A person familiar with the matter revealed that OpenAI is finalizing a new model with advanced network security capabilities and plans to only provide it to a small number of enterprise customers, similar to Anthropic's small-scale release of its network security model "Mythos". The reason why it attracts attention is that artificial intelligence is considered by many security experts to have reached a "critical point" in terms of autonomy and hacking capabilities. Model development companies are now increasingly worried about the real-life damage that their own tools may cause, so much so that they are unwilling to completely "release" it into the public environment.
On Tuesday, Anthropic announced that its new model "Mythos Preview" will only be open to a small number of carefully selected technology and cybersecurity companies because the model has very advanced intrusion and exploitation capabilities, raising concerns about potential abuse. At that time, Anthropic was the first AI company to adopt such strict restrictions on its new model release strategy, and now OpenAI has been revealed to be planning to take a similar path.
Looking at the details, OpenAI launched a pilot project called "Trusted Access for Cyber" in February this year after launching GPT-5.3-Codex, which has the strongest network security reasoning capabilities to date. Organizations invited to join the closed program will gain access to higher cyber offensive and defensive capabilities or a higher "forgiving" model to accelerate legal defensive security efforts, according to a company blog. OpenAI also promised at the time that it would provide a total of US$10 million in API quota support to project participants for related experiments and deployment.
The larger context is that over the past year, multiple former government officials and top security leaders have been sounding the alarm, warning that if they fall into the wrong hands, some AI models may one day be able to disrupt water systems, power networks, and even financial infrastructure without human intervention. These capabilities, previously regarded as "future scenarios," are now beginning to take shape in the eyes of industry insiders.
However, even if AI companies temporarily "tighten the floodgates" through limited pilots and phased releases, top security experts generally believe that the overall trend is difficult to reverse. "You can't prevent the model from doing code enumeration or finding loopholes in the old code base. This ability already exists objectively." Rob T. Lee, chief AI officer of the SANS Institute, pointed out. Wendi Whitmore, chief security intelligence officer at Palo Alto Networks, said in a roundtable discussion at the HumanX conference in San Francisco that there may only be a few weeks or months left before the next model with similar capabilities emerges and flows into a more open environment. Adam Meyers, CrowdStrike's senior vice president of countermeasures, described the capabilities demonstrated by Mythos as "a wake-up call for the entire industry."
In the view of some security practitioners, if the company is really worried about the model's ability to "write new attack and exploit programs" rather than just "helping people find existing vulnerabilities", then it would be more "reasonable" to limit the launch scope of cutting-edge models and implement batch release. Stanislav Fort, CEO of Aisle Security Company, told Axios that the ability to automatically generate a new vulnerability exploitation chain is more potentially threatening to the ecosystem than simply discovering flaws, so it needs to be verified slowly in a controlled environment.
Some experts also pointed out that the current large-scale model is opened in stages, which is to some extent very similar to the way traditional network security vendors disclose software vulnerability information. Lee believes that this is highly similar to the debate that the industry has had over the years around "responsible vulnerability disclosure": how to balance the timing and scope between disclosing risks and providing patches is a repeatedly discussed issue. The difference is that what was "delayed in disclosure" this time is no longer a single software vulnerability, but a general intelligent tool that may greatly amplify attack and defense capabilities.
It’s unclear whether OpenAI will bring this upcoming cybersecurity model to the market more broadly at some point in the future. In contrast, Anthropic has made it clear that it will not fully release the Mythos Preview to the public, but if it can be equipped with strong enough safety guardrails in the future, it does not rule out the possibility of considering a wider range of openings for other models in the Mythos series. At the same time, research teams such as Aisle also reminded that existing AI models widely available on the market can already find a considerable number of vulnerabilities and exploit paths in Mythos demonstration cases. This means that what truly constitutes the security "moat" is probably more the systems and processes built around the model, rather than the "volume" and "generation" of the model itself.