OpenAI Plans Controlled Cybersecurity AI Rollout, Keeping Access Limited to Approved Partners in Defensive Security Sector

OpenAI Quietly Builds Restricted Cybersecurity AI As Industry Locks Down Access

OpenAI is moving deeper into cybersecurity, but not in a way the public will easily see.

A new report suggests the company is preparing an advanced AI model designed for cyber operations, with access limited to a small circle of vetted organisations rather than a broad release.

Trusted Access Programme Signals Shift To Controlled AI Rollouts

The model is expected to sit within OpenAI’s “Trusted Access for Cyber” programme, first introduced in February.

The initiative was designed to keep powerful systems out of general circulation and place them directly in the hands of defensive security teams.

Participants are supported with $10 million in API credits, alongside access to tools such as GPT-5.3-Codex, currently OpenAI’s most capable cybersecurity model.

While details remain limited, the restricted rollout reflects a deliberate decision to prioritise control over scale, particularly as AI systems grow more capable of identifying and exploiting vulnerabilities.

Anthropic’s Mythos Forces Industry To Rethink Openness

The timing is not coincidental.

Earlier this week, Anthropic revealed its Claude Mythos Preview model, describing it as capable of discovering “tens of thousands of vulnerabilities” across major operating systems and browsers.

The model reportedly identified zero-day flaws with a level of autonomy comparable to experienced human researchers, raising immediate concerns about misuse.

Anthropic responded by limiting access through its Project Glasswing programme, distributing the model only to a tightly selected group of companies including major cloud providers, chipmakers, and cybersecurity firms.

More than 40 organisations tied to critical infrastructure were granted controlled access under strict conditions.

How Powerful Is Too Powerful For Public Release

Internal testing results added to the unease.

Mythos Preview uncovered previously unknown flaws in widely used software, including a 27-year-old vulnerability in c and an issue in FFmpeg that had escaped millions of prior automated checks.

Anthropic stressed that the model was not specifically trained for security tasks, meaning its capabilities emerged from broader improvements in reasoning and code understanding.

That dual-use nature, the ability to both fix and exploit weaknesses, has become a central concern across the industry.

Security Benchmarks Struggle To Keep Up With AI Progress

The rapid leap in capability is also exposing limits in existing safety frameworks.

Anthropic acknowledged that Cybench, a benchmark used to assess cyber risk in AI systems, is “no longer sufficiently informative of current frontier model capabilities”.

The company added that safety evaluations now involve “judgment calls” and carry “more fundamental uncertainty,” signalling that established measurement tools are falling behind the technology they are meant to assess.

Regulators Increase Pressure As Risks Expand

Government scrutiny is rising alongside these developments.

Federal agencies have intensified their focus on AI safety protocols since early April, while Anthropic is already facing pressure after the Pentagon reportedly flagged it as a supply chain risk over restrictions tied to surveillance and weapons-related use cases.

Security experts and former officials have also warned that sufficiently advanced AI systems could be used to disrupt essential infrastructure, including power grids, water systems, and financial networks.

AI Cyber Tools Begin To Resemble Classified Technology

Against this backdrop, OpenAI’s decision to restrict access appears as much about positioning as precaution.

By limiting distribution early, the company signals alignment with regulators and distances itself from the risks of uncontrolled deployment.

At the same time, it reflects a broader shift in how frontier AI is being released.

Instead of public launches, the most capable systems are increasingly handled like sensitive assets — shared selectively, governed by agreements, and reserved for organisations judged capable of managing their risks.