OpenAI and Anthropic Launch Specialized AI Cybersecurity Models
OpenAI and Anthropic have released restricted AI models capable of discovering software vulnerabilities, prompting urgent security reviews by global financial regulators and government agencies.
Artificial intelligence labs Anthropic and OpenAI have launched specialized cybersecurity models capable of identifying and exploiting zero-day vulnerabilities at unprecedented scales. Anthropic's Claude Mythos Preview can autonomously discover high-severity flaws, including a 27-year-old Linux kernel vulnerability, and has simulated a full network takeover. To manage these risks, Anthropic established Project Glasswing, granting restricted access to a small circle of partners including Microsoft, Google, Apple, and JPMorgan Chase.
OpenAI responded by releasing GPT-5.4-Cyber, a cyber-permissive model designed for defensive tasks such as binary reverse engineering. Unlike Anthropic's tight circle, OpenAI is employing a tiered rollout via its Trusted Access for Cyber (TAC) program, providing access to thousands of vetted security professionals and partners like CrowdStrike and NVIDIA. OpenAI also hosted a demonstration in Washington, D.C., for federal cyber practitioners and is vetting Five Eyes intelligence partners for access.
These developments sparked immediate alarm among global regulators. U.S. Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell summoned Wall Street executives to secure legacy banking systems. Similar risk assessments were initiated by the European Central Bank and the Bank of Canada. While the National Security Agency has begun using Mythos, the Pentagon issued a formal supply-chain risk designation against Anthropic. Experts warn that the window between vulnerability disclosure and exploitation has collapsed to less than four hours, signaling a shift where AI may outpace human defenders.