The race to build AI that can operate in the cyber domain is accelerating faster than most people realise, and the labs are no longer converging on a common answer to what responsible development looks like. Last week, OpenAI released a dedicated cyber model to a select group of researchers and partners, entering territory that Anthropic's restricted Claude Mythos Preview had staked out earlier this month. At almost the same moment, Anthropic shipped Opus 4.7 with deliberately reduced cyber capabilities. Two companies, two opposite bets on what "safe" means in the most sensitive domain AI has yet entered.
OpenAI's cyber model, released in limited access on April 14, represents a strategic commitment to building AI that can reason deeply about computer systems, vulnerabilities, and network security. The decision to release to a curated group first is consistent with OpenAI's current operating model: maintain tight control, expand access gradually, and demonstrate that frontier capability and responsible deployment can coexist. Whether those goals actually coexist in the cyber domain is the argument worth having.
The cyber model is different in character from OpenAI's general-purpose releases: a domain-specific tool with explicit offensive-security applications, separate from the general capability upgrades rolling through the rest of the product line. OpenAI is controlling access carefully, at least for now, which suggests the company knows what it has built and wants to manage the rollout rather than release into the wild.
Anthropic's approach could not be more different. When the company shipped Opus 4.7 on April 16, Bloomberg reported that the model had been deliberately engineered to be less capable in cyber operations than Mythos. This is the first time a major lab has framed a capability reduction as a design decision in a flagship model release. Opus 4.7 is described as significantly better at advanced coding and instruction-following than previous versions, but the cyber ceiling was lowered as a deliberate choice. Anthropic is not framing this as a limitation: it is framing it as a position.
The awkward question this raises is whether "deliberately weaker cyber skills" corresponds to anything meaningful in terms of real-world risk. Security researchers, penetration testers, and people with less constructive intentions do not evaluate AI tools primarily by their performance on benchmark tests. They use AI because of its general reasoning, code generation, and creative problem-solving capabilities, and those remain strong in Opus 4.7. A model that scores lower on a specialist cyber test but can still write, debug, and reason about code at a high level is not obviously less useful in a hands-on attack context. The bottleneck in AI-assisted hacking has rarely been a specialist training score. It has been prompt engineering, tool access, and imagination.
There is also a context that shapes both decisions: Anthropic's own Claude Mythos Preview, released earlier this month under the restricted Project Glasswing programme. Mythos found thousands of zero-day vulnerabilities across every major operating system and browser, and on specialist cyber benchmarks it significantly outperforms both Opus 4.6 and OpenAI's general-purpose models. Mythos is not a competitor from outside; it is what Anthropic itself has built but chosen not to release publicly. The fact that OpenAI's new cyber model and Anthropic's Opus 4.7 are both being calibrated relative to what Mythos can do says something about where the frontier of AI-enabled cyber operations actually sits.
The deeper tension is strategic as much as technical. OpenAI is operating under its agreement with the Department of War and has positioned itself as a reliable partner for national security applications. A dedicated cyber model, released carefully and controlled tightly, fits that posture: capability maintained, liability managed. Anthropic, which spent months fighting the Pentagon's supply chain risk designation, has taken the opposite position. A deliberately limited cyber model is consistent with that dispute and with the company's stated values.
Neither approach answers the real question, which is whether any of this slows down the proliferation of cyber-capable AI in practice. Mythos exists. The research is public. The underlying capability is advancing regardless of which version of which model scores highest on which benchmark. What the labs are actually competing over, at this point, may be the narrative around what responsible cyber AI looks like, more than the capability itself.