TL;DR
Anthropic and OpenAI both released cybersecurity-focused AI models with restricted access. Anthropic's Mythos Preview (Project Glasswing) found thousands of zero-day vulnerabilities across all major operating systems and browsers — many 10-20 years old. OpenAI's GPT-5.3-Codex follows a similar path through their "Trusted Access for Cyber" program. This is the first time AI companies have self-restricted models due to security concerns.
What's Anthropic Mythos Preview?
Codenamed Project Glasswing, Mythos Preview was leaked via Fortune on March 26, 2026 before Anthropic officially confirmed it. Here's what we know:
- Access: Limited to 40+ vetted companies (Amazon, Apple, Microsoft, Cisco, CrowdStrike, Palo Alto Networks, Linux Foundation, Broadcom)
- Capability: Found thousands of zero-day vulnerabilities across all major OSes and web browsers
- Key finding: Many vulnerabilities were 10-20 years old — bugs human security researchers never caught
- Investment: $100M in preview credits + $4M direct donation to open source security organizations
The fact that Anthropic restricted access to their own model is unprecedented. They essentially said: "This is too powerful to release publicly."
OpenAI's Parallel Move
OpenAI isn't sitting still. Their approach:
- Trusted Access for Cyber pilot launched February 2026
- GPT-5.3-Codex: Their most cyber-capable reasoning model (separate from the Spud model)
- $10M API credits for participants
- Identity & trust-based access framework — you need to be vetted to use it
# The restricted access hierarchy
Public models → Limited capability
Trusted Access → Vetted organizations only
Full Mythos/Codex → 40+ selected partners
What Security Experts Are Saying
The cybersecurity community response has been remarkably consistent:
"You can't stop the ability to look at code and find vulnerabilities in old codebases. That capability already exists." — Rob T. Lee, SANS Institute (Chief AI Officer)
"Similar capability models will appear within weeks to months." — Wendi Whitmore, Palo Alto Networks CSIO
CrowdStrike's Adam Meyers called Mythos capabilities a "wake-up call for the entire industry."
AISLE CEO Stanislav Fort raised a critical point: model restrictions only matter if they focus on exploit-writing capability, not bug-finding. Public models can already find some of the same vulnerabilities Mythos discovered.
The Core Dilemma for Developers
This creates a dual-use problem that developers need to understand:
AI Cybersecurity Capability
├── Defense (good)
│ ├── Automated vulnerability scanning
│ ├── Patch generation
│ └── Security code review
└── Offense (dangerous)
├── Zero-day discovery at scale
├── Autonomous exploit generation
└── Infrastructure attack capability
The same AI that can audit your codebase for vulnerabilities can potentially write exploits for water systems, power grids, and financial infrastructure.
What This Means Going Forward
- AI-powered security tools will become standard — expect your CI/CD pipeline to include AI vulnerability scanning within a year
- Access controls matter more than ever — the "trusted access" model will likely become the norm for powerful AI capabilities
- The responsible disclosure debate is back — but now it's about entire AI models, not individual vulnerabilities
- Defense investment is mandatory — Anthropic's $100M commitment signals the scale required
Key Takeaway
This is the first time AI companies have self-restricted their own models due to capability concerns. Whether you see this as responsible AI development or just buying time, the implication is clear: AI autonomous hacking is no longer theoretical.
What are your thoughts on AI companies restricting their own cybersecurity models? Is this the right approach?
Sources: Axios | Anthropic Official | OpenAI Trusted Access
Top comments (0)