OpenAI And Anthropic Spark New Cybersecurity Race As AI Models Raise Global Alarm

A new cybersecurity race is underway as the latest frontier AI models from OpenAI and Anthropic intensify fears that attackers could soon use artificial intelligence to find and exploit software weaknesses at unprecedented speed.

The pressure is falling heavily on chief information security officers, or CISOs, who are now being forced to defend organisations against a fast changing threat landscape shaped by AI generated code, third party software libraries and increasingly powerful AI systems capable of identifying security flaws.

The concern has accelerated following the arrival of Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 cyber capabilities. Anthropic announced Mythos on April 7, describing a model with advanced cybersecurity abilities, while the UK AI Security Institute later reported significant improvements in multi-step cyber attack simulations during its evaluation of the system.

The moment has prompted warnings across the industry that AI is becoming a double-edged tool in cybersecurity. In the hands of defenders, these systems could help scan code, identify vulnerabilities and speed up patching. In the hands of attackers, they could reduce the time and expertise needed to discover weaknesses and build exploits.

OpenAI has responded with a major cybersecurity push of its own. Its Daybreak initiative allows developers to request vulnerability scans and uses GPT-5.5 and Codex Security to help identify threats, generate patches and verify remediation across code and systems.

The rise of AI coding tools is adding to the anxiety. Developers are now using AI assistants to produce large volumes of code, but experts warn that more code can also mean more mistakes. When vulnerabilities are missed during review, those errors may enter production systems at speed.

That problem is made worse by modern software’s reliance on third party and open source libraries. A single flaw in a widely used package can ripple across thousands of organisations, particularly when AI tools pull from the same software ecosystems.

Security leaders say this combination has created a perfect storm: faster code generation, less careful human review and a growing dependency on shared libraries. The result is a rapidly expanding attack surface that many organisations are struggling to monitor.

Anthropic’s Mythos announcement has become a particular flashpoint. According to reports, the company has limited the model’s release to trusted partners due to concerns about its ability to find and exploit security flaws. Axios reported that Anthropic restricted access to a handpicked group of technology and cybersecurity companies because of those risks.

The concerns have also reached global financial regulators. Reuters reported that Anthropic is preparing to brief the Financial Stability Board on cybersecurity vulnerabilities in the global financial system discovered by Mythos, following concerns about the model’s implications for banks and critical infrastructure.

The UK AI Security Institute has also evaluated OpenAI’s GPT-5.5 cyber capabilities, noting that Anthropic’s Mythos had previously completed its corporate network attack simulation end to end, and that GPT-5.5 was assessed as part of the same broader trend in frontier model cyber performance.

For cybersecurity teams, the immediate challenge is not only whether attackers can access the most capable models. It is whether defenders can move quickly enough to find and fix vulnerabilities before AI-assisted adversaries do.

OpenAI’s Daybreak initiative reflects one answer to that challenge, giving verified security teams access to AI-assisted defensive workflows. Anthropic has similarly been working with selected partners, with its frontier red team indicating that the company is trying to bring Mythos to defenders responsibly.

Industry figures argue that collaboration will be essential. Cybersecurity firms including Semgrep, Socket and Snyk are positioning themselves around the new reality, where AI systems are both part of the threat and part of the defence.

The result is a new phase in the cybersecurity arms race. AI models are no longer just helping people write software. They are beginning to test, break, repair and harden it.

For businesses, the message is clear: cyber risk can no longer be treated as a background IT issue. Boards, executives and security teams will need to understand how AI is changing both the speed and scale of cyber threats.

The “AI fog” facing CISOs may only grow thicker from here. But one thing is already apparent: as OpenAI, Anthropic and cybersecurity firms race to put advanced AI in the hands of defenders, attackers will be looking for the same advantage.

Photo Credit: DepositPhotos.com