OpenAI Follows Anthropic in Limiting Access to Its Cyber-Focused Model
It was only a week ago that Anthropic sent shockwaves through the cybersecurity industry with the announcement of Claude Mythos Preview, an AI frontier model so good at smoking out software security flaws – and creating exploits for them – that the com
Myth and Mythos: A Decades Old Problem in the Spotlight – FireTail Blog
It was only a week ago that Anthropic sent shockwaves through the cybersecurity industry with the announcement of Claude Mythos Preview, an AI frontier model so good at smoking out software security flaws – and creating exploits for them – that the company decided against making it generally available and instead is giving access to it to a small number of trusted companies.Now comes OpenAI, which is going down the same path with its GPT‑5.4‑Cyber, a variant of GPT‑5.4 that it, too, expects to limit access to, though the pool of the lucky verified users looks to be larger than that created by Anthropic.News of a cybersecurity-focused model leaked earlier this month, with Axios coming out with a report. OpenAI executives rolled out the details this week.“We want to empower defenders by giving broad access to frontier capabilities, including models which have been tailor-made for cybersecurity,” they wrote in a blog post, adding that the new model “lowers the refusal boundary for legitimate cybersecurity work and enables new capabilities for advanced defensive workflows, including binary reverse engineering capabilities that enable security professionals to analyze compiled software for malware potential, vulnerabilities and security robustness without needing access to its source code.”Changes in TACOpenAI has been heading down this road for a while. In February, the company quietly introduced its Trusted Access for Cyber (TAC) program after rolling out its GPT-3.5-Codex model, which executives at the time called “our most cyber-capable frontier reasoning model to date.”They described TAC as “an identity and trust-based framework designed to help ensure enhanced cyber capabilities are being placed in the right hands,” and said they were offering $10 million in API credits to fuel enhancements to cyber defenses.This week, the company said it is scaling the TAC program to thousands of verified individual defenders and hundreds of security teams that are charged with defending critical software. It’s part of a larger plan of growing the program as capabilities of the models increase.More Tiers to ClimbThe TAC program initially offered defenders an automated identity verification process and the ability to partner with a set of organization to get access to more cyber-permission models. With the expansion of the program in the wake of the release of GPT‑5.4‑Cyber is including more tiers for users who authenticate with OpenAI as defenders, with those in the highest tiers getting access to GPT‑5.4‑Cyber.OpenAI executives pointed to the principles that underline its ambitions to continue to make increasingly capable AI models while ensure that cybersecurity defenders are able to protect themselves against attackers that abuse those capabilities. Key among them is ensuring democratized access to security-focused models such as GPT‑5.4‑Cyber.“Our goal is to make these tools as widely available as possible while preventing misuse,” they wrote, noting that they want to avoid decisions on access to be arbitrary by relying strong identity verification and know-your-customer process. “Ultimately, we aim to make advanced defensive capabilities available to legitimate actors large and small, including those responsible for protecting critical infrastructure, public services, and the digital systems people depend on every day.”Mythos a Hard Act to FollowOpenAI’s message didn’t have the same urgency that came with Mythos, with Anthropic executives writing that they found that the model made it easier for even less technical users to quickly abuse the vulnerabilities that were found.“We did not explicitly train Mythos Preview to have these capabilities,” they wrote. “Rather, they emerged as a downstream consequence of general improvements in code, reasoning, and autonomy. The same improvements that make the model substantially more effective at patching vulnerabilities also make it substantially more effective at exploiting them.”The impact made by Anthropic’s introduction of Mythos Preview – and the move to make is the foundation of its Project Glasswing, an initiative to make software more secure – continues to ripple through the industry.U.S. Treasury Secretary Scott Bessent and Jerome Powell, chairman of the Federal Reserve, last week called a meeting with the CEOs of most of the largest banks in the country – including Citi, Bank of America, and Wells Fargo – to warn them of the cybersecurity risks that come with Mythos Preview and cautioning them about using the model in their systems.Heightened ThreatsThis week, the Cloud Security Alliance this week released a paper, “The ‘AI Vulnerability Storm’: Building a ‘Mythos-ready’ Security Program,” aimed at security leaders. In the executive summary, the authors said that Mythos has “significantly increased” the likelihood that bad actors will find new vulnerabilities, create new exploits, and use them in complex and automated attacks at scale.They wrote that “while AI also increases the speed of patch development and reduces defects in new software, defenders still face a heavier relative burden due to the inherent limitations of patching. Attackers gain asymmetric benefits.”Urgency, Not ReassuranceBradley Smith, senior vice president and deputy CISO for BeyondTrust, said that Glasswing – with initial members Amazon Web Services, Anthropic, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, Nvidia, and Palo Alto Networks – help defenders find and fix vulnerabilities faster than humans can, it’s not giving security pros a head start. Threat actors – both financially motivated and linked to nation-states – already have AI working for them.“What Mythos and Glasswing should signal to leadership is not reassurance,” Smith said. “It is urgency. If Anthropic’s own assessment is that this model is too dangerous to release publicly because of what it could do in the wrong hands, that tells you something about what less capable but freely available models are already doing in the wrong hands right now.”
About Author
