Within seven days, both companies unveiled AI models purpose-built for cybersecurity – and both decided the world isn’t ready for them yet. Here’s what each does, who gets access, and why it matters more than the usual AI product launch.
Something worth paying attention to happened this week. On April 7, Anthropic unveiled Claude Mythos Preview – an AI model so capable at finding and exploiting software vulnerabilities that the company decided not to release it publicly. Then, exactly one week later, OpenAI announced GPT-5.4-Cyber, its own cybersecurity-focused model, with a similar caveat: available only to verified security professionals, not the general public. Two of the world’s leading AI companies, one week apart, both saying the same quiet part out loud: we built something powerful enough to worry us.
These aren’t consumer products. You won’t find them in ChatGPT or the Claude app. But what they can do – and who they’re being given to – has real consequences for the software that runs everything from your bank to your phone’s operating system.
| The short version
Both OpenAI and Anthropic have built AI models that can find and exploit software vulnerabilities faster than any human security team. Neither is releasing them publicly. Access is restricted to vetted cybersecurity professionals through application programs. |
Anthropic moved first – and went further
Anthropic’s Mythos Preview is, by any honest reading, the more striking announcement. During internal testing, the model autonomously found thousands of previously unknown – zero-day – vulnerabilities across every major operating system and every major web browser. Not with a human guiding it through the code. On its own, after a single prompt.
One example that has been made public: Mythos independently identified and wrote a working exploit for a 17-year-old remote code execution vulnerability in FreeBSD – a flaw that would give an attacker complete control of a server, accessible from anywhere on the internet, with no login required. No human was involved after the initial instruction. That kind of result, on that kind of legacy code, hadn’t happened before.
“I’ve found more bugs in the last couple of weeks than I found in the rest of my life combined.” – Anthropic researcher Nicholas Carlini
Anthropic didn’t release the model. Instead, it launched Project Glasswing – a controlled programme giving access to roughly 50 organisations to use Mythos to secure critical software before the same capabilities end up in the wrong hands. Partners include AWS, Apple, Google, Microsoft, Cisco, CrowdStrike, and Nvidia. Anthropic is backing it with $100 million in model usage credits and $4 million in donations to open-source security organisations.
The reasoning is uncomfortable but straightforward: Mythos didn’t learn to hack because Anthropic trained it to hack. The capabilities emerged as a side effect of the model getting better at reasoning and writing code. Which means future models – from Anthropic and from every other lab – will likely develop the same abilities whether anyone plans for it or not.
| Project Glasswing in numbers
$100M in usage credits committed • $4M donated to open-source security orgs • ~50 partner organisations • Thousands of zero-days found before announcement • Over 99% of discovered vulnerabilities still unpatched at launch |
OpenAI came back a week later with a different approach
GPT-5.4-Cyber is a fine-tuned version of OpenAI’s existing GPT-5.4 model, adjusted specifically to lower the refusal threshold for legitimate security work. Where the standard model might decline to help with vulnerability analysis or binary reverse engineering, GPT-5.4-Cyber is designed to assist with exactly those tasks – for people who can prove they should be doing them.
Access runs through OpenAI’s Trusted Access for Cyber programme, which launched in February. The programme adds tiered verification levels: the higher your tier, the more powerful the model you can access. GPT-5.4-Cyber sits at the top. Individual users can apply at chatgpt.com/cyber. Enterprise teams go through their OpenAI account rep. The company is targeting thousands of individual defenders and hundreds of security teams.
One notable gap: US government agencies are not currently in the programme, though OpenAI says discussions are underway. That’s a conspicuous absence for a tool being positioned as critical infrastructure defence.
How they actually compare
The two models are solving related problems from different directions. Here’s what the facts show:
| GPT-5.4-Cyber | Claude Mythos Preview | |
| Announced | April 14, 2026 | April 7, 2026 |
| Base model | GPT-5.4 (fine-tuned) | Mythos Preview (separate model) |
| Access | Tiered — thousands of vetted defenders | ~50 named partner orgs only |
| Key capability | Binary reverse engineering, vuln analysis | Autonomous zero-day discovery & exploit |
| Public release? | No — vetted security pros only | No — too dangerous per Anthropic |
| Benchmark score (CTF) | 76% (GPT-5.1-Codex-Max, Nov 2025) | Saturates existing benchmarks |
| Investment | Trusted Access for Cyber program | $100M usage credits + $4M open source |
| US govt access | Not yet — discussions ongoing | Not disclosed publicly |
The practical difference: Mythos appears to operate with significantly more autonomy – it can chain multiple vulnerabilities into complex exploits without being guided step by step. GPT-5.4-Cyber is positioned as a tool that removes unnecessary friction for security professionals already doing manual work. One replaces human judgment on certain tasks. The other augments it. Whether that distinction holds as capabilities continue to improve is the open question.
Why this week matters beyond the product launches
The timing here is not coincidental. Capture-the-flag benchmark scores for OpenAI’s models went from 27% on GPT-5 in August 2025 to 76% on GPT-5.1-Codex-Max in November 2025. Anthropic’s Mythos has largely stopped being measured on those benchmarks because it mostly saturates them. The trajectory is steep and it is not slowing down.
Security researcher Bruce Schneier, one of the more sceptical voices on AI hype, noted that OpenAI’s announcement looked like a response to the attention Anthropic received – a lab that doesn’t want to be seen as behind on a capability that suddenly matters. That competitive pressure is real. But it also means two of the most capable AI systems ever built for offensive security work are now in circulation, albeit in restricted form, at roughly the same moment.
The good news, if there is any: both companies are, at least publicly, trying to get defenders ahead of attackers. The vulnerabilities Mythos found – bugs sitting undetected for decades in code that runs billions of devices – are being patched rather than exploited. That is the best-case version of how this plays out. The risk is that capabilities like these don’t stay restricted for long, and the patching never quite catches up.
“We did not explicitly train Mythos to have these capabilities. They emerged as a downstream consequence of general improvements in code, reasoning, and autonomy.” – Anthropic
What this means if you’re not a security professional
Honestly? In the short term, not much changes for most people. Neither model is publicly accessible and both are specifically designed for people already working in cybersecurity. The software you use every day is arguably safer today than it was a month ago – because thousands of vulnerabilities in your operating system and browser are now being patched that might otherwise have sat there for years.
The longer-term question is harder. The same AI capabilities that are finding these bugs for defenders will eventually be accessible to attackers. The window between “only major labs have this” and “it’s available to anyone” has historically been shorter than anyone expects. What the industry does with that window – how many patches get written, how much infrastructure gets hardened – is what will actually determine whether this week’s announcements look like good news or a warning that arrived too late.
and then