OpenAI is finalizing a product with advanced cybersecurity capabilities for a limited set of partners, Axios reported Thursday, becoming the second major AI lab in a week to restrict access to tools capable of automating sophisticated cyberattacks. The product builds on OpenAI's "Trusted Access for Cyber" pilot program, launched in February alongside GPT-5.3-Codex with $10 million in API credits for vetted organizations. It lands just days after Anthropic deployed its own restricted model, Claude Mythos Preview, to more than 40 organizations through a defense initiative called Project Glasswing.

Key Takeaways

AI-generated summary, reviewed by an editor. More on our AI guidelines.

The arms race nobody wanted

Both companies arrived at the same conclusion independently. Their newest AI systems locate vulnerabilities in software, chain them together, then write working exploits. Human security teams cannot keep pace. So both labs landed on the same ugly calculus: hand those capabilities to defenders first, and to everyone else later. Or never.

Anthropic's Mythos Preview has already identified thousands of zero-day vulnerabilities across every major operating system and web browser. Some survived decades of scrutiny. One was a 27-year-old bug in OpenBSD, an operating system known for its security focus. Another had evaded 5 million automated tests inside the video encoder FFmpeg over 16 years.

The benchmark numbers sharpen the anxiety. On CyberGym, which measures a model's ability to reproduce known software vulnerabilities, Mythos scored 83.1% against 66.6% for Anthropic's previous flagship. On a Firefox exploit test, the older model managed two working exploits from several hundred attempts. Mythos produced 181.

"You can't stop models from doing code enumeration or finding flaws in older codebases," Rob T. Lee, chief AI officer at the SANS Institute, told Axios. "That capability exists now."

Defenders get a head start

Project Glasswing is the defense plan. Anthropic tapped a dozen of the world's biggest tech firms for early Mythos access. The group spans cloud providers, chipmakers, and security vendors: Google, Microsoft, Apple, Amazon, Nvidia, CrowdStrike, Palo Alto Networks, Cisco among them. Another 40 or so organizations got access too, all of them builders or maintainers of critical software. Anthropic is backing the effort with $100 million in usage credits and $4 million in direct donations to open-source security groups.

OpenAI's approach tracks a similar pattern. Its February pilot granted invite-only organizations access to "even more cyber capable or permissive models to accelerate legitimate defensive work." The new product reportedly expands that framework, though OpenAI has shared fewer details about scope or partners.

The logic borrows from responsible vulnerability disclosure, a practice the security industry ground into shape over decades. Spot the flaw, show it to the people who can patch it, then give them a window before going public. Though that only works when everyone plays along.

"It's the same debate we've had for decades around responsible vulnerability disclosure," Lee added.

The window is closing

Alex Stamos, chief product officer at cybersecurity firm Corridor and former head of security at Facebook and Yahoo, put a timeline on the problem. Open-weight models will match frontier models in bug-finding within roughly six months, he told Platformer. "At which point every ransomware actor will be able to find and weaponize bugs without leaving traces for law enforcement to find."

That timeline tracks with what already happened. Anthropic disclosed last year that a Chinese state-sponsored group jailbroke Claude Code and used it to autonomously infiltrate roughly 30 organizations. AI handled the majority of tactical operations independently, according to Anthropic's disclosure. The attackers ran the operation for weeks before anyone noticed. That's the part that stings.

And the defensive side keeps losing ground. The Trump administration proposed slashing CISA's budget by $707 million last week. That budget would leave the country's lead cybersecurity agency running on about $2 billion, less than some individual ransomware hauls. No one has been Senate-confirmed to lead it since 2025. Hundreds of employees walked out or were pushed.

What comes next

OpenAI's cybersecurity product is not Spud. Spud is a separate model, reportedly done with pretraining, whose cyber capabilities nobody outside the company has publicly characterized. CEO Sam Altman told employees to expect a "very strong model" within weeks.

If Spud matches Mythos in vulnerability discovery, Altman faces the same decision Anthropic already made. Restrict it and give defenders time. Or ship broadly and hope the guardrails hold.

Wendi Whitmore, chief security intelligence officer at Palo Alto Networks, offered the bluntest forecast at the HumanX conference Tuesday. It is only weeks or months, she told Axios, before a model with these capabilities hits the open market.

The question stopped being whether AI can compromise critical infrastructure. It can. Now it is whether the companies building these tools gave the people defending water systems, power grids, and financial networks enough of a running start. For the organizations inside Project Glasswing, the clock started Tuesday. For everyone else, it started the moment you read this sentence.

Frequently Asked Questions

What is OpenAI's new cybersecurity product?

OpenAI is finalizing a product with advanced cybersecurity capabilities for a limited set of partners. It builds on the company's Trusted Access for Cyber pilot program, launched in February with $10 million in API credits. The product is separate from OpenAI's upcoming model codenamed Spud.

What is Anthropic's Project Glasswing?

Project Glasswing is Anthropic's initiative giving 12 core tech partners and about 40 additional organizations early access to Claude Mythos Preview for defensive cybersecurity work. Partners include Amazon, Apple, Google, Microsoft, and CrowdStrike. Anthropic committed $100 million in usage credits.

What vulnerabilities has Mythos Preview found?

Mythos Preview identified thousands of zero-day vulnerabilities across every major operating system and web browser. Notable finds include a 27-year-old bug in OpenBSD and a 16-year-old flaw in FFmpeg that survived 5 million automated tests. On CyberGym benchmarks, Mythos scored 83.1% versus 66.6% for its predecessor.

Why are AI labs restricting access to these models?

Both OpenAI and Anthropic concluded their newest AI systems can find and exploit software vulnerabilities faster than defenders can patch them. Restricting access gives defensive teams a head start before the capabilities spread to open-weight models, which experts estimate could happen within six months.

How does CISA factor into the cybersecurity picture?

The Trump administration proposed cutting CISA's budget by $707 million, which would reduce the agency to about $2 billion in operating funds. The agency has lacked a Senate-confirmed director since 2025 and lost hundreds of staff, raising concerns about the government's ability to respond to AI-driven cyber threats.

AI-generated summary, reviewed by an editor. More on our AI guidelines.

Anthropic Called Its Own AI a Cybersecurity Threat. Wall Street Obliged.
On Thursday afternoon, a draft blog post sat in a publicly accessible database on Anthropic's website. Unsecured. Searchable. The digital equivalent of leaving your product launch plans on a park benc
The Implicator
Google Launches Free AI Tool to Help Security Teams Fight Threats
The model tackles a fundamental problem in cybersecurity: defenders must protect against every possible attack, while criminals only need to find one weak spot. Sec-Gemini v1 helps level this playing
The Implicator
The Virtualization Blind Spot: China's 17-Month Persistence Inside America's Infrastructure
For seventeen months, Chinese state-sponsored hackers had access to a U.S. organization's VMware vCenter server. The intrusion started in April 2024. It wasn't discovered until September 2025, and onl
The Implicator
AI News

San Francisco

Editor-in-Chief and founder of Implicator.ai. Former ARD correspondent and senior broadcast journalist with 10+ years covering tech. Writes daily briefings on policy and market developments. Based in San Francisco. E-mail: [email protected]