DocsQuick StartAI News
AI NewsMicrosoft will use model routing for AI security: Project Perception to be released this month
Product Update

Microsoft will use model routing for AI security: Project Perception to be released this month

2026-07-17T23:04:56.245Z
Microsoft will use model routing for AI security: Project Perception to be released this month

Project Perception, led by Microsoft’s new head of security, Gallo, is expected to launch as early as this month. It uses model routing to distribute tasks among OpenAI, Anthropic, and Microsoft’s own models, aiming squarely at the AI vulnerability detection market dominated by Anthropic’s Mythos—with low cost as its main selling point.

Microsoft may be moving to take over Anthropic’s turf as soon as next week.

According to a report from The Information on July 17, Microsoft’s internally codenamed Project Perception, an AI security product, has entered the final stage before release and could go live as early as this month. It is an enterprise-oriented software vulnerability detection and remediation tool, positioned directly against Anthropic’s Mythos model, which made waves in the cybersecurity sector earlier this year.

However, Microsoft does not intend to build another Mythos. What it wants is a vulnerability detection machine that can choose its own model—packing in OpenAI, Anthropic, and Microsoft’s own models, and letting cost and capability determine which one handles the task.

A Path That Bypasses Mythos

To understand why Project Perception chose this route, we first need to look at the market it aims to disrupt.

Over the past year, Anthropic’s Mythos has become almost “legendary” in enterprise security circles. Trained specifically for cybersecurity scenarios, the model can unearth logical vulnerabilities in real-world codebases—ones invisible even to human auditors. These are not the CVE matches that off-the-shelf scanners churn out, but deep flaws requiring contextual understanding of call chains, privilege boundaries, and race conditions. Financial institutions, energy companies, and large SaaS vendors are all negotiating full-stack deployments with Anthropic.

But Mythos has one unavoidable problem: it’s expensive.

Vulnerability detection, unlike chatbots, is a token-hungry monster. Running a full analysis on a mid-sized repository can require hundreds of thousands or even millions of tokens—and multiple rounds of reasoning, proof-of-concept generation, and fix validation. The more powerful Mythos is, the higher the per-job cost. Many in the industry believe that Mythos’s pricing makes it suitable only for “high-value targets,” not for everyday CI/CD pipelines.

Microsoft’s strategy this time is simple: don’t pursue the strongest single model—use orchestration for better cost-effectiveness.

Project Perception model routing architecture diagram, showing how a task classifier distributes workloads among multiple AI models

What Model Routing Is and Why It’s Cheaper

The frequently mentioned term model router has been a hot topic for the past six months, but Project Perception would be the first flagship product from a major tech firm to actually implement it.

The core idea is simple—almost naïve: before assigning a task to a large model, spend a tiny amount of resources to decide which model should handle it.

Breaking down the workflow for vulnerability detection, we can at least identify several stages:

  • Code summarization and structure extraction (low complexity, optimize for cost)
  • Identification of potential vulnerabilities (medium complexity, prioritize coverage)
  • Exploitability verification (high complexity, prioritize reasoning accuracy)
  • Fix generation (medium-high complexity, prioritize code quality)
  • Patch validation and regression testing (medium complexity, prioritize reliability)

Running every step with a top-tier model like Mythos is like taking a Porsche to buy groceries. But if step one and five use cheaper models (for instance, Microsoft’s Phi series or something like GPT‑4o mini), and only steps three and four invoke heavyweights like Mythos or Claude Opus, overall costs could drop by 60–80%, while the quality difference in the final report would be minimal.

The key to routing lies in ensuring the “judge” itself is cheap and accurate. This judge is usually a combination of small models or rule engines with negligible cost. When done well, it’s an excellent trade‑off.

If done poorly, though—say the router misclassifies a task and sends a complex logic vulnerability to a small model—it could cause missed detections. That’s where the true technical challenge of model routing lies.

Microsoft’s Play: Integrate Anthropic Into Its Own Products

The most intriguing part of Project Perception is that it will explicitly integrate Anthropic’s models.

For years, Microsoft’s exclusivity pact with OpenAI was one of the biggest mysteries in the industry. Only after structural adjustments in late 2025 did Microsoft start loosening that exclusivity and gradually introducing third‑party models into its products. Now, Project Perception embedding Anthropic models into its core workflow sends a clear signal: in the high‑value cybersecurity vertical, Microsoft acknowledges Anthropic’s strengths—but intends to regain commercial control.

This is exactly what the routing architecture enables—the end customer buys Microsoft’s product, and Microsoft collects the revenue; Anthropic becomes merely a backend supplier. As Microsoft’s internal security models improve, routing weights can shift toward its own models, adjusting Anthropic’s share at any time. It’s a completely different business model from simply reselling Anthropic’s API.

Anthropic is surely aware of this, but for now, using Microsoft’s distribution channels to reach a large base of traditional enterprise customers is still a tangible gain. It’s a partnership where both sides understand the cost.

Diagram of Microsoft Security’s reorganization under Hayete Gallot’s leadership

Hayete Gallot’s First Move

Behind Project Perception is Hayete Gallot, who took over Microsoft’s security business in February.

She moved quickly after taking office. According to several insiders, Gallot completed a departmental restructuring in under three months—cutting investment in traditional EDR and SIEM product lines, and concentrating budget and staff in three areas:

  1. AI‑native threat detection and response
  2. Developer‑focused code security tools
  3. Security governance for AI agents themselves

Project Perception falls into the second category, but it’s also a “template.” If it can prove that multi‑model routing architecture works in security, Microsoft may replicate the approach in other flagship lines—Defender, Sentinel, Purview, and beyond.

In other words, this isn’t just a new product—it’s effectively Microsoft’s public statement about the future of its security technology stack.

Developer’s View: Is It Actually Usable?

In product form, Project Perception will likely be delivered through two main channels:

  • IDE / CI integration plugin: similar to GitHub Advanced Security, automatically running vulnerability scans on pull requests and generating fix suggestions.
  • Enterprise SaaS console: integrated with existing code repositories and issue trackers for full-scale scanning and long-term monitoring.

From a developer’s standpoint, the two metrics that matter are: Can the false‑positive rate be kept low? Can the suggested fix be merged directly?

Over the past two years, many tools marketed as “AI‑powered” have failed on exactly those two points. Either false positives overwhelm developers until they simply switch it off, or the fixes look good on paper but, once applied, break functionality or introduce new bugs. Mythos earned recognition precisely because it crossed the threshold of actually being usable on both metrics.

By using a routing architecture to approximate Mythos‑level quality, Project Perception is essentially betting that task classification can be made granular enough for each model to excel at what it does best. Whether that bet pays off will only be clear after real‑world trials when the product goes live.

A Side Observation

It’s worth noting that the model‑routing idea isn’t unique to Microsoft. Many API aggregation platforms, particularly in China, are pursuing similar approaches—for example, OpenAI Hub allows a single key to access GPT, Claude, Gemini, and DeepSeek in an OpenAI‑compatible format, functioning as “multi‑model infrastructure” for developers. The difference is that Microsoft’s routing is a closed, solution‑level offering, whereas aggregation platforms hand the choice directly to developers.

Each path has its trade‑offs, but both point to the same conclusion: the era of one‑model‑fits‑all is over. What’s next is a competition of orchestration capabilities.

What to Watch Next

After Project Perception goes live, several key indicators will be worth following:

  • Pricing strategy: per lines of code scanned, per API call, or subscription model? Pricing will reveal Microsoft’s true confidence in its cost structure.
  • Depth of GitHub integration: will it be built directly into GitHub Advanced Security?
  • Vulnerability coverage: will it focus on OWASP Top 10‑type issues, or extend to complex business‑logic vulnerabilities?
  • Anthropic’s revenue share structure: likely undisclosed, but clues may appear in Anthropic’s future revenue reports.

If launch goes smoothly, this could be the most significant enterprise security product release of the second half of 2026—not only testing whether Microsoft’s AI security strategy holds up, but also whether multi‑model routing becomes the standard architecture for next‑generation AI applications.

Whether it truly releases on schedule this month—we’ll find out soon enough.


References

Related Articles

View All

Contact Us

We usually reply quickly during business hours

Scan WeChat

Support: Hub Assistant

WeChat ID: