OpenAI launches GPT-5.4-Cyber model days after Anthropic's Mythos sparks global security concerns

In the Wake of Anthropic's Mythos, OpenAI Has a New Cybersecurity Model -- and Strategy

OpenAI on Tuesday announced the next phase of its cybersecurity strategy and a new model specifically designed for use by digital defenders, GPT-5.4-Cyber. The news comes in the wake of an announcement last week by competitor Anthropic that its new Claude Mythos Preview model is only being privately released for now -- because, the company says, it could be exploited by hackers and bad actors. Anthropic also announced an industry coalition, including competitors like Google, focused on how advances in generative AI across the field will impact cybersecurity. OpenAI seemed to be seeking to differentiate its message on Tuesday by striking a less catastrophic tone and touting its existing guardrails and defenses while hinting at the need for more advanced protections in the long term. "We believe the class of safeguards in use today sufficiently reduce cyber risk enough to support broad deployment of current models," the company wrote in a blog post. "We expect versions of these safeguards to be sufficient for upcoming more powerful models, while models explicitly trained and made more permissive for cybersecurity work require more restrictive deployments and appropriate controls. Over the long term, to ensure the ongoing sufficiency of AI safety in cybersecurity, we also expect the need for more expansive defenses for future models, whose capabilities will rapidly exceed even the best purpose-built models of today." The company says that it has homed in on three pillars for its cybersecurity approach. The first involves so-called "know your customer" validation systems to allow controlled access to new models that is as broad and "democratized" as possible. "We design mechanisms which avoid arbitrarily deciding who gets access for legitimate use and who doesn't," the company wrote on Tuesday. OpenAI is combining a model where it partners with certain organizations on limited releases with an automated system introduced in February, known as Trusted Access for Cyber or TAC. The second component of the strategy involves "iterative deployment," or a process of "carefully" releasing and then refining new capabilities so the company can get real-world insight and feedback. The blog post particularly highlights "resilience to jailbreaks and other adversarial attacks, and improving defensive capabilities." Finally, the third focus is on investments that the company says support software security and other digital defense as generative AI proliferates. OpenAI says that the initiative fits into its broader security efforts, including an application security AI agent launched last month known as Codex Security, a cybersecurity grants program that began in 2023, a recent donation to the Linux Foundation to support open source security, and the "Preparedness Framework" that is meant to assess and defend against "severe harm from frontier AI capabilities." Anthropic's claims last week that more capable AI models necessitate a cybersecurity reckoning have been controversial among security experts. Some say the concern is overstated and could feed a new wave of anti-hacker sentiment -- consolidating power even more with tech giants. Others, though, emphasize that vulnerabilities and shortcomings in current security defenses are well known and really could be exploited with new speed and intensity by an even broader range of bad actors in the age of agentic AI.

OpenAI Has a New GPT-5.4-Cyber Model. Here's Why You Can't Use It

OpenAI has a new AI model called GPT 5.4-Cyber, but it's not coming to your ChatGPT. At least not yet. Instead, the company is doing a limited release to verified cybersecurity testers, according to a blog post shared on Tuesday. These experts will put the model through its paces to identify gaps and potential jailbreaks before the model is released to the wider public. OpenAI uses the feedback from these testers for "understanding the differentiated benefits and risks of specific models, improving resilience to jailbreaks and other adversarial attacks, and improving defensive capabilities -- while mitigating harms," the company said. The model release is part of a ramped-up version of OpenAI's Trusted Access for Cyber program, which allows verified cybersecurity professionals and organizations to get early access to models for defense and prevention work. This is a common cybersecurity practice, one made all the more valuable and necessary because of AI. Cyber attackers and defenders alike are armed with AI tools, making cybersecurity an increasingly AI versus AI landscape. When it comes to securing specific AI models, the companies that make them are convinced the latest models are so dangerously powerful that they require extra security. That was the logic behind Anthropic's Project Glasswing, announced last week. Anthropic's next-generation model, Claude Mythos Preview, is apparently so powerful that the company says it has already found security vulnerabilities "in every major operating system and web browser," according to a blog post. Unlike Claude Mythos Preview, which Anthropic said is an entirely new model, OpenAI's GPT-5.4-Cyber is a fine-tuned version of its existing GPT-5.4 large language model. It's been adjusted to focus specifically on cybersecurity and has lower guardrails for security tasks. Essentially, GPT-5.4-Cyber will be less likely to refuse to perform a risky cybersecurity-related task than the normal versions of GPT-5.4. That's so experts can see if and how it could be weaponized by bad actors. The timing of GPT 5.4-Cyber likely isn't coincidental. This is the latest chapter in the ongoing battle for dominance between OpenAI and Anthropic. The companies have been clashing all year to prove their AI models are the most capable, particularly going after government and enterprise contracts. Anthropic kicked off the race with its Claude Cowork and Code tools, which knocked legacy tech companies (and their stock prices) off balance with their agentic abilities. OpenAI was quick to follow with improvements to its Codex coding platform and models, killing off its AI video app Sora to refocus the company's resources.

OpenAI Releases Cyber Model to Limited Group in Race With Mythos

OpenAI is letting a select group of users access a new artificial intelligence model that's meant to be more adept at spotting software security vulnerabilities, one week after rival Anthropic PBC announced a limited release of an AI tool called Mythos. The ChatGPT maker said Tuesday that it's beginning to roll out GPT-5.4-Cyber, which is aimed at finding issues in software so organizations can fix them. GPT-5.4-Cyber also places fewer constraints on the ways users can probe the model for that task, OpenAI said. The model will be offered to some participants of OpenAI's Trusted Access for Cyber program, which the company rolled out in February to let certain customers and cybersecurity professionals try its most capable offerings. OpenAI plans to increase the number of participants in the early access program. Initially, it will let hundreds of users test out the new model, before expanding that to thousands in the coming weeks. Get the Tech Newsletter bundle. Get the Tech Newsletter bundle. Get the Tech Newsletter bundle. Bloomberg's subscriber-only tech newsletters, and full access to all the articles they feature. Bloomberg's subscriber-only tech newsletters, and full access to all the articles they feature. Bloomberg's subscriber-only tech newsletters, and full access to all the articles they feature. Plus Signed UpPlus Sign UpPlus Sign Up By continuing, I agree to the Privacy Policy and Terms of Service. OpenAI and Anthropic have been racing to develop more advanced AI models that can take on a wide range of capabilities, and to convince businesses to pay for them. But as their models have gotten better at coding, and detecting security issues in code, there have been growing concerns about the technology being misused by criminals and state-backed hackers. Already, AI technology is being used to help enable cyberattacks. Last week, Anthropic introduced an AI model called Mythos that it said specializes in identifying and exploiting vulnerabilities across operating systems and web browsers. The company decided to limit the release to a select group of trusted partners, including Amazon.com Inc., Apple Inc. and Microsoft Corp., with the goal of letting them use Mythos to spot issues and safeguard their systems. Mythos quickly sparked concerns among financial firms and government agencies. During a meeting last week with Wall Street leaders, summoned by US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell, executives were warned that they should take the Mythos model seriously, Bloomberg News reported. The Treasury Department's technology team is also seeking to gain access to Mythos so it can begin hunting for vulnerabilities.

Anthropic's Mythos AI model tests limits of global cyber defences

Anthropic's new Mythos AI model is raising concern among governments and companies that it could outpace current cyber security defences, turbocharge hacking and expose weaknesses faster than they can be fixed. The San Francisco-based start-up released a cyber-focused model this month, which has shown the ability to detect software flaws faster than humans but also demonstrated it can generate exploits needed to take advantage of them. In one alarming case, the Mythos model showed it could break out of a secure digital environment to contact an Anthropic worker and publicly reveal software glitches, overriding the intention of its human makers. This week, OpenAI also released its own advanced cyber model with similar capabilities. The developments have led senior international financial officials and government ministers around the world scrambling to understand the dangers, in some cases seeking access to the new models that have only been given to a small number of vetted partners. "This feels like the discovery of fire: a force that can profoundly improve our lives or, if mishandled, cause real harm across the digital world," said Rafe Pilling, director of threat intelligence at cyber firm Sophos. Last week, US Treasury secretary Scott Bessent and Federal Reserve chair Jay Powell summoned some of the largest US banks to discuss the cyber threats the AI model posed. The UK's AI minister Kanishka Narayan told the FT "we should be worried" about the capabilities of the model. These risks are well known within Anthropic. Logan Graham, who leads Anthropic's frontier "red team", which tests the lab's models, said: "Somebody could use [Mythos] to basically exploit en masse very fast in an automated way, and most of the organisations around the world . . . including the most technically sophisticated ones, would not be able to patch things in time." AI tools have already significantly boosted the multibillion-dollar cyber crime industry. They have provided amateur hackers with cheap tools to write harmful software, as well as enabling professional criminals to better automate and scale their operations. "Attacks are already increasing in frequency and sophistication, thanks to AI," said Christina Cacioppo, chief executive at security and compliance firm Vanta. "Most companies aren't prepared to handle the risk because they're still managing security through dated methods that are no match for the speed of AI-enabled attacks," she added. AI-enabled cyber attacks were up 89 per cent in 2025 compared with a year earlier, according to data from security group CrowdStrike. Meanwhile, the average time between an attacker first gaining access to a system and acting maliciously fell to 29 minutes last year, a 65 per cent acceleration from 2024. "The game is asymmetric; it is easier to identify and exploit than to patch everything in time," said one person close to a frontier AI lab. Anthropic's Graham said there were also internal concerns that companies would use Mythos to find "more vulnerabilities than they could hope to deal with in the near future". The heightened fears about AI and cyber security come amid signs that agents, which act autonomously on users' behalf to conduct tasks, could also fuel a further rise in AI-enabled hacking. Last September, Anthropic detected the first reported AI cyber-espionage campaign believed to be co-ordinated by a Chinese state-sponsored group. It manipulated its coding product Claude Code to attempt to infiltrate about 30 global targets, including large tech firms, financial institutions, chemical manufacturers and government agencies. It was successful in a small number of cases and executed without extensive human intervention. Software researcher Simon Willison has warned there is a "lethal trifecta" of capabilities that arise with agents: access to private data; exposure to untrusted content, such as the internet; and the ability to communicate externally. Security professionals argue that the safest way to protect against cyber attacks when using an AI agent is to grant it access to only two of these areas. However, AI experts believe that much of the value from agents comes from granting access to all three. "The bad news is that there is no good solution as of today," said one person close to an AI lab. "The good news is [AI agents aren't] yet in mission-critical settings like the stock exchange, bank ledger or the airport." Stanislav Fort, a former Anthropic and Google DeepMind researcher who has founded AISLE, an AI security platform, said he was optimistic that AI could help to identify and fix a "finite repository" of historical security flaws. To date, AI models have identified thousands of "zero-day" vulnerabilities -- unknown weaknesses in commonly used software -- some of which have been undetected for decades. "We are gradually finding fewer and fewer zero days, of the worst kinds we can imagine," said Fort. Once these weaknesses were eliminated, the technology could be used to "proactively make sure nothing bad comes in [and] meaningfully increase the security level of the whole world as a result". Additional reporting by Kieran Smith in London

OpenAI Launches GPT-5.4-Cyber with Expanded Access for Security Teams

OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model, GPT‑5.4, that's specifically optimized for defensive cybersecurity use cases, days after rival Anthropic unveiled its own frontier model, Mythos. "The progressive use of AI accelerates defenders - those responsible for keeping systems, data, and users safe - enabling them to find and fix problems faster in the digital infrastructure everyone relies on," OpenAI said. In conjunction with the announcement, the artificial intelligence (AI) company said it's ramping up its Trusted Access for Cyber (TAC) program to thousands of authenticated individual defenders and hundreds of teams responsible for securing critical software. AI systems are inherently dual-use, as bad actors can repurpose technologies developed for legitimate applications to their own advantage and achieve malicious goals. One core area of concern is that adversaries could invert the models fine-tuned for software defense to detect and exploit vulnerabilities in widely-used software before they can be patched, exposing users to significant risks. OpenAI said the goal is to democratize access to its models while minimizing such misuse, as well as strengthening its safeguards through a deliberate, iterative rollout. The idea is to enable responsible use at scale, give defenders a head start, and simultaneously shore up guardrails against jailbreaks and adversarial prompt injections as model capabilities become more advanced. "As model capabilities advance, our approach is to scale cyber defense in lockstep: broadening access for legitimate defenders while continuing to strengthen safeguards," the company added. The ChatGPT maker, which launched Codex Security as a way to find, validate, and propose fixes for vulnerabilities, revealed that the AI-powered application security agent has contributed to over 3,000 critical and high fixed vulnerabilities. OpenAI's limited release follows the preview of Anthropic's Mythos, a frontier model that's being deployed in a controlled manner as part of Project Glasswing. The model, the company said, found "thousands" of vulnerabilities in operating systems, web browsers, and other software. "The strongest ecosystem is one that continuously identifies, validates, and fixes security issues as software is written," OpenAI said. "By integrating advanced coding models and agentic capabilities into developer workflows, we can give developers immediate, actionable feedback while they are building, shifting security from episodic audits and static bug inventories to ongoing, tangible risk reduction."

OpenAI unveils GPT-5.4-Cyber a week after rival's announcement of AI model

April 14 (Reuters) - OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model fine-tuned specifically for defensive cybersecurity work, following rival Anthropic's announcement of frontier AI model Mythos. Mythos, announced on April 7, is being deployed as part of Anthropic's "Project Glasswing", a controlled initiative under which select organizations are permitted to use the unreleased ⁠Claude Mythos Preview model for defensive cybersecurity purposes. It has found "thousands" of major vulnerabilities in operating systems, web browsers and other software. OpenAI, creator of popular chatbot ChatGPT, said that GPT-5.4-Cyber will initially be rolled out on a limited basis to vetted security vendors, organizations and researchers because of its more permissive design. The ⁠company is also expanding its Trusted Access for Cyber program to thousands of verified individual defenders and hundreds of teams protecting critical software, it said in a ⁠post on its website. OpenAI is adding new tiers to its TAC program, which was launched in February, with higher levels ⁠of verification unlocking more powerful capabilities. Users approved for the highest tier will gain access to GPT-5.4-Cyber, ⁠which has fewer restrictions on sensitive cybersecurity tasks such as vulnerability research and analysis. Reporting by Juby Babu in Mexico City; Editing by Maju Samuel Our Standards: The Thomson Reuters Trust Principles., opens new tab

OpenAI's new GPT-5.4-Cyber can reverse engineer binaries, and it wants thousands of defenders using it

* OpenAI expands Trusted Access for Cyber to thousands of verified defenders and hundreds of critical-defense teams. * GPT-5.4-Cyber lowers refusal limits and adds binary reverse-engineering for malware and vulnerability analysis. * Trusted Access for Cyber sign-ups open; apply to join TAC for GPT-5.4-Cyber and related defensive tools. AI has had a very strange effect on the world of cybersecurity. Using artificial intelligence to spot, stop, and prevent virus infections is very useful, and they're especially good at identifying if an email is from a legitimate business or a scammer. At the same time, malicious actors are using AI to craft better viruses than ever before, and are especially good at creating realistic voices and messages to fool people. Fortunately, the 'blue team' in cybersecurity got a huge boost earlier this week, after the AI giant Anthropic revealed Mythos for defense purposes and Glasswing to bring a framework to fruition. Now, ChatGPT has revealed its own takes on Anthropic's releases, with GPT‑5.4‑Cyber as the model and an expanded Trusted Access for Cyber (TAC) as the framework. I cancelled my ChatGPT, Perplexity, and Gemini subscriptions for Claude -- and I should have sooner Wish I did this sooner. Posts 50 By Mahnoor Faisal OpenAI reveals its cybersecurity plans soon after Anthropic's own The company is getting serious Over on the OpenAI blog, the company has laid out its plans for its work in the cybersecurity world. It wants to expand its TAC framework to "thousands of verified individual defenders and hundreds of teams responsible for defending critical software." That way, the people who are most in need of AI-powered cybersecurity tools will now have an easier time accessing them. The end goal is to make these specialist tools "as widely available as possible" without handing over the front door keys to malicious actors to exploit. There's also a new model called GPT-5.4-Cyber. While it's always exciting when OpenAI announces a new model, you won't be using this one to book flights or generate images. As the blog post describes it: This is a version of GPT‑5.4 which lowers the refusal boundary for legitimate cybersecurity work and enables new capabilities for advanced defensive workflows, including binary reverse engineering capabilities that enable security professionals to analyze compiled software for malware potential, vulnerabilities and security robustness without needing access to its source code. If you're a part of TAC, or you want to become a part of it, you can sign up and read more about these changes over on the Trusted Access for Cyber website. Anthropic just dropped its core AI safety promise, and that should worry you History doesn't repeat itself, but AI companies sure do. Posts 1 By Mahnoor Faisal

Like Anthropic, OpenAI Will Share Latest Technology Only With Trusted Companies

The maker of ChatGPT announced the limited release of GPT-5.4-Cyber, a technology designed to find security holes in software. A week after Anthropic said it would limit the release its latest artificial intelligence technology to a small number of trusted organizations because of cybersecurity concerns, OpenAI said on Tuesday that it, too, was sharing a similar technology only with a group of partners. OpenAI, the maker of ChatGPT, said in a blog post that it would initially share a new A.I. model called GPT‑5.4‑Cyber with hundreds of organizations, before expanding the release to thousands of additional partners in the coming weeks. "Our goal is to make these tools as widely available as possible while preventing misuse," the company said. "We aim to make advanced defensive capabilities available to legitimate actors large and small, including those responsible for protecting critical infrastructure, public services, and the digital systems people depend on every day." Like Anthropic's technology, Claude Mythos Preview, GPT-5.4-Cyber is designed to identify security holes in software. Like other tools developed across the long history of cybersecurity, the technology can be used to both attack computer networks and defend them. By releasing the technology to a smaller group, OpenAI, like Anthropic, hopes to give defenders an edge over attackers. Before Anthropic unveiled Mythos last week, Zico Kolter, an OpenAI board member, called for such an approach in an interview with The New York Times. "Four or five months ago, we had a step change in what these systems could do," said Dr. Kolter, a professor of computer science at Carnegie Mellon University who specializes in security and A.I. But security experts disagree on the best way to handle such technologies. If they are not widely distributed from the beginning, some argue, they will ultimately pose a greater security risk because fewer organizations will be able to defend themselves using the most powerful systems. Over the past several months, products from the leading A.I. companies have grown more effective in areas like math and computer programming. Because they are adept at coding, they have a knack for finding security vulnerabilities in widely used software. Companies like OpenAI have also honed technologies specifically for this task. (The Times sued OpenAI and Microsoft in 2023 for copyright infringement of news content related to A.I. systems. The two companies have denied those claims.) OpenAI said it would share its new systems with hundreds of members of its Trusted Access for Cyber program, which it unveiled in February as a way to share technologies with cybersecurity professionals and other partners. The company also said it would reduce cybersecurity-related guardrails on its systems so that professionals could more easily use them to find security vulnerabilities. But as it shares its technologies, it will also work to verify the identity of users in an effort to prevent misuse. Last week, Anthropic limited the release of Claude Mythos to about 40 companies and organizations that maintain critical infrastructure, including the tech giants Apple, Amazon, Microsoft and Google, as well as the Linux Foundation, which oversees the Linux operating system, freely available software that is widely used across the internet.

OpenAI releases GPT-5.4-Cyber for vetted security teams, scaling Trusted Access programme

In short: OpenAI is releasing GPT-5.4-Cyber, a model fine-tuned for defensive cybersecurity with lowered refusal boundaries and binary reverse engineering capabilities, and scaling its Trusted Access for Cyber programme to thousands of verified defenders. The move comes a week after Anthropic restricted its more powerful Mythos model to just 11 organisations, setting up a philosophical split: OpenAI bets on broad verified access while Anthropic opts for tightly gated deployment. OpenAI is opening up its most capable cybersecurity model to thousands of vetted defenders, releasing GPT-5.4-Cyber and expanding its Trusted Access for Cyber programme in what amounts to a direct response to Anthropic's Project Glasswing announcement last week. GPT-5.4-Cyber is a variant of GPT-5.4 fine-tuned specifically for defensive security work. Its defining feature is a lower refusal boundary: where standard models block sensitive queries about vulnerability research, exploit analysis, or malware behaviour, this version is designed to answer them, provided the user has been verified as a legitimate security professional. The model also introduces binary reverse engineering capabilities, letting analysts examine compiled software for weaknesses without access to source code. The model sits inside OpenAI's Trusted Access for Cyber (TAC) programme, which the company first launched in February alongside a $10 million cybersecurity grant fund. TAC is an identity-and-trust framework that gates access to more capable models behind verification tiers. Individual users can authenticate at chatgpt.com/cyber. Enterprises can request team-wide access through an OpenAI representative. Security researchers who need the most permissive capabilities can apply for an invite-only tier. The April update scales the programme from a limited pilot to what OpenAI describes as "thousands of verified individual defenders and hundreds of teams responsible for defending critical software." The company is adding new tiers, with higher verification levels unlocking more powerful features. Users approved for the top tier gain access to GPT-5.4-Cyber. There is a catch: the highest-tier users may be required to waive Zero-Data Retention, meaning OpenAI retains visibility into how the model is being used. The approach represents a philosophical shift. Rather than relying primarily on model-level restrictions to prevent misuse, OpenAI is moving towards an access-control model that verifies who is asking before deciding what the model will answer. The company frames this around three principles: democratised access using objective verification criteria, iterative deployment that updates safety systems as risks emerge, and ecosystem resilience through grants and open-source contributions. OpenAI's timing is impossible to read without reference to Anthropic's Project Glasswing, announced on 7 April. Anthropic revealed that its Claude Mythos Preview model had autonomously discovered thousands of zero-day vulnerabilities across every major operating system and web browser, including a 27-year-old bug in OpenBSD and a 17-year-old remote code execution flaw in FreeBSD that Mythos identified, exploited, and documented without human intervention. Anthropic's response was to restrict access severely: Mythos Preview is available only to 11 organisations, including Apple, Google, Microsoft, AWS, Cisco, CrowdStrike, and JPMorgan Chase, under a $100 million defensive initiative. The model is not publicly available, and Anthropic has said it may never be, given the risk that its exploit-generation capabilities could be misused. OpenAI is taking the opposite bet. GPT-5.4-Cyber is less capable than Mythos in raw vulnerability discovery, but OpenAI is making it available to a far broader audience. The implicit argument is that restricting powerful security tools to a handful of tech giants leaves the vast majority of organisations, including those defending critical infrastructure, hospitals, municipal governments, and small security firms, without access to the same calibre of defensive technology. Beyond lowered refusal boundaries, the model is built for workflows that standard ChatGPT handles poorly or refuses outright. Binary reverse engineering is the headline feature: security analysts can feed compiled executables into the model and receive analysis of potential malware behaviour, embedded vulnerabilities, and structural weaknesses. This is work that traditionally requires specialised tools like IDA Pro or Ghidra and significant manual expertise. The model also handles dual-use queries, questions about attack techniques, exploit chains, and vulnerability classes, that standard models flag as potentially harmful. OpenAI says earlier GPT versions sometimes refused to answer legitimate defensive queries, creating friction for security professionals who needed the model to reason about adversarial techniques in order to defend against them. Codex Security, OpenAI's automated code-scanning tool, complements the model. Since its launch, Codex Security has contributed to more than 3,000 critical and high-severity vulnerability fixes across the open-source ecosystem. It now covers more than 1,000 open-source projects through a free scanning programme. The fundamental tension in cybersecurity AI is that the same capabilities that help defenders also help attackers. A model that can reverse-engineer binaries for defensive analysis can, in principle, be used to find exploitable flaws for offensive purposes. OpenAI's answer is that verification and monitoring are more effective safeguards than blanket refusal. The company is betting that KYC-style identity verification, tiered access, and retained usage data will deter misuse more effectively than a model that refuses to discuss exploit techniques, and which sophisticated adversaries can jailbreak anyway. Research published in January found that adaptive prompt injection attacks succeed against even state-of-the-art defences more than 85% of the time, suggesting that refusal-based safety is a losing game. But the monitoring requirement raises its own questions. Requiring top-tier users to waive Zero-Data Retention means OpenAI will see what security researchers are doing with the model, which vulnerabilities they are investigating, which systems they are probing, and which exploits they are analysing. For security teams working on sensitive or classified infrastructure, that visibility may be a dealbreaker. It also creates a single point of compromise: if OpenAI's logs are breached, they become a roadmap to unpatched vulnerabilities across the organisations using the programme. Between Anthropic's restricted Mythos, OpenAI's verified-access GPT-5.4-Cyber, and Anthropic's separate $100 million Glasswing fund, the cybersecurity AI market is splitting into two camps. One camp says these models are too dangerous for broad access and must be gated behind invitation-only consortiums. The other says broad access, with verification, is the only way to ensure that defenders are not outgunned by adversaries who face no such constraints. The EU AI Act, whose most substantive obligations take effect on 2 August 2026, will add another variable. High-risk AI systems, a category likely to encompass security automation tools, will need to demonstrate compliance with requirements around risk management, data governance, transparency, and human oversight. How tiered-access cybersecurity models fit within that framework remains an open question that neither OpenAI nor Anthropic has fully addressed. For now, the practical reality is that the world's two most prominent AI companies are racing to equip cybersecurity professionals with models capable of finding and analysing vulnerabilities at a speed and scale that was impossible a year ago. Whether that race produces a safer internet or a more dangerous one depends on how well the guardrails hold.

OpenAI releases new cyber security model to limited group of customers

OpenAI has released a model focused on cyber security to a select group of customers, a week after a similar move by rival Anthropic, amid rising concern about AI's ability to exploit software vulnerabilities. The model, called GPT-5.4-Cyber, is designed to autonomously find flaws or bugs in software, alerting cyber security professionals to fix the issues before they are exploited by bad actors. Its launch on Tuesday comes a week after rival Anthropic released its Mythos model, which has similar capabilities, to a small number of organisations. AI labs are concerned that these powerful new models could help hackers and render many current cyber security defences obsolete. The launch of Anthropic's model also knocked software stocks as investors were spooked by how such tools would affect the sector. "Cyber risk is already here and accelerating, but we can act," OpenAI said in a blog announcing its model. "Digital infrastructure has already been vulnerable for years, before advanced AI even came along." Anthropic has said Mythos has already detected thousands of severe vulnerabilities, including in "every major operating system and web browser", some of which had been undetected for decades. An earlier OpenAI cyber security product called Codex Security, released in March, had contributed to fixing more than 3,000 critical and high-priority vulnerabilities, the company said. GPT-5.4-Cyber has been trained to have fewer restrictions than generally available OpenAI models in order to increase its abilities. Both Anthropic and OpenAI have said these tools can help as a line of defence against hackers, who are using AI to find and exploit cyber weaknesses. The AI cyber security arms race has caused concern among governments and financial institutions. Last week, US Treasury secretary Scott Bessent and Federal Reserve chair Jay Powell summoned some of the largest US banks to discuss the cyber risks Mythos posed. Financial regulators and banks have also discussed the model. OpenAI on Tuesday said its new model would be released to members of a trusted access programme for cyber security that it created in February. Customers and professionals are vetted and go through a security process before being granted access to the programme. "Our goal is to make these tools as widely available as possible while preventing misuse," it added. OpenAI said the new model was available only to the highest tier of the programme, but it would seek to expand access in future. The company has not yet disclosed any of its partners.

OpenAI unveils GPT‑5.4‑Cyber, an AI model for defensive cybersecurity - 9to5Mac

OpenAI has announced a new AI model called GPT-5.4-Cyber. Similar to Anthropic's Claude Mythos, this new "cyber-permissive" variant of its GPT-5.4 is built for defensive cybersecurity and not public use. OpenAI says that its new GPT-5.4-Cyber variant of GPT-5.4 is specifically meant to prepare the way for more capable models coming this year. In preparation for increasingly more capable models from OpenAI over the next few months, we are fine-tuning our models specifically to enable defensive cybersecurity use cases, starting today with a variant of GPT‑5.4 trained to be cyber-permissive: GPT‑5.4‑Cyber. Access to GPT-5.4-Cyber is limited to "the highest tier" of "users willing to work with OpenAI to authenticate themselves as cybersecurity defenders." OpenAI says this is because GPT-5.4-Cyber is "purposely fine-tuned for additional cyber capabilities and with fewer capability restrictions." This is a version of GPT‑5.4 which lowers the refusal boundary for legitimate cybersecurity work and enables new capabilities for advanced defensive workflows, including binary reverse engineering capabilities that enable security professionals to analyze compiled software for malware potential, vulnerabilities and security robustness without needing access to its source code. Because this model is more permissive, we are starting with a limited, iterative deployment to vetted security vendors, organizations, and researchers. The rollout is part of an expanded version of Trusted Access for Cyber, a cybersecurity initiative launched by OpenAI earlier this year. The company highlights two methods for gaining access to Trusted Access for Cyber:

'Trusted access for the next era of cyber defense': OpenAI reveals its Mythos rival, designed for cybersecurity pros to spot the next level of attacks

OpenAI is releasing GPT-5.4-Cyber and teases even better models down the line * OpenAI launches GPT‑5.4‑Cyber, a cyber‑defense variant of GPT‑5.4 * Model adds reverse engineering and lower refusal boundaries for defenders * Available via Trusted Access for Cyber program, scaled to thousands of verified users The AI-powered cybersecurity race has reached a new level after OpenAI announced a new model to rival Anthropic Mythos. The company revealed the launch of GPT-5.4-Cyber, a modified version of the GPT-5.4 model designed for cybersecurity defense operations. The main difference is lower refusal boundaries for legitimate cybersecurity tasks, which OpenAI describes as the tool being more "cyber-permissive." The model now comes with binary reverse engineering capabilities, allowing analysts to hunt for malicious code in programs and apps. TIered system and new announcements OpenAI is seemingly trying to frame Mythos' limited access as a disadvantage, promising a more "democratized" solution instead - and while GPT-5.4-Cyber will be more open than Mythos, it still won't be available to anyone. The tool will still only be available to members of the Trusted Access for Cyber (TAC) program, but OpenAI said it is now scaling it to "thousands of verified individual defenders and hundreds of teams responsible for defending critical software." The program will now have a tiered verification system, with the highest tier unlocking GPT-5.4-Cyber. Those interested in partaking in TAC can go to chatgpt.com/cyber, while enterprises are advised to reach out to their OpenAI representative. Those who are already part of the program can apply for higher tiers, as well. OpenAI also said the release is in preparation of an even more capable AI model, due later this year. "In preparation for increasingly more capable models from OpenAI over the next few months, we are fine-tuning our models specifically to enable defensive cybersecurity use cases, starting today with a variant of GPT‑5.4 trained to be cyber-permissive: GPT‑5.4‑Cyber," the announcement said. Mythos is an AI model allegedly so powerful that Antrhopic only gave it to a handful of the biggest software companies, such as Microsoft, Apple, and Google. The tool, they claim, was able to find decades-old vulnerabilities with ease which could, in the wrong hands, be catastrophic. Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button! And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

OpenAI follows Anthropic's lead in limited release of GPT‑5.4‑Cyber

OpenAI has unveiled GPT-5.4-Cyber, a new AI model that may be willing to accept seemingly malicious prompts in the name of cybersecurity. Fortunately, the ChatGPT developer won't let just anyone play with its less restrictive, more freewheeling AI. Announced via a blog post on Tuesday, GPT-5.4-Cyber is a variant of OpenAI's publicly available GPT-5.4 large language model. According to OpenAI, its frontier AI models such as GPT-5.4 have safeguards against clearly malicious use, making them refuse harmful user requests such as stealing credentials or finding vulnerabilities in code. In contrast, the company's new GPT-5.4-Cyber model is trained to be more lenient, and potentially accept these prompts instead. Describing GPT-5.4-Cyber as "cyber-permissive," OpenAI states that this change is to allow the AI to be used for defensive cybersecurity measures, such as helping researchers find vulnerabilities to be addressed. "We want to empower defenders by giving broad access to frontier capabilities, including models which have been tailor-made for cybersecurity," wrote OpenAI. "This is a version of GPT‑5.4 which lowers the refusal boundary for legitimate cybersecurity work and enables new capabilities for advanced defensive workflows." Given the potential danger posed by GPT-5.4-Cyber's lowered safeguards, not everyone will be able to immediately dive in to push the AI's arguably flexible ethical limits even further. OpenAI states that it is starting with "limited, iterative deployment to vetted security vendors, organizations, and researchers." As such, only members of its Trusted Access for Cyber⁠ (TAC) program will be given access to GPT-5.4-Cyber at present, and only those at its highest tiers. Introduced in February, TAC is a network of users who have been through OpenAI's automated identity verification process, including completing a government ID check. Once approved, users in OpenAI's TAC program are allowed access to versions of its AI models with fewer safeguards, such as GPT‑5.4‑Cyber. OpenAI states that this is intended to enable cybersecurity research, education, and programming. Not every TAC-approved user will immediately get their hands on GPT-5.4-Cyber, however. OpenAI states that users who aren't already part of TAC's higher tiers may request access to it, which will require going through further authentication to verify themselves as "legitimate cyber defenders." GPT-5.4-Cyber's reveal comes just one week after OpenAI competitor Anthropic announced Project Glasswing. Like TAC, Project Glasswing is an initiative that restricts Anthropic's cybersecurity-focused Claude Mythos Preview AI model to select approved organisations. Claiming that Claude Mythos Preview "has already found thousands of high-severity vulnerabilities," Anthropic stated that Project Glasswing was an effort to ensure its AI model was used for solely defensive cybersecurity purposes. "Given the rate of AI progress, it will not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely," Anthropic wrote.

OpenAI expands access to cyber AI as hacking risks grow

Why it matters: The roadmap coincides with the release of a new model variant, GPT-5.4-Cyber, designed to assist with defensive cybersecurity tasks and be more permissive for vetted users. * Axios first reported on the new cybersecurity product. Between the lines: OpenAI is shifting its approach to cyber risk to focus less on restricting what models can do and more on verifying who gets access to the most sensitive capabilities. * The company says it aims to make tools "as widely available as possible while preventing misuse" through identity verification and monitoring systems, according to a blog post. * OpenAI plans to expand access to thousands of individuals and hundreds of security teams through its already-established Trusted Access for Cyber program, provided they complete verification checks. The intrigue: OpenAI's approach differs from Anthropic's more restrictive rollout, where only about 40 organizations are getting access to Mythos Preview. * Anthropic warned that its model was so adept at its finding and exploiting security flaws that it was simply too dangerous to release widely. * OpenAI is responding to similar security risks by trying to make its tools more widely available for defensive cyber work while still preventing nefarious actors from accessing them. It's a difficult balance to strike. Zoom in: OpenAI is adding new tiers to its Trusted Access for Cyber program, which launched earlier this year, with higher levels of verification unlocking more powerful capabilities. * Users approved for the highest tier will gain access to GPT-5.4-Cyber, which has fewer restrictions on sensitive cybersecurity tasks, such as vulnerability research and analysis. * The model is designed to reduce "unnecessary friction" for legitimate security work, after some cyber partners said they ran into issues with earlier GPT models sometimes refusing to answer dual-use cyber queries. What they're saying: "This is a team sport, we need to make sure that every single team is empowered to secure their systems," Fouad Matin, a cyber researcher at OpenAI, told reporters. "No one should be in the business of picking winners and losers when it comes to cybersecurity." Yes, but: The rollout will be gradual. OpenAI says initial access to the more permissive model will be limited to vetted security vendors, organizations and researchers, but broader availability will scale over time. * The company also expects onboarding to take time as it reviews and verifies users. The intrigue: OpenAI is not currently offering GPT-5.4-Cyber access to U.S. government agencies, but the company told reporters it is in ongoing discussions and will evaluate access through internal governance and safety review processes. Reality check: Some security experts argue that many vulnerabilities identified by AI tools are not necessarily novel or easily exploitable. * However, the speed at which these models are finding security flaws -- and their rapid pace of advancement -- is worrying government officials and global business leaders. What to watch: Running models with these capabilities requires a lot of computing power. Not everyone will be willing to pay the price to run them on their environments.

OpenAI expands cybersecurity program, launches GPT-5.4-Cyber

A new model called GPT-5.4-Cyber and a broader rollout of the Trusted Access for Cyber (TAC) program are at the center of OpenAI's latest push into defensive security -- extending verified access to thousands of individual professionals and hundreds of teams guarding critical software, with the model offering relaxed capability restrictions compared to standard deployments. GPT-5.4-Cyber is a variant of GPT-5.4 trained to be more permissive for legitimate security tasks. It includes binary reverse engineering capabilities, which allow security professionals to analyze compiled software for malware, vulnerabilities, and security robustness without access to source code. Because the model carries higher risk than standard deployments, OpenAI said it is beginning with a limited rollout to vetted security vendors, organizations, and researchers. On the access side, the program now distinguishes between multiple verification pathways: individuals can confirm their credentials at chatgpt.com/cyber, enterprises can go through an OpenAI representative to bring their entire team into the program, and existing TAC participants who undergo further authentication as genuine security defenders become eligible to request GPT-5.4-Cyber. OpenAI said the program's expansion comes ahead of the release of more capable models in the coming months. The company said GPT-5.4 has been classified as a "high" cyber capability model under its Preparedness Framework, and that cyber-specific safety training began with GPT-5.2 before being expanded through subsequent releases. The company also reported that Codex Security -- a tool that automatically monitors codebases, validates issues, and proposes fixes -- has contributed to more than 3,000 critical and high fixed vulnerabilities since its recent launch. OpenAI said access to more permissive models may come with limitations, including restrictions on Zero-Data Retention uses where the company has less visibility into how the model is being deployed. OpenAI first disclosed plans for the TAC program and a cybersecurity-focused model earlier this year, positioning itself against Anthropic in the market for AI systems built for security work. Anthropic's competing program, Project Glasswing, set aside up to $100 million in usage credits for its Mythos model and limited its initial rollout to twelve partners -- including Amazon $AMZN Web Services, Apple $AAPL, Cisco $CSCO, CrowdStrike $CRWD, Google $GOOGL, JPMorganChase, Microsoft $MSFT, and Nvidia $NVDA -- each contractually bound to use the model for defensive security work only. OpenAI's cybersecurity efforts also include a $10 million Cybersecurity Grant Program and free security scanning for open-source projects through Codex for Open Source, which has reached more than 1,000 projects, the company said.

Anthropic's Alarming Mythos Findings Replicated With Off-the-Shelf AI, Researchers Say - Decrypt

Findings indicate AI cyber capabilities may be spreading faster than expected. When Anthropic unveiled Claude Mythos earlier this month, it locked the model behind a vetted coalition of tech giants and framed it as something too dangerous for the public. Treasury Secretary Scott Bessent and Fed Chair Jerome Powell convened an emergency meeting with Wall Street CEOs. The word "vulnpocalypse" resurfaced in security circles. And now a team of researchers has further complicated that narrative. Vidoc Security took Anthropic's own patched public examples and tried to reproduce them using GPT-5.4 and Claude Opus 4.6 inside an open-source coding agent called opencode. No Glasswing invite. No private API access. No Anthropic internal stack. "We replicated Mythos findings in opencode using public models, not Anthropic's private stack," Dawid Moczadło, one of the researchers involved in the experiment, wrote on X after publishing the results. "A better way to read Anthropic's Mythos release is not 'one lab has a magical model.' It is: the economics of vulnerability discovery are changing." The cases they targeted were the same ones Anthropic highlighted in its public materials: a server file-sharing protocol, the networking stack of a security-focused OS, the video-processing software embedded in almost every media platform, and two cryptographic libraries used to verify digital identities across the web. Both GPT-5.4 and Claude Opus 4.6 reproduced two bug cases in all three runs each. Claude Opus 4.6 also independently rediscovered a bug in OpenBSD three times straight, while GPT-5.4 scored zero on that one. Some bugs (one involving the FFmpeg library to run videos and another involving the processing of digital signatures with wolfSSL) came back partial -- meaning the models found the right code surface but didn't nail the precise root cause. Every scan stayed below $30 per file, meaning researchers were able to find the same vulnerabilities as Anthropic while spending less than $30 to do it. "AI models are already good enough to narrow the search space, surface real leads, and sometimes recover the full root cause in battle-tested code," Moczadło said on X. The workflow they used wasn't a one-shot prompt. It mirrored what Anthropic itself described publicly: give the model a codebase, let it explore, parallelize attempts, filter for signal. The Vidoc team built the same architecture with open tooling. A planning agent split each file into chunks. A separate detection agent ran on each chunk, then inspected other files in the repo to confirm or rule out findings. The line ranges inside each detection prompt -- for example, "focus on lines 1158-1215" -- weren't chosen by the researchers manually. They were outputs from the prior planning step. The blog post makes this explicit: "We want to be explicit about that because the chunking strategy shapes what each detection agent sees, and we do not want to present the workflow as more manually curated than it was." The study doesn't claim public models match Mythos on everything. Anthropic's model went further than just spotting the FreeBSD bug -- it built a working attack blueprint, figuring out how an attacker could chain code fragments together across multiple network packets to seize full control of the machine remotely. Vidoc's models found the flaw. They didn't build the weapon. That's where the real gap sits: not in finding the hole, but in knowing exactly how to walk through it. But Moczadło's argument isn't really that public models are equally powerful. It's that the expensive part of the workflow is now available to anyone with an API key: "The moat is moving from model access to validation: finding vulnerability signal is getting cheaper; turning it into trusted security work is still hard." Anthropic's own safety report acknowledged that Cybench, the benchmark used to measure whether a model poses serious cyber risk, "is no longer sufficiently informative of current frontier model capabilities" because Mythos cleared it entirely. The lab estimated comparable capabilities would spread from other AI labs within six to 18 months. The Vidoc study suggests the discovery side of that equation is already available outside any gated program. Their full prompt excerpts, model outputs, and methodology appendix are published at the lab's official site.

OpenAI unveils model with limited rollout days after Anthropic

Chat GPT 5.4 Cyber has fewer restrictions for cybersecurity questions for the verified professionals that will use it. OpenAI has launched a new AI model focused on cyber defence, days after the release of rival Anthropic's Claude Mythos sparked concern about the threat posed by increasingly powerful AI to global cybersecurity. GPT 5.4 Cyber, a variant of OpenAI's flagship GPT 5.4 model, has fewer restrictions on cybersecurity-related queries when used for legitimate, defensive purposes, the company said. It also adds capabilities for advanced security work, including binary reverse engineering, which allows researchers to analyse compiled software for malware and vulnerabilities without needing access to its source code. Because the model is more permissive than standard versions, OpenAI said the rollout will be limited to vetted security vendors, organisations and researchers through its Trusted Access for Cyber programme. The launch comes one week after Anthropic unveiled Claude Mythos Preview, a model it says can identify thousands of previously unknown, high-severity vulnerabilities across major operating systems and web browsers, capabilities it judged too dangerous for a full public release. In late March, a data leak revealed that Anthropic was developing a new AI model that its own engineers warned posed "unprecedented cybersecurity risks". The model, Claude Mythos Preview, has since been released in restricted form as part of Project Glasswing, Anthropic's effort to use the technology to harden critical software before it falls into the wrong hands. Anthropic said the model is too dangerous for a full public release because of the scale and sophistication of the cyberattacks it could enable. In tests, the model was able to find previously unknown flaws in the Linux kernel -- which underpins most of the world's servers -- and chain them together into working exploits capable of giving an attacker full control over affected devices. Access to Mythos Preview has been restricted to 12 founding partners, including Amazon Web Services, Apple, Microsoft, Google and Cisco, as well as more than 40 other organisations responsible for critical software infrastructure.

OpenAI announces restricted-access cybersecurity model

Paris (France) (AFP) - Artificial intelligence company OpenAI said Tuesday that it would release its latest cybersecurity model to a limited number of partners, after rival Anthropic also restricted release of a new system that uncovered thousands of vulnerabilities. The restricted releases by two of the biggest names in the field reflect fears of an AI-enabled arms race between defenders and hackers, who could use the latest tools to cause havoc. "Our goal is to make these tools as widely available as possible while preventing misuse," OpenAI wrote in a blog post. Anthropic offered its latest Claude Mythos model to just 40 major tech players last week in an initiative dubbed Project Glasswing. OpenAI's GPT-5.4-Cyber will be available to "the highest tiers" of people and organisations in its Trusted Access for Cyber (TAC) scheme. That programme encompasses "thousands of verified individual defenders and hundreds of teams responsible for defending critical software," the company said, without naming any of the partners. Although not specifically trained for the field, Anthropic's Mythos wowed many cybersecurity experts by uncovering vulnerabilities in widely-used software. Some of them had gone unnoticed for years or even decades. Media reported Friday that major American bank chiefs met US Treasury Secretary Scott Bessent and Federal Reserve Chairman Jerome Powell to discuss the system's dangers to the financial sector. The Mythos release followed several months of excitement in Silicon Valley about generative AI's growing capability in producing and evaluating computer code. Those same capabilities enable the models to find bugs and security flaws that could be exploited -- although developers attempt to build in safeguards so their publicly available models will refuse malicious requests. GPT-5.4-Cyber is "trained to be cyber-permissive" so that defenders can use it to test their own systems for vulnerabilities without encountering as many refusals, OpenAI said. Anthropic said as it unveiled Mythos that its strict access limits were designed to give defenders a head start in fixing vulnerabilities before they could be exploited by attackers. "We don't think it's practical or appropriate to centrally decide who gets to defend themselves," OpenAI said Tuesday. "Instead, we aim to enable as many legitimate defenders as possible" using "systems that can validate trustworthy users and use cases in more automated and more objective ways," it added.

Mythos remains a mystery as security world faces rising threats, agentic attacks and concerns about AI integrity - SiliconANGLE

Mythos remains a mystery as security world faces rising threats, agentic attacks and concerns about AI integrity Anthropic PBC's Claude Mythos model has emerged as the most widely discussed artificial intelligence solution without being fully released. Information about the model, which reportedly has the ability to analyze software at large scale, find bugs in hardened software ecosystems, and identify vulnerabilities, has been tightly controlled by Anthropic. That situation did not change much on Monday when Anthropic Head of Threat Intelligence Jacob Klein (pictured) spoke at the SANS Cybersecurity Summit in a hotel just outside of Washington D.C., although he did provide a hint of the model's capabilities during his appearance. Klein offered a brief description of the model's power in the context of how rapidly AI has changed the cybersecurity world and vowed transparency in the months ahead. "It's very good at finding vulnerabilities and chaining them together for an exploit," Klein told the group. "You have to rethink what your risk picture looks like now. The landscape has changed today. There is a trade-off that we have to balance out. We will be transparent, and I would hope that the other labs will have the same level of visibility." Klein's appearance at the SANS Institute's gathering comes at a time when the pace of AI-related breaches has picked up dramatically. Over the past weekend, cloud development platform Vercel Inc. disclosed that its internal systems had been breached through a compromise of Context.ai, a third-party tool used by a Vercel employee. Hackers have since claimed to have stolen customer credentials from Vercel and have made the data available for sale online. This followed a report earlier this month that a North Korean threat actor inserted malicious code into the widely used Java script library Axios, as adversaries have used AI to probe every link in the supply chain. Events such as these and the discussion surrounding Mythos prompted a meeting at the White House between the Treasury Secretary and the chief executive of Anthropic late last week. This weekend, the Financial Times reported that major banks are strengthening their defenses against a rising number of cyberattacks. "The capabilities of AI are increasing the scale of the attack surface that attackers have available to them," Klein said. Anthropic's head of threat intelligence presented a brief history of how the Claude AI model has been adopted by malicious actors. It illustrated how fast the cyberthreat landscape has evolved. The company initially saw evidence of Claude's use in the spring of 2025 when a lone actor used the model to build a fairly unsophisticated ransomware attack. Two months later, Anthropic discovered a Russian cybercriminal who employed Claude to conduct an extortion operation. By September 2025, the company had evidence that a state-sponsored group in China was using Claude for system reconnaissance, penetration testing at scale, exploitation, access and then lateral movement within a breached network. Klein noted that the goal in the Chinese example was espionage and exfiltration of data, with 80% to 90% of the actions driven autonomously. "Once it was built, it was fairly easy," Klein said. "Mostly it's Claude itself just taking actions. The human here has become the supervisor." Much as popular AI models have enabled well-meaning non-programmers to build agents that perform tasks at lightning speeds, Anthropic's research highlights how threat actors are following the same playbook to build tools for exploitation that they cannot create on their own. The company has mapped 800 bad actors against MITRE techniques to gain a better picture of how adversaries are using AI to circumvent defenses and a report should be available soon, according to Klein. "At this point AI systems are becoming a core piece of architecture for bad actors," Klein said. "My job is to find bad actors and understand what they're doing." Klein's point about AI systems becoming a key piece of architecture for threat actors highlights a significant development in how rapidly the cyber threat landscape is shifting. Mythos could represent the kind of architecture or scaffolding needed to defend successfully against AI-related attacks according to one leading security researcher. Speaking at the SANS Summit, Knostic Inc. co-founder and Chief AI Security Officer Sounil Yu used the analogy of the "big bad wolf" blowing down the "three little pigs" house made only of straw. "Most think we should build with bricks, instead we should focus on the notion of architecture," Yu told the SANS gathering. "Architecture sometimes matters more than just the materials." Development of Mythos-like tools that can bolster cyber defenses and create sturdy architecture has taken on more urgency in recent months with the growing adoption of AI agents. The most prominent example of this dynamic has been OpenClaw, a highly popular open-source personal AI assistant that has notoriously weak security controls. Nvidia Corp., Cisco Systems Inc. and Knostic have all released security-strengthened versions of OpenClaw in an effort to keep the tool from opening new vulnerabilities in enterprise organizations. "The Claw has already left the tank, and you probably already have it running in your organization," Yu noted. "Unfortunately, OpenClaw by default is right in the danger zone, it pulls in skills from who knows where. OpenClaw is really just a wakeup call to a lot of enterprises." That wakeup call is also leading some prominent voices in the cybersecurity world to issue a warning about AI's journey down a road lacking integrity. As AI takes over the world, can it be trusted? This is the dilemma that the cybersecurity community must confront, according to Bruce Schneier, previously a faculty affiliate at the Harvard Kennedy School and currently an adjunct professor at the University of Toronto. Schneier expressed concern that the current lack of guardrails around AI usage and the motivations of nation states could result in far more dangerous outcomes on the world stage. "We are already seeing Russian attacks to manipulate training data," Schneier said during a presentation. "Imagine AI being used as an advisor in international trade negotiations. There is going to be an economic incentive to hack that AI. We need trustworthy AI." Schneier said this can realistically be accomplished only by government intervention, through transparency laws and regulation of AI and robotic safety. He made the point that a focus on AI integrity will be a critical mandate for security professionals at a time when AI is becoming increasingly viewed as a trusted adviser and agentic employee. "I predict that integrity is the key security problem of the next decade," Schneier said. "Our confusion will increase with AI. We are going to think of AI as a friend, when it is not."

After Anthropic, OpenAI launches cyber-specific AI model

'This version of GPT-5.4 lowers the refusal boundary for 'legitimate' cybersecurity work', OpenAI said. OpenAI said it will only allow select verified users access to its latest AI model for cybersecurity operations, a week following the limited launch of Anthropic's Mythos. Purpose-built for security operations, the new GPT-5.4-Cyber will be accessible to users willing to work with OpenAI to authenticate themselves as cybersecurity defenders, the company said. This version of GPT-5.4 lowers the refusal boundary for "legitimate" cybersecurity work. As a "more permissive" model, OpenAI said it is beginning by deploying GPT-5.4-Cyber to "vetted" security vendors, organisations, and researchers. The ChatGPT-maker only began integrating cyber-specific safeguards into its model deployments since 2025, and launched Codex Security⁠ to identify and fix vulnerabilities in March. In February, it introduced the Trusted Access for Cyber⁠ as a way to verify the identities of cybersecurity workers. Anthropic's new Mythos model showcases significant capabilities of detecting and generating security exploits. Concerned about bad actors, Anthropic made the choice to offer Mythos to a group of 40-some big businesses to boost their cyber defences. Mythos' reported capabilities have already raised concern with global leaders. Yesterday (14 April), the National Cyber Security Centre director told the Oireachtas Joint Committee on AI that more models such as Mythos should be expected at the hands of bad actors before the end of the year. Anthropic's co-founder and policy lead Jack Clark had similar beliefs. "There will be other systems just like this in a few months from other companies, and then a year to a year-and-a-half later, there'll be open weight models from China that have these capabilities," he told the audience at the Semafor World Economy event in Washington DC earlier this week. OpenAI, which has plans for an initial public offering later this year, has been attempting to narrow focus into the enterprise market - a sector being quickly captured by Anthropic. According to data from payments group Ramp, nearly one in three US business paid for Anthropic's tools in March. The company has been shedding less lucrative projects, including "indefinitely" pausing plans for an erotic ChatGPT and putting Stargate UK on hold. OpenAI's biggest backer Microsoft, meanwhile, has agreed to rent data centre capacity at a site intended for the Stargate Norway project, as yet another one of OpenAI's deals with UK AI infrastructure Nscale fails to take off. Competition between the two companies has escalated, with the announcement of a new Anthropic-inspired 'superapp' by OpenAI, or a dedicated set of AI health tools by Claude launched just days after OpenAI released ChatGPT Health. Despite pausing plans for a Stargate UK, OpenAI said it is opening its first permanent office in London in 2027 with a capacity of more than 500 people. The company plans to make London its largest research hub outside of US, it said. Don't miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic's digest of need-to-know sci-tech news.

OpenAI unveils GPT-5.4-Cyber for elite defensive security teams

OpenAI announced the launch of GPT-5.4-Cyber, a specialized AI model developed for defensive cybersecurity. This variant, a "cyber-permissive" adaptation of GPT-5.4, is not intended for public use and will support advanced cybersecurity measures. The introduction of GPT-5.4-Cyber lays the groundwork for more sophisticated models expected to be released later this year. OpenAI stated that it began fine-tuning models specifically for defensive cybersecurity use cases, starting with this variant. Access to GPT-5.4-Cyber is restricted to a select group of high-tier users validated as cybersecurity defenders. OpenAI requires authenticated access through its Trusted Access for Cyber initiative for those wishing to utilize the model. The model features fewer capability restrictions compared to previous versions and is designed to facilitate advanced workflows such as binary reverse engineering for analysis of compiled software. This enables security experts to evaluate software for vulnerabilities and malware risks without needing access to its source code. The rollout of GPT-5.4-Cyber will begin with vetted security vendors, organizations, and researchers. OpenAI emphasized that this first phase will be limited and iterative. Individuals can verify their identities at chatgpt.com/cyber for access, while enterprises can request team access through OpenAI representatives. OpenAI also recently upgraded its Pro plan for Codex users and released new models, GPT-5.4 mini and nano, which are noted as its most capable small models. Additionally, users have been advised to update Mac applications, including ChatGPT and Codex, to mitigate security risks. OpenAI stated, "This is a version of GPT-5.4 which lowers the refusal boundary for legitimate cybersecurity work and enables new capabilities."

OpenAI launches GPT-5.4-Cyber model for vetted security professionals - SiliconANGLE

OpenAI launches GPT-5.4-Cyber model for vetted security professionals OpenAI Group PBC today announced the launch of GPT-5.4-Cyber, a fine-tuned variant of its GPT-5.4 model designed for defensive cybersecurity work and also announced a significant expansion of its Trusted Access for Cyber program to thousands of verified security professionals. The new model has been purpose-built to lower refusal boundaries for legitimate cybersecurity tasks, or in the words of OpenAI, is "cyber-permissive" and adds capabilities not available in the standard version of GPT-5.4. Among the new capabilities is binary reverse engineering, a feature that allows security professionals to analyze compiled software for malware, vulnerabilities and security weaknesses without needing access to source code. Due to its permissive nature, OpenAI is limiting initial access to vetted security vendors, organizations and researchers. Access runs through the company's Trusted Access for Cyber program, which OpenAI launched in February alongside a $10 million cybersecurity grant program. The program now adds tiered verification levels, with the highest tier unlocking GPT-5.4-Cyber. Individual users can verify their identity at chatgpt.com/cyber and enterprises can request access through their OpenAI representative. Customers already enrolled in the program can apply for higher tiers separately. OpenAI is pitching the release as preparation for more capable models expected later this year, saying that it is "fine-tuning our models specifically to enable defensive cybersecurity use cases, starting today with a variant of GPT-5.4 trained to be cyber-permissive." The company added that it expects versions of its current safeguards to be sufficient for upcoming, more powerful models, while more permissive, cyber-specific variants will require stricter deployment controls. OpenAI also cited progress from its Codex Security product, which launched in private beta six months ago and as a research preview earlier this year. OpenAI said Codex Security has contributed to fixes for more than 3,000 critical and high-severity vulnerabilities across the ecosystem since its recent broader launch. The release comes one week after Anthropic PBC introduced Mythos, a new AI model that demonstrated strong cybersecurity capabilities, to a limited group of roughly 40 organizations. OpenAI's rollout is broader, with the company targeting thousands of individual defenders and hundreds of security teams. OpenAI also noted in its announcement that capture-the-flag benchmark performance across its models improved from 27% on GPT-5 in August 2025 to 76% on GPT-5.1-Codex-Max in November 2025 and said it is planning and evaluating future releases "as though each new model could reach 'High' levels of cybersecurity capability" under its Preparedness Framework. The announcement comes amid a broader push that reflects a shift in how AI developers are approaching cybersecurity risk, moving away from blanket capability restrictions toward identity-based access controls. OpenAI said its goal is to make advanced defensive tools "as widely available as possible while preventing misuse" through automated verification systems rather than manual gatekeeping decisions. The Trusted Access for Cyber program is also part of a wider ecosystem investment that includes contributions to open-source security initiatives and free security scanning for open-source projects through Codex for Open Source, which OpenAI said has reached more than 1,000 projects to date.

Why Anthropic is Restricting Its New Mythos AI Model to Tech Giants

Anthropic's Mythos AI model represents a significant development in artificial intelligence, designed to handle complex reasoning, autonomous coding and extended task execution. A notable aspect of this system, as discussed by Dave Plummer in the video below, is its capacity to identify software vulnerabilities with remarkable accuracy, including intricate scenarios like privilege escalation and operating system escapes. This capability underscores the dual-use nature of the model, requiring careful consideration to balance its benefits for cybersecurity with the risks of potential misuse. Explore how Mythos AI's phased introduction under "Project Glass Wing" is influencing its adoption in high-stakes industries. Gain insight into its role in enhancing digital resilience for sectors such as energy and finance and examine its potential applications in areas like scientific research and strategic planning. This explainer provides a detailed look at the opportunities and challenges surrounding this advanced AI system. Mythos AI is engineered to excel in areas requiring complex reasoning, long-term task execution and autonomous coding. Among its standout features is its ability to identify and exploit software vulnerabilities with exceptional precision and speed. For example, Mythos can autonomously chain exploits, such as privilege escalation and operating system (OS) escapes, critical processes in cybersecurity. These capabilities position Mythos as a powerful tool for solving technical challenges and addressing high-stakes applications across various domains. What sets Mythos apart is its ability to operate with a level of autonomy and accuracy that surpasses many existing AI models. By allowing organizations to address vulnerabilities proactively, it offers a unique opportunity to strengthen digital defenses. However, its advanced capabilities also raise concerns about potential misuse, highlighting the dual-use nature of such technologies. The dual-use nature of Mythos AI presents both opportunities and challenges. On one hand, the model enables organizations to enhance their cybersecurity frameworks, identifying vulnerabilities before they can be exploited. On the other hand, its misuse by malicious actors or inexperienced users could significantly amplify risks, potentially leading to widespread harm. To mitigate these risks, organizations must prioritize foundational cybersecurity practices, including: These measures are essential for safeguarding systems against increasingly sophisticated cyber threats, particularly as AI-driven tools like Mythos become more prevalent. Uncover more insights about Mythos AI in previous articles we have written. To address the inherent risks of deploying such an advanced AI model, Anthropic has adopted a controlled rollout strategy under the initiative known as "Project Glass Wing." Access to Mythos AI is currently restricted to major organizations, including AWS, Google and Microsoft, with a focus on defensive applications. This limited release serves as a "warning flare" for cybersecurity professionals, providing them with a critical window to prepare for the challenges posed by advanced AI capabilities. This cautious approach reflects a broader industry trend toward prioritizing safety and collaboration over rapid deployment. By engaging key stakeholders early, Anthropic aims to foster a more secure and equitable integration of Mythos AI into the global technology landscape. The release of Mythos AI has sparked widespread discussions among governments, financial institutions and technology leaders. Key stakeholders, including the White House, the UK government and the European Central Bank (ECB), are actively evaluating its implications for critical infrastructure and systemic resilience. These conversations are particularly focused on addressing vulnerabilities in sectors such as: As these industries increasingly rely on interconnected digital systems, the need for robust cybersecurity measures has never been more urgent. Mythos AI's capabilities highlight both the opportunities and challenges of integrating advanced AI into critical sectors. While Mythos AI's immediate focus is on cybersecurity, its potential applications extend far beyond this domain. The model demonstrates remarkable progress in agentic tasks, mathematics and knowledge work, allowing it to autonomously solve complex problems and execute long-term strategies. These advancements could drive innovation in industries such as: These capabilities signal a broader shift in AI's potential to transform knowledge-intensive fields. However, they also underscore the importance of responsible deployment and governance to ensure these benefits are realized equitably. Despite its promise, Mythos AI introduces several ethical and practical challenges. The potential for misuse by rogue actors or the widespread access of advanced cybersecurity capabilities to less skilled individuals is a significant concern. Additionally, restricting access to Mythos may inadvertently exacerbate inequalities, favoring large organizations with the resources to use such tools while leaving smaller entities at a disadvantage. These challenges highlight the need for global AI governance frameworks that balance innovation with security and equity. Coordinated efforts among governments, industry leaders and academic institutions will be essential to address these issues and ensure the responsible use of advanced AI technologies. For technology professionals, staying ahead of the curve is critical as AI models like Mythos continue to evolve. Key steps to prepare for this rapidly changing landscape include: By adopting these measures, professionals can better navigate the challenges and opportunities presented by advanced AI technologies. Anthropic's approach to Mythos AI reflects a broader industry shift toward cautious and coordinated releases of advanced AI models. Lessons learned from this controlled rollout will likely inform the development of less risky, more widely accessible AI systems in the future. The ongoing dialogue among stakeholders, spanning governments, industries and academia, will play a crucial role in shaping the trajectory of AI innovation. Mythos AI represents a significant milestone in artificial intelligence, offering unprecedented capabilities while raising critical questions about cybersecurity, governance and ethical deployment. Its ultimate impact will depend on how effectively these challenges are addressed and how its potential is harnessed to benefit society as a whole. Disclosure: Some of our articles include affiliate links. If you buy something through one of these links, Geeky Gadgets may earn an affiliate commission. Learn about our Disclosure Policy.

Anthropic-OpenAI Race Obscures The Real Cybersecurity Breakdown: Analysis

As the two AI platforms pursue competing initiatives over vulnerability discovery, the question of who will win is the least of security teams' concerns. Following the announcement heard-round-the-world last week from Anthropic about its progress on AI-powered vulnerability discovery with Claude Mythos, OpenAI followed up this week with not one, but two, announcements of its own in the space. Security teams, however, are not wasting any time pondering which horse to bet on. [Related: Anthropic Claude Mythos Suggests Vulnerability Management Will Soon 'Break': Forrester] OpenAI introduced its Trusted Access for Cyber initiative back in early February, highlighting the usefulness of GPT‑5.3‑Codex for rapidly uncovering software flaws. However, it was clearly Anthropic's disclosure of the vulnerability discovery gains being made in its unreleased Claude Mythos model that has gained the lion's share of attention so far from CISOs and security teams. In part, that's because Anthropic simultaneously announced its "Project Glasswing" initiative featuring collaborations with a who's who of the tech and security industries. This week, OpenAI responded with the announcement of GPT‑5.4‑Cyber on Tuesday, followed by another update Thursday on Trusted Access for Cyber. The latter announcement disclosed that initiative supporters include Cisco, CrowdStrike, Nvidia, Oracle and Zscaler⁠. As with Anthropic's Project Glasswing, the goal of the OpenAI initiative is to "build the trust, verification and accountability needed to make these tools available" the cyber defense teams, OpenAI said in a post. For those keeping score at home, Anthropic also announced general availability Thursday for Claude Opus 4.7 -- a model with cyber capabilities that, though useful, are "not as advanced as those of Mythos Preview," Anthropic said in a post. Most security leaders and professionals, however, are likely not going to care very much about who is in the lead in the AI vulnerability discovery race. "That's the pulse that I'm getting from CISOs," Presidio's Dan Lohrmann told me this week. Instead, security teams are rightfully focusing on what the announcements mean for the threat landscape. Namely: the surge in cyberattacks they will face as soon as attackers get their hands on comparable, or even semi-comparable, capabilities. Smart CISOs realize "you cannot assume that, somehow, this is a secret that's going to stay secret," said Lohrmann, field CISO for public sector at solution provider powerhouse Presidio. The reality is, while there may be a window of time before attackers can fully tap into Anthropic- or OpenAI-level cyber capabilities, the required shift in patching schedules is going to so severe that organizations will need all the time they can get. That is, "you need to take immediate action now," Lohrmann said. Likewise, Bugcrowd's Trey Ford pointed out that AI platforms competing around frontier model access doesn't directly address the far bigger hurdles these models are exacerbating in vulnerability management. "The bottleneck was never the AI model," wrote Ford, chief strategy and trust officer at crowdsourced cybersecurity platform Bugcrowd, in email comments provided to media outlets Thursday. The far bigger concern, he wrote, is the massive shortcomings of human-coordinated processes needed to actually remediate the coming swarms of AI-discovered bugs. This latest phase of the AI platform rivalry is no doubt interesting to watch. But given the unprecedented security challenges that AI is on track to create, according to Ford, the OpenAI vs. Anthropic race is simply "the wrong conversation for security leaders this week."

OpenAI Expands Cybersecurity Program Before Deploying New Models | PYMNTS.com

By completing this form, you agree to receive marketing communications from PYMNTS and to the sharing of your information with our sponsor, if applicable, in accordance with our Privacy Policy and Terms and Conditions. The company is scaling up the Trusted Access for Cyber (TAC) program to thousands of verified individuals and hundreds of teams responsible for defending critical software, it said in a Tuesday (April 14) blog post. "In preparation for increasingly more capable models from OpenAI over the next few months, we are fine-tuning our models specifically to enable defensive cybersecurity use cases, starting today with a variant of GPT-5.4 trained to be cyber-permissive: GPT-5.4-Cyber," OpenAI said in the post. Because AI tools can be used by attackers as well as defenders, OpenAI has safeguards that include making the tools as widely available as possible while preventing misuse, putting the systems into the world carefully and updating them as needed, and supporting defenders across the ecosystem, according to the post. To expand access to TAC, OpenAI is adding new levels of identity verification. While the company launched the program in February with automated identity verification, it is now expanding it by introducing additional tiers of access for people who are willing to work with OpenAI to authenticate themselves as cybersecurity defenders, per the post. Individual users can verify their identity, while enterprises can request trusted access for their team. Customers who are already in TAC can request additional tiers of access if they further authenticate themselves as legitimate cyber defenders. "Over the long term, to ensure the ongoing sufficiency of AI safety in cybersecurity, we also expect the need for more expansive defenses for future models, whose capabilities will rapidly exceed even the best purpose-built models of today," OpenAI said in the post. OpenAI initially launched Trusted Access for Cyber as a pilot program in February alongside the release of GPT-5.3-Codex, saying it aimed to accelerate cyber defense research. AI company Anthropic announced April 7 that it has a program called Project Glasswing that allows select partners to gain early access to the upcoming Mythos model positioned for defensive cybersecurity work. It was reported Friday (Feb. 10) that the White House is encouraging banks to use Mythos to identify vulnerabilities.

OpenAI rolls out GPT-5.4-Cyber to strengthen AI-powered cybersecurity defense

OpenAI has expanded its Trusted Access for Cyber (TAC) program and introduced GPT-5.4-Cyber, a cybersecurity-focused variant of its GPT-5.4 model. The update is designed to strengthen AI-powered cyber defense by giving verified security professionals structured access to advanced capabilities while maintaining strict safety safeguards. The move reflects OpenAI's broader strategy of scaling defensive cybersecurity tools in step with rapidly advancing AI systems. OpenAI is scaling its TAC program to include thousands of verified individual cybersecurity defenders and hundreds of teams responsible for protecting critical software systems. The program has evolved as part of a longer cybersecurity roadmap: TAC is designed to expand access to advanced AI tools while maintaining controlled and verified usage. Access is structured through: OpenAI emphasizes that cyber risk depends on a combination of model capability, user identity, intent signals, and access level, not just the model itself. OpenAI has introduced GPT-5.4-Cyber, a fine-tuned version of GPT-5.4 designed specifically for cybersecurity defense tasks. The model is described as cyber-permissive, meaning it reduces refusal thresholds for legitimate security use cases while still maintaining safety protections. It is designed to support advanced defensive workflows such as: These capabilities are intended to help security professionals detect and analyze risks in compiled software more effectively. OpenAI notes that both defenders and attackers are increasingly using AI, and that advanced test-time compute methods can further amplify model capabilities. This makes continuous safety improvements essential. OpenAI also highlighted progress on Codex Security, its automated system for detecting and fixing vulnerabilities in software. It has already helped fix over 3,000 critical and high-severity vulnerabilities, along with additional lower-severity issues across open-source projects. This reflects a shift toward continuous, AI-assisted security during development, rather than periodic audits or post-release fixes. OpenAI's cybersecurity approach is structured around three core principles: The company also emphasizes the need for more automated systems to validate trust signals and scale access safely. OpenAI notes that cybersecurity risk is already accelerating, even before the latest generation of AI systems. Key points include: The company stresses that cybersecurity safeguards must evolve continuously rather than waiting for future capability thresholds. It also highlights that risk depends on a combination of: This enables a layered safety approach rather than a single uniform restriction model. Access to GPT-5.4-Cyber is restricted under the Trusted Access for Cyber (TAC) program. Access is limited to: Because of its capability level, additional restrictions may apply in certain environments, including: Access is granted gradually to ensure safe and controlled deployment. OpenAI says current safeguards are sufficient for existing and near-term models, but future systems will require stronger protections as AI capabilities continue to increase. The company expects: The long-term goal is to build a system where AI continuously helps detect, validate, and fix vulnerabilities across software infrastructure in real time.

Claude Mythos: What Risks does it Pose and Why is the White House Worried?

The US government invited Dario Amodei for a chat when his company has filed multiple lawsuits against the Trump administration over being labelled a supply-chain risk The buzz around Claude Mythos following Anthropic's claim that the AI tool can outperform humans at hacking and cybersecurity tasks seems to have resonated within the White House. The Trump administration, which had recently labelled the AI start-up as a supply-chain risk, thought it fit to call its CEO Dario Amodei for a discussion with two top government officials. Published media reports say Amodei met Treasury Secretary Scott Bessent and White House Chief of Staff Susie Wiles yesterday in what the administration described as a "productive and constructive" meeting. Of course, their boss Donald Trump told reporters at Phoenix later that he had no clue about the meeting. This is the same Trump who directed government agencies to stop using Anthropic wrote on social media that the company was run by "left wing nut jobs" who sought to "strong arm" defence. "We don't need it, we don't want it, and will not do business with them again," he said. So, what changed during the past week and drastically that two key officials of the administration - Secretary Bessent and Federal Reserve Chair Jerome Powell - came out favouring Anthropic and went on to nudge senior executives of American banks to use Claude Mythos AI model for detecting vulnerabilities that could have sneaked into their systems. The matter came to the public eye first two days after Anthropic secured an injunction against the Trump administration's supply-chain risk order. The company was "forced to" reveal a new model earlier than they had planned for due to an inadvertent information leak on their public-facing content management system. Fortune magazine broke the story based on speculation before getting confirmation from the company that the "new model was already under testing with early access customers and may represent a "step change" in AI performance and could emerge "as the most capable we've built till date." It was also described as a general purpose model "meaningful advances in reasoning, coding, and cybersecurity. Of course, the irony was not lost on the readers as it was a draft blog available in "an unsecured and publicly searchable data store" that gave out first details of the model. It claimed that the new model could pose "unprecedented cybersecurity risks." And it is this risk statement that appears to have caught the attention of everyone around. So, what exactly are these risks? On April 7, Anthropic said that during testing its own researchers found the model to be highly skilled and capable of tacking hacking better than humans. "Mythos Preview has already found thousands of high-severity vulnerabilities, including some in every major operating system and web browser," they said while noting that "it may not be long before such capabilities proliferate, potentially beyond actors who are committed to deploying them safely." Once Anthropic told the world that Claude Mythos can outperform humans at hacking and cybersecurity, it automatically presented challenges for financial institutions, regulators and even legislators at some point. The latter set might have to consider the possibility of the threats it could pose to the entire digital services suite. The company isought to create a ring-fencing around early tests through what it called Project Glasswing. It brought together 12 global companies to check how a new frontier model trained by the Claude-maker could reshape cybersecurity. Of course, it could be a PR exercise to propagate never-seen-before capabilities, given that competition is hotting up by the day. What we know as on date is that researchers who tested AI models reported that Claude Mythos was capable of computer security tasks. They said the tool could locate dormant bugs lurking within decades-old code and easily exploit them. Hence, Project Glasswing was described as "an effort to secure the world's most critical software." While bringing some of the big tech giants such as Microsoft, Google, AWS, Nvidia, and Broadcom into this network, Amodei released a video stating his offer to work with the US government to "help defend against the risk of these models." Barely days after this offer, we saw the US administration nudging banks to reach out to Anthropic and test out Mythos. In fact, finance ministers, central bankers and executives of finance-led corporations from across the world were near unanimous over concerns about the new AI model, which some felt could undermine the security of the entire global financial systems. While experts warned that it could potentially have an unprecedented ability to identify and exploit cybersecurity weakness, some like Canadian finance minister François-Philippe Champagne revealed to the BBC that Mythos had been discussed at an IMF meeting in Washington DC last week. The minister said the issue was serious enough to warrant attention of all finance ministers. Echoing these sentiments Bank of England governor Andrew Bailey said they were looking very carefully at how Claude Mythos is functioning, a sentiment that was later shared by the European Union too after officials held closed-door discussions around the new AI model. While governments appear unanimous about the challenges, cybersecurity experts are unsure whether the threat is real or merely an exercise to popularise a new product. The problem, according to them, is that they haven't had access to Claude Mythos and till they see it, they won't be able to provide an opinion. However, they do accept that fears around AI isn't new. Each new model also brings forth new promises to revolutionise lives, for better or for worse. Into this mix of fear and excitement comes the need for pushing demand, given that all the tech giants have come to realise that AI is an expensive proposition - both for the providers and the users. Experts say that with Mythos there is very little that is known to prospective users (other than those involved in Anthropic's Project Glasswing). However, what we can do now is refrain from panic and focus on the need to get cybersecurity right. In case a tool can find loopholes, so be it. Find them and fix them, is what they believe should be the future course of action. They also argue that hackers seldom use AI tools (this may be changing now) to breach system. So, for now the best option is to broaden the availability to Claude Mythos with security guardrails deployed internally by enterprises and check whether their digital journeys are indeed safe, as they have been led to believe for nearly three decades. Which now brings us to why the White House got interested in the story. There is obviously the national security interest where the United States does not want its digital infrastructure to crumble because they did not heed the words of a founder who raised a red flag about his own product and its capabilities. That the situation arose amidst a rather challenge one faced by both parties could only be a sheer case of coincidence. Unless, one happens to be in Sam Altman's shoes, and believes that this is unwanted attention being created as part of a one-upmanship story between two friends who are now on the opposite side of the AI battle for supremacy. From the Trump administration's point of view, the meeting with Amodei is a good indicator that the US wants to be on top of this critical issue. "We discussed opportunities for collaboration, as well as shared approaches and protocols to address the challenges associated with scaling this technology," the White House said in its statement. Ignoring Anthropic's offer and warning could become a banana peel if Trump and his team did not do what they just did. An administration that lopped off a partner because they did not agree to use AI in indigenous weapons or for largescale surveillance would be loath to turn its back on a technology that could ensure its authority on the global digital ecosystem. Whether Claude Mythos could result in some apocalyptic event that the world and the White House is attempting to stop or merely a smart marketing hype is something only time will tell. For now, all we can consider is that AI is a reality and some tool now or some months or years later will come that could pose a genuine risk to the world. For now, Anthropic has offered us an opportunity to work with one tool to fix the underlying internet vulnerabilities. So be it!

OpenAI unveils GPT-5.4-Cyber a week after rival's announcement of AI model

April 14 (Reuters) - OpenAI on Tuesday unveiled GPT-5.4-Cyber, a variant of its latest flagship model fine-tuned specifically for defensive cybersecurity work, following rival Anthropic's announcement of frontier AI model Mythos. Mythos, announced on April 7, is being deployed as part of Anthropic's "Project Glasswing", a controlled initiative under which select organizations are permitted to use the unreleased Claude Mythos Preview model for defensive cybersecurity purposes. It has found "thousands" of major vulnerabilities in operating systems, web browsers and other software. OpenAI, creator of popular chatbot ChatGPT, said that GPT-5.4-Cyber will initially be rolled out on a limited basis to vetted security vendors, organizations and researchers because of its more permissive design. The company is also expanding its Trusted Access for Cyber program to thousands of verified individual defenders and hundreds of teams protecting critical software, it said in a post on its website. OpenAI is adding new tiers to its TAC program, which was launched in February, with higher levels of verification unlocking more powerful capabilities. Users approved for the highest tier will gain access to GPT-5.4-Cyber, which has fewer restrictions on sensitive cybersecurity tasks such as vulnerability research and analysis. (Reporting by Juby Babu in Mexico City; Editing by Maju Samuel)

Too powerful to launch? This AI can hack systems in hours, Anthropic explains why

Experts warn AI could accelerate cyberattacks, urging users to update devices and strengthen security measures Anthropic's latest and most powerful model Mythos has been in the headlines ever since the company announced it. While it has a lot of what we call as benefits, the new model has also raised cybersecurity concerns over the past week after reportedly identifying critical vulnerabilities across widely used software systems. The model has flagged thousands of high-risk flaws spanning major operating systems and web browsers and has raised fears about its potential misuse if released publicly. Instead of making the system widely available, the company has opted for a controlled rollout only offering early access to a group of around 40 technology firms. The list includes giants like Apple, Google and Amazon. With this, the company aims to allow these organisations to identify and fix weaknesses before they can be exploited by malicious actors. But multiple reports and cybersecurity experts warn that tools like Mythos can accelerate cyberattacks as AI systems are able to discover and exploit vulnerabilities far faster than humans. Testing by the UK AI Security Institute reportedly showed that the model can independently carry out tasks that would typically take security researchers days to complete. Also read: Smartphones may get bigger, user-replaceable batteries by 2027, here is why Industry analysts say the development can dramatically increase the volume and speed of cyber threats and this can lead to a surge in security incidents and force organisations to adapt faster patching cycles and stronger defense mechanisms. The experts as cited by the report are advised to take basic precautions, including enabling automatic software updates, replacing devices that no longer get security patches and strengthening account protection with tools like password manager and multi factor authentication. Newer login methods such as passkeys are also recommended for improved security.

OpenAI introduces GPT 5.4 Cyber, an AI model built for cybersecurity defence: All details

OpenAI explained that because GPT-5.4-Cyber is 'more permissive,' the company is releasing the AI model in a limited rollout. OpenAI has introduced a new AI model called GPT-5.4-Cyber, designed specifically for defensive cybersecurity work. The model is a specialised version of GPT-5.4 and is not available to the general public. Interestingly, Anthropic recently introduced Claude Mythos AI for security-focused use cases. According to OpenAI, GPT-5.4-Cyber has been created to help cybersecurity professionals analyse software, identify vulnerabilities and defend systems against digital threats. The company also says the model is part of its preparation for more powerful AI models expected later this year. 'In preparation for increasingly more capable models from OpenAI over the next few months, we are fine-tuning our models specifically to enable defensive cybersecurity use cases, starting today with a variant of GPT-5.4 trained to be cyber-permissive: GPT-5.4-Cyber,' the company said in a blogpost on Tuesday. Also read: OpenAI acquires Hiro Finance: What the AI startup offers One of the key differences with this model is that it has fewer restrictions compared to typical AI systems. OpenAI explained that GPT-5.4-Cyber is intentionally fine-tuned for 'additional cyber capabilities and with fewer capability restrictions' 'This is a version of GPT-5.4 which lowers the refusal boundary for legitimate cybersecurity work and enables new capabilities for advanced defensive workflows,' OpenAI added. Also read: Apple iPhone 18 Pro Max and iPhone 18 Pro leaks: From India price to specs, here is what we know The model can also assist with binary reverse engineering, allowing security professionals to analyse compiled software to detect malware, vulnerabilities and security weaknesses even without access to the original source code. OpenAI explained that because GPT-5.4-Cyber is 'more permissive,' the company is releasing the AI model in a limited rollout. Access is restricted to verified cybersecurity defenders who are willing to authenticate their identity and work with the company.