: AI is quietly poisoning itself and pushing models toward collapse – but there’s a cure

The companies selling SIEM, such as Palo Alto and Zscaler, are employing AI to speed up the work that security professionals do. However, software won’t replace the “throat to choke” when things are going wrong. Security vendors exist because they have people who pick up the phone in the middle of the night and work against the clock to find and fix issues that are larger than a single piece of bad code. 

Anthropic and OpenAI are not generally known for picking up the phone, although Google’s Cloud unit can offer its own security operations as an additional hand. 

AI, heal thyself 

On a more profound level, recent research has shown that the frontier of AI, the agentic systems, are themselves plagued with potentially catastrophic engineering and design faults. 

Researchers at MIT last week explained that numerous commercially shipping AI agent systems lack such basic features as published security audits or a means to shut down rogue agents. 

Also: AI agents are fast, loose, and out of control, MIT study finds

Researchers led by Northeastern University recently revealed the results of extensive red-team efforts where multiple AI agents interoperate, mostly without a person in the loop. 

They found “chaos” ensued: bots trying to shut down other bots; bots that “shared” malicious code with one another to expand the “threat surface” of cyber risk; and bots that mutually reinforced bad security practices.

One way to deal with that chaos is to build new AI training data sets gathered in the wild. Software and services firm Innodata is one vendor helping the giants of AI to do that.

“The adversaries are extremely creative, and they’re coming up with things which the models that have been trained in lab environments have never seen before,” Jack Abuhoff, Innodata’s CEO, told ZDNET. “What do you do about that? You need high-quality, semantically diverse, scalable adversarial attacks with which to stress-test the agents.”

Also: Destroyed servers and DoS attacks: What can happen when OpenClaw AI agents interact

Because AI and agents have their own faults, one stock analyst at Barclays Bank who covers the cybersecurity vendors, Saket Kalia, mused recently, “If the code developer is offering the code security tool, is that like the fox guarding the hen house?” 

Using AI to improve code

AI will inevitably be used to help fix code. The biggest contribution that Claude Code Security, Aardvark, and CodeMender can offer is not to magically solve cybersecurity, but to reduce the incredible number of avoidable software failures. 

In an article in the November issue of the scholarly journal IEEE Spectrum, titled “Trillions spent and big software projects are still failing,” long-time software chronicler Robert N. Charette pointed out that $5.6 trillion is spent annually on IT, but “software success rates have not markedly improved in the past two decades.”

Even for AI, it’s a grand challenge. As Charette wrote, “there are hard limits on what AI can bring to the table” to solve software engineering. “As software practitioners know, IT projects suffer from enough management hallucinations and delusions without AI adding to them.”