OpenAI Follows Anthropic with Limited Cybersecurity AI Rollout

The artificial intelligence race has entered a new phase where companies are actively restricting access to their most powerful models. OpenAI is finalizing a cybersecurity-focused product with limited distribution to a small set of partners, according to reporting from Axios. This move comes just days after Anthropic announced its own restricted rollout of the Mythos Preview model.

Anthropic's announcement on April 7, 2026, marked a turning point. The company revealed that Claude Mythos Preview could identify and exploit zero-day vulnerabilities across every major operating system and web browser. Engineers with no formal security training asked the model to find remote code execution vulnerabilities overnight and woke up to complete, working exploits the next morning. (This is the kind of capability that keeps security researchers up at night.)

The technical reality is stark. Mythos Preview achieved full control flow hijack on ten separate, fully patched targets during internal testing. In contrast, previous models like Opus 4.6 reached tier 3 severity crashes only once across roughly 7,000 entry points. The same improvements that make models better at patching vulnerabilities also make them substantially more effective at exploiting them.

Anthropic responded with Project Glasswing, a coordinated defensive initiative. The program brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic is committing up to $100 million in usage credits for Mythos Preview across these efforts, plus $4 million in direct donations to open-source security organizations.

OpenAI's approach differs in structure but shares the same underlying concern. The company introduced its "Trusted Access for Cyber" pilot program in February 2026 after rolling out GPT-5.3-Codex, its most cyber-capable reasoning model. Organizations in the invite-only program receive access to even more cyber-capable or permissive models to accelerate legitimate defensive work. OpenAI committed $10 million in API credits to participants.

Security leaders have been warning about this moment for over a year. Former government officials and top security leaders have raised alarms about AI models that could autonomously disrupt water utilities, the electric grid, or financial systems. Those capabilities now appear to be here.

Rob T. Lee, chief AI officer at the SANS Institute, noted that you can't stop models from doing code enumeration or finding flaws in older codebases. That capability exists now. Wendi Whitmore, chief security intelligence officer at Palo Alto Networks, told Axios during a panel at the HumanX conference in San Francisco that it's only a matter of weeks or months before there's a new model with similar capabilities out in the wild.

Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, called Mythos' capabilities a wake-up call for the entire industry. The physical reality of this technology is that it can chain together multiple vulnerabilities, write complex JIT heap sprays that escape both renderer and OS sandboxes, and autonomously obtain local privilege escalation exploits by exploiting subtle race conditions.

Stanislav Fort, CEO of security firm Aisle, suggested that restricting the rollout of a new frontier model makes more sense if companies are concerned about models' ability to write new exploits rather than about their ability to find bugs in the first place. Lee added that staggering the release of new AI models looks a lot like how cybersecurity vendors currently handle the disclosure of security flaws in software.

It's the same debate we've had for decades around responsible vulnerability disclosure. The difference now is the speed and scale at which these capabilities can be deployed.

Researchers at AISLE found that widely available AI models are already capable of finding some of the vulnerabilities and exploits that Mythos uncovered. This creates a fundamental tension: defensive organizations need these tools to stay ahead, but the same tools could fall into the wrong hands.

Over 99% of the vulnerabilities Anthropic found have not yet been patched, making it irresponsible to disclose details about them. Yet even the 1% of bugs they are able to discuss give a clear picture of a substantial leap in what the next generation of models' cybersecurity capabilities warrant.

The current global financial costs of cybercrime might be around $500 billion every year. State-sponsored attacks from actors like China, Iran, North Korea, and Russia have threatened to compromise infrastructure that underpins both civilian life and military readiness. Even smaller-scale attacks where individual hospitals or schools are targeted can still inflict substantial economic damage and expose sensitive data.

Whether users actually pay for these restricted access programs remains the real question. The technology exists, the partnerships are forming, and the defensive work is beginning. But the window for maintaining a defensive advantage is closing rapidly as these capabilities proliferate beyond actors committed to deploying them safely.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn