OpenAI has released GPT-5.4-Cyber to a select group of security researchers, one week after Anthropic launched its Mythos model for the same market. The timing is not coincidental: Bloomberg's reporting makes explicit that the cyber model is a competitive response, and OpenAI is routing access through its Trusted Access for Cyber programme, a controlled distribution channel it established earlier this year. The result is a race between the two leading AI safety companies to see who can build the most powerful tool for finding and exploiting software vulnerabilities.
To understand why this is a notable development, it helps to recall what Mythos was and how it was received. Anthropic unveiled Claude Mythos Preview in early April as part of Project Glasswing, a programme committing the company to helping secure critical software infrastructure. The framing was explicitly defensive: Mythos could find high-severity vulnerabilities, including flaws in major operating systems and web browsers, and the point was to fix them before attackers could exploit them. Anthropic described the capability as representing a threshold where AI coding ability has passed even the most skilled human security researchers.
The announcement triggered a cascade of reactions. US Treasury officials and bank regulators briefed bank CEOs about the implications. Wall Street institutions began testing Mythos under government encouragement. The response exposed a genuine tension at the heart of AI cybersecurity tools: a model capable of finding every critical vulnerability in production software is, by definition, also capable of exploiting them. Anthropic's commitment to controlled distribution was the mechanism meant to resolve this tension. How much that commitment can hold as GPT-5.4-Cyber enters the same space is a question the industry has not fully worked through.
OpenAI's approach mirrors Anthropic's in structure if not in branding. GPT-5.4-Cyber is available only to vetted participants in the Trusted Access programme, not released broadly. The model is described as designed specifically for identifying software security vulnerabilities, with meaningfully stronger cybersecurity capabilities than previous GPT iterations. The restricted distribution signals that OpenAI shares Anthropic's assessment of the risks, even as the companies compete for the same pool of enterprise security contracts.
The competition itself raises questions that neither company has fully answered. Both Anthropic and OpenAI are safety-focused organisations that have argued, with apparent sincerity, that advancing AI capabilities must be paired with careful deployment. Both are now deploying highly capable offensive security models to vetted but not unlimited audiences, on the grounds that defenders need these tools. This logic is defensible in isolation: security researchers do genuinely need to understand attack capabilities to build effective defences. The difficulty is that the same logic applies at every step of capability escalation, with no obvious stopping point.
The competitive dynamic adds another layer. When Anthropic released Mythos, OpenAI faced a choice: cede the cybersecurity AI market to a direct competitor, or respond in kind. A week later, GPT-5.4-Cyber exists. It is worth asking whether either company would have moved this fast into this territory if operating alone. The race format, even between safety-conscious competitors, creates pressure toward acceleration rather than restraint. The vetting programmes and controlled access are genuine safeguards, but they were designed by companies with strong commercial incentives to move quickly, which is exactly the context in which independent oversight becomes most valuable.
For enterprise security teams, the more immediate question is practical: which model is better at finding the vulnerabilities they care about, and how does each company's access programme work in practice? On that level, the competition is straightforwardly useful. Two capable models are better than one, and real-world deployment will reveal things about each model's strengths and failure modes that controlled testing cannot. The race is uncomfortable to watch, but it is producing tools that security professionals need. Those two things are both true at the same time.