Two AI companies just built models that can find security holes in software — the kind of holes that hackers exploit to steal data, shut down hospitals, and drain bank accounts.
One company decided to give access to thousands of people. The other locked it down to 12 organizations.
Same problem. Opposite strategies. And if you work anywhere near technology, the outcome of this bet affects you directly.
What Actually Happened
Within seven days of each other, both OpenAI and Anthropic shipped cybersecurity-focused AI models that make everything before them look like a toy.
April 7-12: Anthropic announced Claude Mythos Preview and Project Glasswing — a model so good at finding vulnerabilities that they refused to release it publicly. Instead, they gave it to a tight circle of partners like Apple, Google, Microsoft, and CrowdStrike under heavy restrictions.
April 14: OpenAI fired back with GPT-5.4-Cyber, a version of its flagship GPT-5.4 specifically tuned for defensive cybersecurity. But instead of locking it down, they’re scaling access to thousands of verified security professionals through their Trusted Access for Cyber (TAC) program.
The result? A philosophical split that security researchers are already calling the most consequential AI policy debate of 2026.
What Is GPT-5.4-Cyber?
If you’re not in cybersecurity, here’s the short version: GPT-5.4-Cyber is a specialized version of OpenAI’s latest AI model that’s been fine-tuned to help security teams find and fix software vulnerabilities. Think of it like a regular AI assistant that’s been given a security clearance and a set of tools most AI models aren’t allowed to touch.
The three big capabilities that matter:
Binary reverse engineering. This is the headline feature. GPT-5.4-Cyber can analyze compiled software — the finished product that runs on your computer — and find vulnerabilities without needing the original source code. Before this, finding bugs in compiled software meant hiring specialized reverse engineers who could spend weeks on a single application. Now an AI can do the initial scan.
Lowered refusal boundaries. Regular AI models refuse to discuss exploit details, vulnerability chains, and attack techniques. GPT-5.4-Cyber loosens those restrictions for verified defenders. It’ll walk you through how a vulnerability works, why it’s dangerous, and how to fix it — conversations that standard ChatGPT would shut down.
Codex Security integration. OpenAI’s automated vulnerability scanning tool has already contributed to fixing over 3,000 critical and high-severity bugs across customer codebases. GPT-5.4-Cyber builds on that foundation.
How to Get Access
The access process runs through OpenAI’s Trusted Access for Cyber (TAC) program, which launched in February 2026 and has since expanded to thousands of individual defenders and hundreds of security teams.
Two paths in:
- Individual defenders verify their identity at chatgpt.com/cyber — government ID, real name, the works
- Enterprise teams request access through an OpenAI representative
There’s a catch, though. Basic TAC access just removes some restrictions on existing models. To actually get GPT-5.4-Cyber, you need to fill out a second form for a higher access tier. And at the highest tiers, you may need to waive Zero-Data Retention — meaning OpenAI can see what you’re doing with the model.
Nobody’s published pricing yet.
What Is Claude Mythos?
Mythos is Anthropic’s frontier model — a step up from Claude Opus 4.6 in reasoning, coding, and cybersecurity. But unlike GPT-5.4-Cyber, it isn’t a specialized cybersecurity variant. It’s a general-purpose model whose security capabilities are so strong that Anthropic decided the world wasn’t ready for open access.
Here’s what the testing showed:
73% success rate on expert-level cyber tasks. The UK’s AI Safety Institute (AISI) ran evaluations and found that Mythos succeeds on tasks no previous AI model could complete before April 2025. For context, the previous generation of models scored in the mid-60s on similar benchmarks.
Thousands of zero-day vulnerabilities discovered. During internal testing and early partner pilots, Mythos autonomously found critical bugs across every major operating system and web browser — including a 27-year-old bug in OpenBSD and a 17-year-old remote code execution flaw in FreeBSD. Anthropic’s engineers reportedly got working RCE exploits overnight just by asking the model to look for them.
First model to complete a full multi-stage attack simulation. AISI tested Mythos on a 32-step attack scenario called TLO. It completed the entire chain from start to finish in 3 out of 10 attempts, averaging 22 out of 32 steps across all tries. No other model has done this.
But there’s an important caveat. Those tests were run on stripped-down environments without live defenders, endpoint detection, or real-time incident response. Mythos can attack weakly-defended systems autonomously. That’s not the same as breaching a hardened enterprise network.
And some security researchers are skeptical of the bigger claims. One detailed breakdown on X pointed out that Anthropic’s full cybersecurity report was only 7 pages out of a 244-page document, with “zero CVEs listed, zero hard numbers, zero proof.” The 73% success rate allegedly leans heavily on two bugs that a previous model had already found — remove those, and the figure reportedly drops to 4.4%.
Take those specific numbers with a grain of salt. But the skepticism itself matters — it highlights that independent verification of these claims is still thin.
The Numbers Side by Side
| GPT-5.4-Cyber | Claude Mythos | |
|---|---|---|
| Released | April 14, 2026 | April 7-12, 2026 |
| Model type | Specialized defensive cybersecurity variant of GPT-5.4 | General frontier model with strong cyber capabilities |
| Key capability | Binary reverse engineering without source code | Autonomous zero-day discovery across all major OS/browsers |
| CTF benchmarks | 27% (GPT-5) → 76% (GPT-5.1-Codex-Max) | 73-83% on expert-level cyber tasks (AISI/CyberGym) |
| Real-world track record | 3,000+ critical/high-severity vulns fixed via Codex Security | Thousands of zero-days found (unverified count) |
| Access model | TAC program: thousands of defenders, hundreds of teams | Project Glasswing: 12 core partners + ~40 organizations |
| Who gets in | Any verified security professional | Apple, Google, Microsoft, CrowdStrike, JPMorgan + select orgs |
| Cost | Unknown (no pricing published) | $100M in usage credits from Anthropic for partners |
| Identity verification | Government ID + real name + tiered access | Organizational partnership only |
| Refusal policy | Lowered for verified defenders | Not publicly released — no refusal data available |
The Real Debate: Open Access vs. Lockdown
This is where it gets interesting — and where your opinion probably depends on your threat model.
OpenAI’s Bet: Arm the Defenders
OpenAI’s argument is straightforward: there are way more defenders than attackers, so give defenders better tools. The TAC program verifies identities, graduates access by trust level, and monitors usage. It’s not open to everyone — but it’s open to thousands, not dozens.
The logic makes sense on paper. Most cyberattacks succeed not because attackers have better tools, but because defenders are overwhelmed and understaffed. Give a SOC analyst binary reverse engineering capabilities and they can triage threats that would’ve taken a specialist team days to analyze.
But critics are raising uncomfortable questions.
As one security architect put it: “The company deciding who is trustworthy enough to wield offensive security AI is the same company that got supply-chain attacked.” And the dual-use problem is real — a model fine-tuned to find vulnerabilities is, by definition, a model that knows where to look for them. The difference between offense and defense is just a credential.
“Who verifies the verifiers?” asked another researcher. It’s not a rhetorical question.
Anthropic’s Bet: Lock It Down
Anthropic’s logic runs in the opposite direction: Mythos is too capable to distribute widely, so restrict it to organizations that can handle the responsibility. Twelve core partners. About forty organizations total. Heavy governance, audit logging, strict scope.
The Glasswing partners read like a who’s-who of critical infrastructure: Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorgan Chase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. Anthropic committed $100 million in usage credits and $4 million in direct donations to open-source security organizations.
The criticism here is equally sharp. Those organizations represent — and someone actually calculated this — roughly 0.00001% of internet infrastructure operators. Everyone else is on their own.
And some observers see a marketing play behind the safety framing. “Position your model as too dangerous for the public,” one podcast host noted, “and you’ve turned a safety claim into a marketing campaign.”
That’s harsh. But it’s worth noting that Coinbase’s Chief Security Officer is already pursuing Mythos access for threat detection, which suggests the scarcity is creating real demand — whether that was the intention or not.
What Nobody’s Talking About Yet
Three gaps jumped out across all the coverage, security community posts, and analyst takes:
1. Hallucination rates in security contexts. One of the smartest questions we found came from a small account: “What’s the hallucination rate? In security, confident and wrong is the worst outcome.” Neither OpenAI nor Anthropic has published accuracy data specific to cybersecurity tasks. When a model confidently tells you a vulnerability exists (and it doesn’t), or worse, tells you code is safe (and it isn’t), the consequences aren’t abstract. Nobody’s testing for this systematically yet.
2. The training gap. Security expert Robert M. Lee raised this on X (120 likes, which in security-nerd circles is a lot): “Is everyone fully aware of what to do with them once they get their hands on them?” Giving a SOC analyst access to GPT-5.4-Cyber is one thing. Teaching them how to use it effectively — what to trust, what to verify, how to integrate it into existing workflows — is a completely different problem. And there’s no training material yet.
3. SIEM and SOC integration. We searched extensively for any discussion of how these models plug into existing security infrastructure — Splunk, QRadar, CrowdStrike Falcon, Palo Alto Cortex. Nothing. Zero posts. No integration guides, no API documentation for security workflows, no vendor announcements about GPT-5.4-Cyber or Mythos connectors. For enterprise security teams, the toolchain question matters more than raw capability.
What This Means for You
If you’re a security professional: Start the TAC application process now. Even if you don’t need GPT-5.4-Cyber today, having verified access when you do need it beats scrambling later. Go to chatgpt.com/cyber for individual verification, and ask your manager about enterprise-tier access if your team is big enough.
If you’re a CISO or security leader: Don’t wait for Glasswing access — you’re probably not getting it unless you’re at a Fortune 100. Instead, evaluate GPT-5.4-Cyber as a triage assistant for code review, a reverse-engineering aide for your malware analysis team, and a policy-constrained co-pilot for CI/CD security. Start with one narrow use case and expand from there. And ask your key vendors whether they’re in Glasswing — that’s how Mythos will reach most organizations indirectly.
If you’re a developer who writes code (and worries about security): These tools don’t replace your security team. But they signal where things are heading. AI-assisted vulnerability scanning is becoming standard. The code you ship today will increasingly be reviewed by models like these. Write defensively. And if you haven’t looked at AI-assisted code review tools yet, now’s the time.
If you use AI at work but aren’t in security: This matters because the software you rely on every day — your email, your banking app, your hospital’s medical records system — is about to get a lot more scrutiny from AI models that can find bugs humans miss. That’s mostly good news. The uncomfortable part is that the same technology, in the wrong hands, makes those systems easier to attack too.
The race is on. And right now, nobody knows which approach — open access or lockdown — will prove correct.
The Bottom Line
GPT-5.4-Cyber and Claude Mythos represent two genuine philosophies about how to handle AI that’s good at breaking things.
OpenAI is betting that more defenders with better tools beats a small elite with the best tools. Anthropic is betting that some capabilities are too dangerous to distribute, even to the good guys.
Both have evidence on their side. Neither has enough data to prove the other wrong. And the next 12 months will tell us which bet paid off — measured not in benchmarks, but in actual breaches prevented and actual damage done.
The Japanese security community summed it up perfectly: “二社の戦略はまるで逆” — the two companies’ strategies are the complete opposite. Which approach is correct?
We don’t know yet. But we’re watching closely.
Sources:
- OpenAI: Scaling Trusted Access for Cyber Defense
- The Hacker News: OpenAI Launches GPT-5.4-Cyber
- TechRadar: OpenAI Reveals Its Mythos Rival
- AISI UK: Evaluation of Claude Mythos Preview’s Cyber Capabilities
- Anthropic: Project Glasswing
- CyberScoop: OpenAI Expands Trusted Access for Cyber
- Axios: OpenAI Rolls Out Tiered Access to Advanced AI Cyber Models
- Help Net Security: OpenAI GPT-5.4-Cyber for Vetted Researchers
- Schneier on Security: On Anthropic’s Mythos Preview and Project Glasswing
- Business Today: OpenAI Launches GPT-5.4-Cyber
