AI is changing cybersecurity twice over: as a defensive tool and as a new attack surface. The patent landscape shows where the next moats are forming.
Cybersecurity patents have always been a boardroom afterthought next to the technology they protect. Firewalls got shipped. Patches got written. The IP got filed quietly, somewhere between networking and software, and nobody cared.
That is over.
Between 2016 and 2025, patents sitting at the intersection of cybersecurity and artificial intelligence grew more than 60x. Global AI-security filings cleared 11,200 publications in 2025 alone, up from 180 a decade earlier. Microsoft’s cybersecurity business hit roughly $37B in annual revenue in fiscal 2026 (per recent earnings commentary), and its patent footprint in the category is now the largest in the world. The biggest pure-play defender, Fortinet, is sitting on roughly 1,450 patent families and climbing.
The shift is now visible in the filing data: AI did not just create new attack surfaces. It created a new patent arms race.
For most of the last twenty years, cybersecurity patents clustered in well-understood buckets. Network intrusion detection. Access control. Encryption key management. Endpoint telemetry. The CPC codes H04L63 and G06F21 cover most of the territory, and filings grew steadily but predictably, roughly tracking enterprise IT spend.
Generative AI broke that curve.
Two forces are stacking on top of each other. First, AI is being absorbed into defense. Every major security vendor now markets some flavor of “AI-powered” detection, triage, or response. Second, and more interesting, AI is itself a new attack surface. Prompt injection, training data poisoning, model extraction, and autonomous agent abuse are all patentable technical problems that did not meaningfully exist five years ago.
The result is a filing surge that does not look like anything the category has seen before. See the growth chart: AI-security publications went from under 200 in 2016 to over 11,000 in 2025. That is not a trend. That is a phase change.
The top of the leaderboard is not a surprise. Microsoft, IBM, Cisco, Google, and Intel have been filing cybersecurity patents for decades, and their combined portfolios dwarf everyone else’s. Microsoft alone is pushing approximately 11,800 active cybersecurity families, nearly three times the count of the largest pure-play defender.
The more interesting story is in the next tier.
Huawei and Samsung have built substantial cybersecurity positions, much of it filed in China and Korea first and then selectively extended. This mirrors what we see in other frontier categories: Chinese assignees dominate domestic filings and reserve international protection for a smaller, more strategic subset.
The pure-play defenders (Fortinet, Palo Alto Networks, CrowdStrike, SentinelOne, Zscaler) are smaller in raw count but punch harder per filing. Their patents cluster tightly around revenue-generating products, and they litigate more aggressively. Fortinet’s 1,400+ family portfolio in particular is one of the most operationally focused in the industry.
Three emerging patterns worth noting:
Hyperscalers are quietly building AI-security moats. Microsoft, Google, and Amazon are filing heavily on model safety, prompt injection defenses, and agentic AI guardrails. This is not marketing. It is an attempt to fence off the control-plane layer before it commoditizes.
Pure-play AI-security startups are filing fast. Companies like Protect AI, Lakera, HiddenLayer, and Robust Intelligence are filing on red-teaming, inference-time monitoring, and model theft detection. Volumes are still small, but the filings read like foundational claims.
Defense contractors are showing up again. After a decade of relative quiet, Raytheon, Lockheed, and Northrop are filing in AI-security, particularly around adversarial ML and secure model deployment. This is national-security capital treating AI-security as infrastructure.
Strip away the marketing and the filings cluster into a handful of technical problems. The donut chart below summarizes how AI-security patents from 2023–2025 distribute across threat categories.
The biggest bucket is prompt injection and jailbreaks – roughly 28% of AI-security filings. This tracks OWASP’s 2026 LLM Top 10, which places prompt injection as the #1 application-layer risk for the second year running. Claims here tend to cover input sanitization, instruction hierarchy enforcement, and output constraint checking. Technical surface is wide open and getting wider.
Model theft and extraction sits at about 19%. These filings address the scenario where an attacker queries a hosted model enough times to train a functional clone. Defenses include query rate limiting, watermarking of outputs, and behavioral fingerprinting. Expect more contested claims here as the commercial stakes rise.
Training data poisoning (17%) and output-handling leakage (15%) round out the main defensive postures. Both categories benefit from well-established prior art in data validation and DLP, which makes novelty hard but also makes claim drafting critically important.
Supply chain security for AI (covering both model provenance and data provenance) sits at 13% and is growing fast. Expect this bucket to double within 18 months as regulatory pressure around model bill-of-materials ramps up.
The newest category, agent autonomy abuse (8%), is where the most interesting filings are. These are the first generation of patents addressing multi-step AI agents that can invoke tools, access systems, and take consequential action. The technical problems are early-stage and the claim language is still unsettled, which makes this the single best place for a differentiated portfolio play right now.
Cybersecurity IP has historically been a US-EP-JP story with Chinese filings skewed heavily toward domestic protection. AI-security is bending that.
The strategic takeaway: if you are building in AI-security and you are filing US-only, you are leaving the fastest-growing protection window on the table.
Founders should file around the attack surface they understand best. The window for foundational work in agent autonomy and model provenance is open, but it will not stay open past 2027. One disciplined family tied to a real product architecture is worth far more than fifty boilerplate filings.
Investors should treat IP diligence as part of technical diligence. A small AI-security company with credible filings around prompt-injection defense, model provenance, or agent control is not the same asset as one with only a product demo and a sales pipeline.
Acquirers should look before the auction starts. The strongest AI-security pure-plays will either be bought by platforms or priced like infrastructure companies. The patent position is part of the acquisition thesis, not a legal appendix.
Large enterprises should audit the gap between legacy cybersecurity portfolios and current AI deployments. A security organization deploying agents into production systems is creating technical surface area that older network-security filings may not cover.
Cybersecurity patents used to be the quietest part of the software IP world. Steady growth. Predictable citation patterns. Litigation that rarely made the news. AI blew that up.
The combination of AI as defender and AI as attack surface has produced a 62x growth curve in a decade, a measurable repositioning at the top of the filing leaderboard, and a wide-open technical landscape around prompt injection, agent autonomy, and model provenance. The players who win here over the next three years will be the ones who treat IP as infrastructure, not paperwork.
If your portfolio has not kept up, now is the time.
ipCapital Group is a strategic intellectual property advisory firm. We help founders, CTOs, and in-house counsel build defensible IP positions, audit existing portfolios, and make sharper decisions at the intersection of technology and patent strategy.
Data sources: Minesoft Origin (patent families, CPC H04L63 + G06F21 intersect, AI/ML co-classifications); Stanford HAI AI Index Report 2026; OWASP LLM Top 10 (2026 edition); company earnings reports and public announcements.
Methodology note: Patent counts are approximate family-deduplicated counts drawn from Minesoft Origin as of April 2026. Threat-category percentages are based on hand-classification of a representative sample of AI-security filings from 2023–2025 and should be read as indicative, not exhaustive.
Need to understand what this means for your portfolio? ipCapital Group helps leadership teams turn patent landscapes into practical decisions about filing strategy, competitive diligence, M&A readiness, and monetization.
Start a conversation with ipCapital Group or download the IP Strategy Playbook.
Work with ipCapital Group
From invention to monetization, our team has guided 2,000+ engagements across the full IP lifecycle. Start with a free 30-minute discovery call.
Written by
Seth Cronin