Rushing to keep up with Anthropic's Mythos, OpenAI also releases cybersec-focused AI model
The White House, banking executives, and cybersecurity professionals, already spooked by the capabilities of Anthropic's AI model Mythos, now have even more on their plate. OpenAI is also releasing a new model focused on cybersecurity.
Just like Mythos, OpenAI's new model, GPT-5.4-Cyber, is designed to autonomously find flaws and bugs in software, allowing cyber pros to fix issues before they are exploited by bad actors.
"The progressive use of AI accelerates defenders - those responsible for keeping systems, data, and users safe - enabling them to find and fix problems faster in the digital infrastructure everyone relies on," OpenAI said in a press release.
The company, though, adds: "Similarly, AI is being used by attackers looking to cause harm."
Release is limited to a small set of clients
That's why, similarly to Anthropic, OpenAI has so far limited the release of its model to a select group of customers. Indeed, it looks like both AI labs are concerned that these powerful new models could help bad actors and render many current cybersecurity defenses obsolete.
AI systems are inherently dual-use: bad actors can repurpose technologies developed for legitimate applications to their own advantage and achieve malicious goals.
The cause for concern is, of course, the fact that AI systems are inherently dual-use: bad actors can repurpose technologies developed for legitimate applications to their own advantage and achieve malicious goals.
In these specific cases, attackers could invert the models fine-tuned for software defense to detect and exploit vulnerabilities in widely used software before they can be patched, exposing users to significant risks.
Anthropic says Mythos has already detected thousands of severe vulnerabilities, including in "every major operating system and web browser," some of which had been undetected for decades.
According to The Wall Street Journal, a software bug capable of crashing almost any OS went undetected for 27 years, but Mythos managed to catch it and is marketed as a tool capable of finding bugs at a rate never seen before.
The US Treasury Secretary, Scott Bessent, and Federal Reserve Chair Jerome Powell even convened an urgent meeting with bank CEOs last week to warn of the cyber risks posed by Mythos and similarly sophisticated AI models.
Both OpenAI and Anthropic seem to understand the risks they're bringing to the world of cybersecurity - even though they could, of course, have simply shelved the models.
"Cyber risk is already here and accelerating, but we can act. Digital infrastructure has already been vulnerable for years, before advanced AI even came along," OpenAI said in its blog rather defensively.
Anthropic has meanwhile pre-emptively announced a big-tech exclusive initiative dubbed "Project Glasswing," providing access to Mythos to twelve major tech firms such as Apple, Google, Microsoft, and Nvidia in an effort to protect the most critical software.
Part of AI hype?
Jack Clark, Anthropic co-founder & head of Public Benefit, doesn't seem particularly worried, telling the Semafor World Economy forum this week that Mythos is "not a special model."
"There will be other systems just like this in a few months from other companies. And in a year to a year and a half later, there'll be open weight models from China that have these capabilities," said Clark.
"So the world is going to have to get ready for more powerful systems that are going to exist within it."
Maybe it's just part of the AI hype, anyway. Marcus Hutchins, a cybersecurity researcher best known for helping to stop the global WannaCry ransomware attack, questioned Anthropic's narrative in a viral video.
"Bugs aren't going unpatched because no one can find bugs. It's because no one is being paid to find bugs," said Hutchins before reiterating that there's no evidence whatsoever that AI systems are more cost-effective than human cyber researchers.
So why are Anthropic, OpenAI, and (soon) other AI firms doing this? Well, a healthy cynic would most probably conclude that they want big companies to feel the heat and pay for their amazing tools.