By OpenAI is preparing to release a new model with advanced cybersecurity capabilities — but only to a carefully vetted group of companies, mirroring the approach Anthropic took this week with its Mythos Preview model, according to a source familiar with the plans.
The move reflects a quietly spreading anxiety inside AI labs: that the tools they’re building have become capable enough to cause serious harm if released without restriction.
Anthropic made the first move Tuesday, announcing it would limit Mythos Preview to a hand-picked set of technology and cybersecurity firms, citing the model’s advanced hacking capabilities. It was an unusual step — the first time a frontier AI company had held back a new model on those grounds. OpenAI is now preparing to follow suit.
OpenAI has been laying the groundwork for some time. In February, after releasing GPT-5.3-Codex — its most cyber-capable reasoning model — the company launched an invite-only “Trusted Access for Cyber” pilot program, granting select organizations access to more permissive models for defensive security research, backed by $10 million in API credits.
The underlying concern is no longer hypothetical. Former government officials and senior security leaders have spent the past year warning that AI models could eventually be used to autonomously attack water utilities, power grids, or financial systems. That threshold, by most accounts, has now been crossed.
But the experts are also clear-eyed about what restricted rollouts can and can’t accomplish. “You can’t stop models from doing code enumeration or finding flaws in older codebases,” said Rob T. Lee, chief AI officer at the SANS Institute. “That capability exists now.” Wendi Whitmore of Palo Alto Networks put a blunter timeline on it: a model with similar capabilities will be in the wild within weeks or months regardless. CrowdStrike’s Adam Meyers called Mythos a “wake-up call” for the industry.
There’s a narrower argument for caution, too. Restricting a model makes more strategic sense when the concern is a model’s ability to write new exploits — rather than simply find existing bugs — according to Stanislav Fort, CEO of security firm Aisle. The latter capability, researchers at Aisle noted this week, is already present in widely available models.
What the staggered approach does resemble, Lee pointed out, is the long-standing practice of responsible vulnerability disclosure in cybersecurity — releasing details of a flaw to vendors before going public, to give defenders a head start. Whether that analogy holds for AI models at scale is untested.
One significant unknown remains: OpenAI hasn’t committed to keeping its new model restricted indefinitely. Anthropic has said Mythos Preview will never see a public release, though it left the door open for other Mythos variants with adequate safeguards. OpenAI’s intentions beyond the initial limited release are still unclear.