Originally published at news.skila.ai
Anthropic's Claude Mythos found thousands of zero-day vulnerabilities in every major operating system and every major web browser. One week later, OpenAI dropped GPT-5.4-Cyber with binary reverse engineering capabilities that let security professionals analyze compiled software without source code. Both models are too dangerous for the general public. Neither company will let you use them.
This is the AI cybersecurity arms race. It started quietly. It just went public.
Two Models, One Week Apart
On April 7, 2026, Anthropic announced Project Glasswing. The initiative deploys Claude Mythos Preview, Anthropic's most capable model to date, exclusively for defensive cybersecurity. Twelve launch partners got access: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks.
Anthropic committed $100 million in usage credits. Another $2.5 million went to Alpha-Omega and OpenSSF through the Linux Foundation. The Apache Software Foundation received $1.5 million. When the preview ends, pricing locks at $25 per million input tokens and $125 per million output tokens.
Exactly seven days later, on April 14, OpenAI unveiled GPT-5.4-Cyber. This is a purpose-built fine-tune of GPT-5.4 with fewer refusal boundaries on legitimate security work. The model ships with binary reverse engineering: the ability to analyze compiled software for malware, vulnerabilities, and security weaknesses, all without source code.
The timing is not a coincidence.
What Mythos Actually Found
Claude Mythos Preview found vulnerabilities that human researchers missed for decades. The oldest: a 27-year-old bug in OpenBSD. A 16-year-old flaw in FFmpeg. A privilege escalation in the Linux kernel. Anthropic disclosed thousands of previously unknown zero-day vulnerabilities across every major OS and browser.
The benchmark numbers tell the story of how far ahead Mythos is from publicly available models. On CyberGym, which tests vulnerability reproduction, Mythos scored 83.1%. Claude Opus 4.6, the strongest public model, managed 66.6%. On SWE-bench Verified, Mythos hit 93.9% versus Opus 4.6's 80.8%. On SWE-bench Pro, the gap widened further: 77.8% versus 53.4%. Terminal-Bench 2.0 showed a similar pattern: 82.0% versus 65.4%.
The most striking example: Mythos autonomously discovered and exploited a 17-year-old remote code execution vulnerability in FreeBSD's NFS implementation. No human guidance. The model found the bug, wrote the exploit, and confirmed root access on a target machine. This was triaged as CVE-2026-4747.
That capability is exactly why Anthropic refuses to release it publicly.
How OpenAI's Approach Differs
Anthropic picked a lock-and-key strategy. Twelve pre-vetted corporations. $100 million in credits to make it worth their while. A 90-day reporting commitment on learnings and disclosures. No individual access. No self-serve signup.
OpenAI chose a different path. The Trusted Access for Cyber (TAC) program, launched in February 2026, now expands with a tiered verification system. Individual security professionals can verify their identity at chatgpt.com/cyber. Enterprises go through OpenAI representatives. Higher verification tiers unlock more powerful capabilities, with GPT-5.4-Cyber available to the highest tier.
OpenAI plans to scale access to thousands of individuals and hundreds of security teams. Anthropic limits access to 12 organizations.
The philosophical difference is real. Anthropic says: the model is too dangerous, so we deploy it behind a wall with a dozen trusted partners. OpenAI says: the model is too important to lock away, so we build a verification pipeline and open it wider.
Both positions are defensible. Neither is obviously correct.
The Capabilities Gap Between Cyber AI and Public AI
GPT-5.4-Cyber is described as a "cyber-permissive" variant. That phrase matters. Standard GPT-5.4 refuses many security-adjacent requests. Ask it to analyze a binary for exploit vectors and it will hedge, caveat, or decline. GPT-5.4-Cyber has those guardrails loosened for legitimate defensive work.
Binary reverse engineering is the headline feature. Security researchers routinely analyze compiled software to find vulnerabilities, understand malware behavior, and assess supply chain risks. Doing this manually with tools like IDA Pro, Ghidra, or Binary Ninja requires deep expertise and hours of work per binary. An AI that can perform this analysis at scale changes the economics of vulnerability research.
Mythos takes a different approach. Rather than loosening guardrails on an existing model, Anthropic built a model that is fundamentally more capable at security tasks. The CyberGym benchmark gap (83.1% vs 66.6%) is not about permissions. Mythos understands code, systems, and attack surfaces at a deeper level than its public siblings.
Both approaches converge on the same uncomfortable truth: the most capable AI for finding software vulnerabilities is also the most capable AI for exploiting them. The same model that discovers a zero-day can write the exploit code. Defensive and offensive capabilities are the same capability viewed from different angles.
Why Neither Model Is Public
The dual-use problem is not hypothetical. Consider what Mythos demonstrated: autonomous discovery and exploitation of a 17-year-old RCE vulnerability in FreeBSD. If that model were available through an API, any attacker could point it at any software and receive a list of exploitable vulnerabilities with working proof-of-concept code.
The math is brutal. Trained security researchers are scarce. There are roughly 1.1 million cybersecurity professionals in the US. An AI model that can find zero-days autonomously effectively gives every person with API access the vulnerability research capability of an elite security team.
Defenders need the capability more than attackers. Most organizations cannot afford dedicated vulnerability researchers. They patch known CVEs and hope for the best. An AI that proactively finds vulnerabilities in their stack before attackers do would be transformative. But the same AI, in adversarial hands, would be catastrophic.
This is why both companies restrict access. The question is not whether AI should do cybersecurity work. It already does. The question is who gets to use it.
The Business Stakes
Cybersecurity is a $200+ billion market. AI-powered security tools are the fastest-growing segment. Both Anthropic and OpenAI are making strategic bets that controlling the most capable cyber AI models creates durable competitive advantages.
For Anthropic, Project Glasswing positions Mythos as the gold standard for enterprise security. If CrowdStrike integrates Mythos into its threat detection platform, or if Microsoft builds it into Windows Defender's backend, that creates deep vendor lock-in. The $100 million in credits is not charity. It is customer acquisition.
For OpenAI, the TAC program builds a direct relationship with the security community. Thousands of individual researchers and hundreds of security teams, all verified, all using GPT-5.4-Cyber through OpenAI's platform. That is a customer base that competitors cannot easily poach.
The first-mover advantage matters here more than in most AI markets. Security teams that build workflows around one model's capabilities will not switch easily. The cost of retraining analysts, rebuilding integrations, and re-validating results is high enough to create genuine switching costs.
What This Means for the Industry
Three things are now clear.
First, specialized AI models for cybersecurity are a distinct product category. General-purpose models like GPT-5.4 and Claude Opus 4.6 are not sufficient for serious security work. The benchmark gaps prove this. Expect every major AI lab to release a cyber variant within 12 months.
Second, access control for powerful AI models is becoming a policy question, not just a product decision. Both companies are inventing verification frameworks in real time. OpenAI's tiered TAC program and Anthropic's partner-only model are competing approaches to the same regulatory void. Governments have not caught up. The companies are self-regulating by necessity.
Third, the arms race metaphor is accurate but incomplete. Unlike nuclear weapons, AI cyber capabilities improve on a quarterly release cycle. Mythos today finds thousands of zero-days. The next version will find more. GPT-5.4-Cyber today does binary reverse engineering. The next version will do it faster and deeper. The defensive-offensive balance shifts with every model release.
If you work in security, the tools are here. The only question is whether you qualify for access. For AI security tools available to everyone, browse our directory. For open-source security research tools and repositories, check our curated listings. For analysis on how AI models compare on security benchmarks, follow news.skila.ai.
The Bigger Picture
One year ago, no AI lab had a dedicated cybersecurity model. Today, the two leading AI companies released competing cyber models within seven days of each other. Both are too powerful for public access. Both required new access frameworks that did not exist six months ago.
The velocity is staggering. Anthropic went from "Claude can help with code" to "Claude found thousands of zero-days in every major OS" in under a year. OpenAI went from "GPT can assist security researchers" to "GPT can reverse-engineer compiled binaries" in the same timeframe.
The next 12 months will determine whether this capability concentrates in the hands of a few large corporations or distributes more broadly through tiered access programs. Anthropic is betting on concentration. OpenAI is betting on controlled distribution. The market, regulators, and the security community will decide which approach wins.
But the AI cybersecurity arms race itself? That is already decided. It is happening. The only variable is pace.
Frequently Asked Questions
What is GPT-5.4-Cyber?
GPT-5.4-Cyber is OpenAI's specialized cybersecurity model, launched April 14, 2026. It is a fine-tuned variant of GPT-5.4 with fewer refusal boundaries on security tasks and binary reverse engineering capabilities. Access is restricted through the Trusted Access for Cyber (TAC) program, where vetted security professionals verify their identity at chatgpt.com/cyber.
What is Anthropic Project Glasswing?
Project Glasswing is Anthropic's cybersecurity initiative announced April 7, 2026. It deploys Claude Mythos Preview, Anthropic's most capable model, to 12 elite partners including AWS, Apple, Google, Microsoft, and CrowdStrike. Anthropic committed $100 million in usage credits. Mythos found thousands of zero-day vulnerabilities across every major operating system and browser. The model is not available to the general public.
How does GPT-5.4-Cyber compare to Claude Mythos?
Both are specialized cybersecurity AI models restricted from public access. Mythos has published benchmarks showing it outperforms Claude Opus 4.6: 83.1% on CyberGym vs 66.6%, and 93.9% on SWE-bench Verified vs 80.8%. OpenAI has not published comparative benchmarks for GPT-5.4-Cyber. The key difference is access: Anthropic limits Mythos to 12 partner organizations, while OpenAI plans to expand GPT-5.4-Cyber to thousands of individually verified security professionals.
Can I access GPT-5.4-Cyber or Claude Mythos?
Neither model is available to the general public. For GPT-5.4-Cyber, individual security professionals can apply through OpenAI's TAC program at chatgpt.com/cyber with identity verification. Enterprise access is available through OpenAI representatives. For Claude Mythos, access is currently limited to the 12 Project Glasswing launch partners. Anthropic plans a Cyber Verification Program for legitimate security professionals but has not announced a timeline.
What zero-day vulnerabilities did Claude Mythos find?
Anthropic reported thousands of previously unknown vulnerabilities in every major operating system and browser. Specific examples include a 27-year-old OpenBSD bug, a 16-year-old FFmpeg flaw, a Linux kernel privilege escalation, and a 17-year-old remote code execution vulnerability in FreeBSD's NFS implementation (triaged as CVE-2026-4747) that Mythos discovered and exploited fully autonomously.
Originally published at news.skila.ai
Top comments (0)