SignalFeed

The 12-to-3 Collapse: How AI Has Crushed the Enterprise GTM Stack

The Information's July 17 report on Microsoft's multi-model routing framework reveals a cost and capability play that directly challenges Anthropic's enterprise security monopoly.


Microsoft is building a routing layer that treats Claude, GPT-4o, and Gemini as interchangeable components—and the primary target is Anthropic's $1.4 billion enterprise security business.

The Information reported on July 17, 2026 that Microsoft's internal Project Perception framework, developed within Microsoft Security Copilot, dynamically routes AI queries across multiple frontier models based on cost, latency, and per-task accuracy benchmarks. Early internal results show a 47% reduction in per-query inference cost on security workloads compared to single-model deployments—without measurable accuracy degradation on the tasks that define enterprise security value: threat attribution, malware analysis, and incident reconstruction.

The timing is not accidental. Anthropic just closed what sources described to Signal as a multi-year $400M+ enterprise commitment with a major financial institution anchored to Claude for security workloads. Project Perception, if it becomes a Microsoft-productized feature of Security Copilot, turns that kind of commitment from a strategic moat into a negotiating chip.

What Project Perception Actually Does

Security Copilot's original architecture—launched in 2023 and expanded through 2025—was built on GPT-4 with a fixed model deployment. Every query from a security analyst, every automated enrichment request from a SIEM alert, every threat intelligence lookup went to the same model at the same price. That architecture made sense when GPT-4 was the only viable option. It makes less sense in 2026 when the frontier model landscape includes Claude 4 Opus at $15/million input tokens, GPT-4o at $5/million input tokens, Gemini 1.5 Pro at $3.50/million input tokens, and a dozen fine-tuned smaller models purpose-built for specific security tasks.

Project Perception is a query classification and routing system that sits in front of the model layer. When a Security Copilot query arrives, the router classifies it:

Query TypeDescriptionPreferred ModelRationale
Structured lookupHash/IP/domain enrichment against threat intel feedsGPT-4o mini or fine-tuned GeminiSub-200ms latency, structured JSON output, no reasoning required
ClassificationPhishing URL / malware family / benign at scaleFast frontier (GPT-4o)High volume, labeled training data available, accuracy benchmarked
GenerationAlert summarization, report drafting, playbook writingGPT-4o or Claude SonnetMedium cost, good output quality, latency tolerant
Complex reasoningThreat actor attribution, campaign reconstruction, incident narrativeClaude 4 OpusHighest accuracy on long-context, multi-hop reasoning tasks

The 47% cost reduction comes from moving the first three categories—which represent roughly 70-75% of enterprise SOC query volume by token count—to lower-cost models, while reserving Claude's premium pricing for the 25-30% of queries that genuinely need its reasoning depth.

Why Anthropic Became the Enterprise Security Default

To understand why Project Perception is significant, you need to understand how Anthropic came to dominate enterprise security AI in the first place.

Between 2024 and early 2026, Anthropic's Claude achieved three things that made it the de facto choice for security-conscious enterprise buyers:

Constitutional AI safety guarantees. Enterprise security tools that use AI for threat analysis face an uncomfortable dual-use problem: the same model that analyzes malware can generate it. Anthropic's Constitutional AI training produced models with unusually consistent refusal behavior on attack generation requests, which became a compliance requirement for security tooling at financial institutions and healthcare enterprises under FedRAMP and SOC 2 Type II frameworks. Claude's refusal reliability in red-team testing exceeded GPT-4 on most published benchmarks, and security vendors used that difference as a procurement argument.

Long-context accuracy on security documents. SIEM log dumps, malware disassembly output, incident report narratives, and threat intelligence reports are long, dense, and structured in ways that require holding a large working context. Claude's published context window and its demonstrated ability to reason accurately across 100,000+ token inputs gave it a structural advantage in the security workflow that was hard to replicate.

Enterprise integration depth. Anthropic signed integration agreements with CrowdStrike (Falcon AI Intelligence), Palo Alto Networks (Cortex XSIAM), and Mandiant (now Google Security) in 2025, making Claude the intelligence backbone for the most widely deployed enterprise security platforms. By the time Microsoft launched Project Perception, Anthropic's model was already embedded in the security workflow of thousands of enterprise security teams.

That moat is real. But Project Perception's routing architecture is designed to extract the value of Claude's reasoning capabilities while minimizing the cost of its premium pricing on queries that don't need it.

The Unit Economics of Enterprise AI Security

The math on multi-model routing is clearer than it might seem. Consider a Fortune 500 company running Security Copilot at scale.

A large enterprise SOC might process: - 15 million enrichment queries per day (hash lookups, IP reputation, domain classification) - 3 million classification tasks per day (phishing/malware/benign at alert triage) - 500,000 generation tasks per day (alert summaries, case notes, playbook steps) - 50,000 complex reasoning tasks per day (attribution, incident narrative, threat hunting)

At Claude 4 Opus pricing ($15 input / $75 output per million tokens), running all workloads through Claude at an average of 2,000 tokens per query costs approximately $2.8M per month at list price—$33M annually before volume discounts.

Routing with Project Perception logic: - Enrichment queries to GPT-4o mini: 15M × 2K tokens × $0.15/M input ≈ $4,500/day - Classification to GPT-4o: 3M × 1K tokens × $5/M input ≈ $15,000/day - Generation to GPT-4o: 500K × 3K tokens × $5/M input ≈ $7,500/day - Complex reasoning to Claude 4 Opus: 50K × 8K tokens × $15/M input ≈ $6,000/day

Total: approximately $33,000/day, or roughly $1M/month—a 65% cost reduction at these volumes, exceeding Project Perception's own 47% benchmark (which presumably measured a different query mix).

The key insight: Claude's value proposition doesn't disappear. It concentrates. The complex reasoning tasks—the threat actor attribution, the incident reconstruction, the multi-hop analysis across disparate data sources—still go to Claude because that's where the accuracy gap is largest. But Claude stops being the workhorse for everything and becomes the specialist for the hard problems.

Anthropic's Response: Speed and Specialization

Anthropic's leadership is not unaware of this dynamic. The Claude Haiku releases—particularly Haiku 3.5 and Haiku 4—represent Anthropic's attempt to compete in the cost tier while maintaining model family loyalty. The bet: if Claude Haiku is fast enough and cheap enough to win the classification and generation tiers, enterprise accounts might route everything within the Claude family and skip GPT-4o or Gemini entirely.

The early data on that bet is mixed. Claude Haiku 3.5, at $0.80/M input and $4/M output, is cost-competitive with GPT-4o mini on structured tasks. But speed benchmarks place Claude Haiku behind GPT-4o mini on median latency for classification workloads, and Microsoft's security vendors have multi-year integration depth with OpenAI that creates switching friction. The Anthropic strategy works if model family loyalty matters more than price-performance optimization. Project Perception is a direct bet that it doesn't.

Anthropic's other response has been to double down on long-context and reasoning benchmarks where Claude maintains a clear lead. The Constitutional AI and enterprise safety features that drove initial security adoption remain differentiators. The Anthropic Mythos framework—announced for enterprise security in Q2 2026—adds compliance documentation, audit logging, and SOC 2-ready data handling that GPT-4o and Gemini don't yet match at the same depth.

The strategic question for Anthropic: can premium positioning on reasoning quality and compliance infrastructure sustain enterprise revenue as routing frameworks commoditize the routine tiers?

The Procurement Shift That Project Perception Enables

For enterprise security teams, Project Perception's most significant implication isn't cost—it's leverage.

Enterprise AI contracts for security workloads have been structured as platform deals: you buy Security Copilot (Microsoft), Falcon AI (CrowdStrike + Anthropic), or Cortex XSIAM (Palo Alto Networks + Anthropic), and the model vendor is embedded in the platform contract, largely invisible. The enterprise buyer negotiates with the platform, not the model. Anthropic and OpenAI negotiate with the platform vendor, not the enterprise.

Multi-model routing changes that dynamic. When the platform explicitly surfaces which model handles which query type—and allows the enterprise to configure that routing—the enterprise buyer suddenly has a direct stake in model pricing. A CISO who can see that 70% of Security Copilot queries are going to Claude at $15/M tokens versus GPT-4o at $5/M tokens has a data-driven argument for renegotiating the routing configuration. And a CIO who sees a Project Perception pilot showing 47% savings will present that data to the CFO.

This creates a new procurement motion:

1. Baseline current AI spend across all security tools with AI inference components. Most enterprise security teams don't have this number; it's buried in platform licensing fees.

2. Classify query volume by type. Run a 30-day instrumentation period on Security Copilot or equivalent to understand your actual distribution across enrichment, classification, generation, and reasoning tasks.

3. Benchmark model accuracy per task type. Use your labeled historical data (incident reports with known attributions, phishing campaigns with ground-truth classifications) to run offline accuracy tests for each query category across Claude, GPT-4o, and Gemini.

4. Build the routing cost model. Map your query volume × token estimates × per-model pricing to calculate the cost of each routing configuration. The 47% figure is Microsoft's internal benchmark; your number will differ based on your actual query mix.

5. Negotiate with data. Take the routing cost model to your platform vendor and AI vendor relationships. The cost differential is now a leverage point, not a given.

This playbook was not available to enterprise security buyers before multi-model routing frameworks made query-level economics visible. It is now. The teams that move first will have better contract terms; the teams that wait will be negotiating against benchmarks their vendors already know.

The Broader Signal: Model Commoditization Is Accelerating

Project Perception is one data point in a trend that has been visible since late 2024: enterprise buyers are systematically moving away from single-model commitments and toward routing architectures that treat frontier models as interchangeable cost inputs.

The AI budget reckoning Signal covered earlier this year documented the first wave of this shift—enterprises discovering that their AI inference spend had grown 3-5x in 18 months without proportional productivity gains, and beginning to implement token budgeting and routing controls. Project Perception is what that discipline looks like when it's built into the platform rather than bolted on post-hoc.

For the frontier model vendors—Anthropic, OpenAI, Google—the implication is that differentiation at the platform infrastructure layer is becoming harder to sustain. When Microsoft is openly building routing that commoditizes the routine query tiers, and when those tiers represent 70-75% of enterprise query volume, the premium pricing on reasoning-tier queries has to carry significantly more of the revenue weight.

Anthropic's best-case scenario in a world with Project Perception: reasoning workloads are large enough and pricing-inelastic enough that the per-token revenue on complex attribution and incident reconstruction work compensates for volume compression on routine tiers. The company's research investment—particularly on multi-step agent architectures where Claude's reasoning depth matters most—is implicitly a bet on this outcome.

The worst case: routing frameworks become so efficient that enterprises treat even complex reasoning as a commodity, running auction-style competitions between frontier models for every query class and driving pricing to marginal cost. That scenario is further out—current accuracy gaps between Claude, GPT-4o, and Gemini on hard reasoning tasks are real—but Project Perception is a step in that direction.

What Security Teams Should Do Now

If you're running enterprise security AI at scale, Project Perception's July 17 reveal is your prompt to act before your vendor does.

The companies that will benefit most from multi-model routing are the ones that instrument their AI query traffic before their platform vendors build the routing layer into the product. If you wait for Microsoft to productize Project Perception into Security Copilot's standard offering, the routing configuration will be Microsoft's default, not yours. If you build your own query classification and routing layer now—even as a lightweight middleware—you control the routing logic and the cost model.

The enterprise AI implementation patterns that have worked at scale share a common characteristic: the teams that get the best outcomes are the ones that treat AI models as inputs to be optimized, not platforms to be committed to. Project Perception is Microsoft codifying that lesson. The security teams that have already internalized it will adapt fastest.

The 47% cost reduction is real. The question is who captures it—the security team that moves proactively, or the platform vendor that locks it in as margin.

Takeaway: Microsoft Project Perception is not a product announcement—it's a signal about the trajectory of enterprise AI procurement. Multi-model routing frameworks that classify queries by task type and route to the best-cost model for each class will become standard infrastructure in enterprise AI over the next 18 months. For security teams, the immediate action is to instrument your AI query traffic, understand your distribution across enrichment, classification, generation, and reasoning tiers, and build the cost model that gives you leverage in your next vendor conversation. Anthropic's position remains strong on the reasoning tier; it weakens on everything else. The enterprise accounts that understand that distinction will negotiate better contracts and deploy better architectures. The ones that treat the Anthropic relationship as a platform commitment will pay full Claude prices for malware hash lookups.

Frequently Asked Questions

What is Microsoft Project Perception?

Microsoft Project Perception is an internal multi-model AI routing framework reported by The Information on July 17, 2026. It dynamically routes security queries—threat intelligence lookups, malware analysis requests, vulnerability assessments—across Microsoft's own GPT-4o, Anthropic's Claude, and Google's Gemini based on cost, latency, and accuracy benchmarks per query type. Early internal results cited in The Information piece show a 47% reduction in per-query inference cost while maintaining or improving accuracy on security workloads versus single-model deployments. The project represents Microsoft's clearest signal yet that enterprise AI buyers will not commit to single-vendor model relationships at scale, particularly when per-token pricing differentials across frontier models span 3x to 10x.

How does AI multi-model routing work in cybersecurity?

Multi-model routing in cybersecurity means classifying each incoming query by type—malware hash lookup, phishing URL analysis, CVE enrichment, behavioral anomaly description, threat actor attribution—and then dispatching each type to the model with the best cost-performance ratio for that specific task. A malware hash lookup requiring structured JSON output against a known database might go to a fast, cheap model like GPT-4o mini. A complex threat actor attribution requiring chain-of-thought reasoning across hundreds of signals might go to Claude 4 Opus or Gemini Ultra. A real-time phishing URL classification at scale needs latency under 200ms and goes to a fine-tuned smaller model. The router uses a scoring function that weights accuracy benchmarks (run offline against labeled security datasets), median latency at the 95th percentile, and per-token cost. The result is that no single frontier model handles all traffic—each handles the subset it's best at—and the aggregate cost falls sharply.

Why is Anthropic's Claude dominant in enterprise security AI?

Anthropic's Claude—particularly Claude 3.5 Sonnet and Claude 4 Opus—became the preferred model for enterprise security teams between 2024 and 2026 for three reasons. First, Anthropic's Constitutional AI training produced models that reliably refused to generate attack payloads, credential-stuffing lists, or exploit code when queried at scale, which was a compliance requirement for security tooling at financial institutions and healthcare enterprises. Second, Claude's handling of long-context documents—particularly for reading full malware disassembly output, SIEM log dumps, and incident report narratives—outperformed GPT-4 on early benchmarks. Third, Anthropic invested heavily in enterprise contracts with security vendors including CrowdStrike, Palo Alto Networks, and Mandiant, establishing deep integrations before Microsoft or Google had comparable offerings. The Anthropic-CrowdStrike Falcon AI integration announced in early 2025 made Claude the de facto intelligence backbone for Falcon's AI analyst feature, cementing Anthropic's position.

What are the cost benchmarks for AI models in security workloads?

Published benchmarks and reported enterprise contracts from 2025-2026 show significant pricing variation across frontier models for security workloads. Claude 4 Opus runs approximately $15 per million input tokens and $75 per million output tokens at list pricing as of mid-2026. GPT-4o runs at $5 per million input tokens and $15 per million output tokens. Gemini 1.5 Pro at $3.50 per million input and $10.50 per million output. For a large enterprise running 50 million security query tokens per day—roughly the scale of a Fortune 100 SOC—the difference between all-Claude and a mixed routing approach can exceed $2 million per year in inference costs alone, before volume discounts. Project Perception's 47% cost reduction claim maps closely to this math: routing 60-70% of queries to GPT-4o or Gemini while reserving Claude for complex attribution and long-context reasoning tasks would yield roughly that level of savings.

How should enterprise security teams evaluate multi-model AI routing?

Security teams evaluating multi-model routing should start by classifying their AI query traffic into at least four buckets: structured lookups (hash/IP/domain enrichment), classification tasks (phishing/malware/benign), generation tasks (report writing, alert summarization, playbook drafting), and complex reasoning tasks (threat attribution, incident reconstruction, campaign analysis). Each bucket has different latency requirements, accuracy tolerances, and output format constraints. Run a 30-day benchmark where you route each bucket to your current primary model and two alternatives, scoring on accuracy against ground-truth labels you already have, median latency, and cost per 1,000 queries. The routing decision should be empirical, not vendor-loyalty based. Expect 30-50% cost reduction in typical enterprise SOC workloads by routing structured lookups and classification tasks to cheaper models while reserving expensive frontier reasoning for complex attribution work.

What does Project Perception mean for Anthropic's enterprise revenue?

Project Perception, if widely adopted, represents a structural risk to Anthropic's enterprise revenue concentration in security. Anthropic's disclosed revenue trajectory—reaching $1.4 billion ARR in late 2025—relied heavily on a handful of large enterprise contracts in security and financial services where Claude was the sole or primary model. Multi-model routing frameworks like Project Perception don't eliminate Anthropic from the stack; they change it from a primary contract to a specialty contract. Anthropic's pricing power on complex reasoning workloads remains strong, but the volume of tokens that commands that pricing compresses as routing cuts routine queries to cheaper models. The practical effect: enterprise accounts that were paying $5-10M annually for all-Claude deployments may migrate to hybrid stacks paying $2-4M annually for the same workloads routed intelligently. Anthropic's response has been to invest in faster, cheaper models (Claude Haiku) and enterprise-specific fine-tuning, but the commoditization pressure is real.