APREX · EST. 2026The race to dominate AI-driven cybersecurity is intensifying. While OpenAI unveiled new offensive and defensive tools this week, Anthropic has already made waves with a model that, according to U.S. intelligence circles, represents one of the most dramatic security demonstrations in AI history.
OpenAI Turns Its Attention to Open Source
OpenAI announced "Patch the Planet" — an initiative aimed at systematically identifying and closing security vulnerabilities in open-source software. The initiative is accompanied by an upgraded version of GPT-5.5-Cyber, a model specifically designed for cybersecurity tasks, according to Wired.
Open-source software forms the backbone of much of the world's digital infrastructure, but frequently suffers from resource shortages and accumulated security issues. OpenAI's approach is to deploy AI capabilities into that gap.
Anthropic's Mythos: The AI That Beat the NSA
The backstory is as fascinating as it is unsettling. Anthropic's unpublished Mythos model — specifically "Mythos Preview" — reportedly broke into "nearly all" classified systems at the National Security Agency (NSA) within a matter of hours, according to Senator Mark Warner, vice chairman of the Senate Intelligence Committee. Warner was reportedly briefed by General Joshua Rudd, director of the NSA and U.S. Cyber Command.
This is an unverified claim from a political source, and neither Anthropic nor the NSA has publicly confirmed the details. It is important to emphasize that this involved a controlled security test — not a real-world attack.
Mythos Preview has already uncovered thousands of serious vulnerabilities — including in all major operating systems and browsers
The AI Security Institute (AISI) evaluated Mythos Preview and concluded that the model represents a marked leap forward compared to previous frontier models in cybersecurity. According to the evaluation, the model is capable of autonomously attacking small, lightly defended enterprise systems — without human guidance — once it has been granted network access.
A 27-Year-Old Vulnerability Found — Autonomously
Among the more concrete examples of Mythos Preview's capabilities is the discovery of a 27-year-old vulnerability in OpenBSD — an operating system renowned for its robust security. According to information tied to the model's evaluation, the vulnerability would have allowed a remote attacker to crash any machine running OpenBSD simply by connecting to it. The model identified this flaw — and developed the corresponding exploit code — without human involvement.
Government Response: Access Restricted
The U.S. government responded by ordering Anthropic to disable Fable 5 and Mythos 5 globally, with access restricted to American citizens. According to Anthropic, the letter it received did not specify the precise rationale, but included verbal indications of a potential narrow jailbreak that could conceivably enable Fable 5 to identify software vulnerabilities.
Two Companies, One Arena
Both OpenAI and Anthropic are now staking out strong positions in AI-driven cybersecurity — but with different approaches. OpenAI is betting on broad open-source patching through "Patch the Planet," while Anthropic's Project Glasswing brings together the industry's heaviest hitters around its Mythos Preview model for defensive scanning of critical infrastructure.
Anthropic is also offering "Claude Code Security," a feature built into Claude Code that analyzes codebases for vulnerabilities and suggests fixes. The tool is currently in limited preview for Enterprise and Team customers, with priority access for open-source maintainers.
The common thread is clear: AI models with a genuine ability to find and exploit security vulnerabilities are no longer hypothetical. The question that remains is whether defensive use will keep pace with offensive potential.