OpenAI has expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships.
The post OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery appeared first on SecurityWeek.
Intelligence agencies for the United States, Canada, UK, Australia and New Zealand are warning that advanced AI models capable of wreaking havoc in the cyber domain are “months away” from being publicly available.
In a joint statement, the Five Eyes alliance say they expect the kind of advanced hacking capabilities provided by frontier models like Anthropic’s Fable 5 and OpenAI’s Daybreak to become broadly available the public within the year, despite efforts by AI companies to withhold them or restrict their access.
“Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities,” the agencies said. “The timeline is not years, it is months.”
The statement, which included signatures from NSA’s Director of the Cybersecurity Directorate David Imbordino and acting CISA Director Nick Andersen, does not specifically cite secret or classified sources or methods to reach this conclusion.
But much of the underlying justification provided by the intelligence agencies also aligns with what public cybersecurity and AI experts have been warning about for months.
AI models capable of exploiting cybersecurity weaknesses are already available today through multiple channels: older commercial models, open-source versions, or foreign and black-market sources. And while newer models like Mythos are reportedly significantly more powerful for cybersecurity-related tasks, the breakneck pace of frontier model development often means that yesterday’s restricted frontier AI is tomorrow’s free, open-source AI.
Representative Andrew Garbarino, R-N.Y., Chair of the House Homeland Security Committee, said the warning from intelligence agencies “underscores what the Committee has repeatedly heard through roundtables, briefings, and hearings with industry leaders: China is just months, if not now weeks, away from achieving frontier AI capabilities comparable to those of the United States.”
“This threat reinforces the urgency of ensuring that federal agencies and critical infrastructure operators can responsibly leverage advanced U.S. models, and receive the guidance and support necessary to do so, to find vulnerabilities before adversaries can exploit them,” said Garbarino in a statement.”
The agencies flag legacy systems, sluggish patching loops, unnecessary internet connectivity, weak identity and access controls, and a lack of pre-incident planning by organizations as key weaknesses that AI will excel at exploiting.
“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the agencies wrote. “We must act before and be prepared to adapt and withstand evolving threats.”
Since large language models burst onto the scene, open-source models have run about 6-8 months behind the largest frontier AI companies.
To give an idea of how quickly the field develops: the capabilities described in the Amazon threat intelligence report that convinced the Trump administration to place export controls on Fable 5 could already be accomplished through older models like Claude Opus and Claude Sonnet, as well as open-source Chinese models.
Anthropic shut down access to their Fable 5 and Mythos 5 models as a result, and despite releasing a statement that they believe the White House decision was a “misunderstanding” the dispute remains resolved.
Programs like Anthropic’s Project Glasswing and OpenAI’s Trusted Access for Cyber Program provide AI systems to organizations for cyberdefense. The goal is to give defenders a head start in finding and fixing vulnerabilities before AI systems can exploit them routinely in the coming years.
However, for all the fear surrounding the new technology, the recommended guidance is largely the same as it has been for decades. Governments, businesses and leaders must stop treating the digital security of their work as an afterthought or compliance issue.
“Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy,” the agencies wrote. “Those that do not will face growing operational and strategic disadvantage.”
06/23/2026: This story was updated to include comment from Rep. Andrew Garbarino, R-N.Y.
The post Intel agencies: Frontier AI models will reshape cybersecurity faster than expected appeared first on CyberScoop.
OpenAI’s threat intelligence team tracked what it believes are two distinct clusters of activity online from groups with ties to China and posting content seemingly designed to stoke anger around divisive topics like AI and data centers.
The first, dubbed “Data Center Bandwagon,” used ChatGPT to create imagery and social media comments claiming data center buildouts were raising electricity prices for Americans.
Another used the tool to develop images and online posts characterizing tariffs as a covert means for the countries to exert control over the global technological landscape. According to OpenAI, the originating prompts directed ChatGPT to only include U.S. President Donald Trump in this content, while leaving out Chinese President Xi Jinping, who has also made use of tariffs.
In both cases, OpenAI said the operators “likely originated” in China. The anti-data center content was traced to an unnamed Chinese technology company that holds multiple contracts with regional Chinese governments, and both clusters used VPNs to evade restrictions, prompted ChatGPT in simplified Chinese and asked for both English and Chinese-language outputs, all while posing as Americans on social media platforms like X and YouTube.
“This looks like a classic example of a foreign influence operation jumping onto the bandwagon of a genuine and pre-existing domestic debate and trying to manipulate it by using fake accounts posing as Americans,” online, said Ben Nimmo, principal investigator at OpenAI and author of the report.
While OpenAI – which has sought to raise hundreds of millions of dollars in funding to build datacenters in the U.S. – is not a neutral party, the report does not claim that anti-data center sentiment in the country is being driven or bolstered by foreign propaganda online.
There’s little evidence that the campaigns got much attention outside their own amplification networks. Such engagement from third parties is an imperfect but important indicator of an influence operation’s impact. OpenAI rated the campaigns a 1 and 2 on the Bookings breakout scale, scores that indicate activity on one or more platforms but no evidence of meaningful engagement by targeted audiences.
Additionally, researchers who study state-sponsored influence campaigns say these groups are happy to latch onto and amplify genuine domestic movements or messaging so long as it serves their larger destabilization goals.
Others have suggested that piggybacking off established narratives with organic momentum – like public anger at AI and data centers – can make an influence operation appear more effective.
While AI tools can be leveraged to create such internet content at scale, they often fail to gain traction. Some images used by Chinese actors appear clunky or use overly direct messaging that display a lack of familiarity with both the English language and internet virality.
“I do want to be really clear here: this was not a case of an influence operation creating a debate,” said Nimmo. “The debate existed already. This was an influence operation from China trying to interfere in it. We didn’t see any signs that it succeeded.”
He added that while such views are “reasonable” and “sincerely held” by many participants on both sides, “what we don’t want to see is a covert foreign influence operation posing as Americans to try to shape it, still less a foreign influence operation using the very AI that it attacks.”
According to the OpenAI report, the actors used ChatGPT to edit work reports which contained operational security details about their social media campaigns. In them, they described their goals as “establishing persistent and credible accounts, producing visually appealing content to expand audience reach in different regions and maintaining long term account viability by anticipating platform enforcement.”
Another report fed into ChatGPT discussed how best to leverage Facebook’s content ecosystem, groups, pages, hashtags, advertising tools, recommendation systems and reporting mechanisms, as well as strategies for evading Meta’s detection of coordinated inauthentic accounts.
The campaign around tariffs also used ChatGPT to create short comments, comics in English but also Italian, Japanese and traditional Chinese accusing the US of putting profits over loyalty to its allies. OpenAI said they were targeted by the same network on X with an influence campaign alleging a widespread user data breach that Nimmo said “never happened.”
While OpenAI said the campaigns likely originated in China, they do not directly attribute the operations to the Chinese government or actors working on their behalf, but do note that many parts of the campaign and its tactics overlap with pre-established Chinese government propaganda campaigns online.
The post OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers appeared first on CyberScoop.
Earlier this year, Anthropic executives said that their new AI model, Claude Mythos, had such powerful capabilities for harm that they would not release it publicly.
On Tuesday, the company said it was making an altered version of Mythos available to the public, promising “new guardrails” that thwart the model’s best-in-class performance in hacking and bioweapons research.
Anthropic said Claude Fable 5 was the “same underlying model” as Mythos, but its responses for certain topics like cybersecurity and biology will be drawn from a previous Claude Opus model that is already public.
“Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” the company said in a draft blog sent to CyberScoop ahead of the announcement. “We’ve therefore launched the model with safeguards that route queries on a narrow set of topics to our next-most-capable model, Claude Opus 4.8.”
Anthropic also said they subjected Fable 5 to both internal and external red team testing for common model vulnerabilities, like jailbreaking. Anthropic said these tests identified no known “universal” jailbreaking techniques, but does not specify if partial jailbreaking techniques were discovered.
The company is betting that won’t change when Fable 5 is made available to the broader public, but it’s worth noting that cybersecurity researchers have consistently found ways to jailbreak older AI models.
“The uplift from Mythos-level capabilities is valuable to many adversaries—for instance, those who could financially gain from cyberattacks—and we therefore expect them to be motivated to try to circumvent our safety measures,” the company wrote.
Anthropic is changing its data retention policies for Fable and Mythos models, keeping all user traffic for 30 days on both its own platforms and third-party services. A White House executive order creates a voluntary framework for AI companies to share frontier models with the government up to 30 days before public release. The company says the retained data won’t be used to train new Claude models or for “any non-safety-related-purpose.”
Following publication, a spokesperson for Anthropic told CyberScoop the company’s data retention policies “are specific to their safeguards work and is unrelated to the EO.”
Most organizations are still deciding whether to adopt AI into their IT and cybersecurity ecosystem. But models like Mythos can scan for vulnerabilities, chain together exploits, and steal data from a victim network in minutes. Automation in hacking existed before AI, but experts have said frontier models like Mythos and OpenAI’s Daybreak can allow even low-level cybercriminals to wreak havoc.
While Anthropic cited its commitment to developing safe and secure AI in its reasons for not publicly releasing Mythos, many organizations have been clamoring for access, and its enhanced cybersecurity functions in cybersecurity and other areas have been the subject of congressional hearings, national security papers and White House executive orders.
Releasing a limited version of the model in Fable 5 represents an attempt to split the difference between those two desires. Anthropic said it would release follow up benchmarks and assets for the model.
Anthropic said it’s possible the restrictions built into Fable will make it harder for the model to fulfill both malicious and legitimate user requests.
“Because we have prioritized safety, we’ve deliberately tuned the safeguards to be cautious, and they are still stricter than would be ideal—for example, sometimes benign requests will trigger our classifiers,” the company wrote. “We recognize that this will be frustrating to some users, and our aim is to reduce false positives as we update and refine the safeguards after launch.”
If Fable 5 draws its cybersecurity and biology answers entirely from Claude Opus 4.8, it will still provide users with impressive – though not unique – dual use cybersecurity capabilities.
According to the system card published for Opus 4.8, the model is a slight improvement on previous models like 4.7 in the realm of cybersecurity but was “generally much less capable than Mythos Preview.”
Opus 4.8 was tested on its ability to write complete end-to-end exploits and build exploit primitives that provide attackers with the ability to execute arbitrary code. It averaged a score just 5 out of 16 in proficiency, compared to Mythos Preview which scored closer to 10.
Without safety guardrails in place, Opus 4.8 can still reproduce nearly 80% of previously discovered vulnerabilities in real open-source software projects when given a high level description of the weakness. The system card said Anthropic’s unspecified safeguards whittle this success rate down to 1%.
Another test assessing Opus’ ability to develop exploits for the popular Firefox browser found that, again without guardrails, the model could identify a full working exploit 8.8% of the time and a partial working exploit 68.8% of the time.
The company also said that members of Project Glasswing – a consortium of public and private businesses given access to a preview version of Mythos – will be able to upgrade to the latest full model, Claude Mythos 5, to continue their work. Access to Mythos 5 will be expanded over time “through a more systematic trusted-access program” including federal agencies.
The post Anthropic’s new model is Mythos on a leash appeared first on CyberScoop.
AI models such as Anthropic’s Claude Mythos and OpenAI’s Daybreak represent a fundamental inflection point in security. These advances are not only reshaping technology but also redefining trust, risk, and the relationship between humans and intelligent systems. As innovation accelerates, AI governance and responsible deployment are becoming strategic priorities for every organization.
Historically, governments have played a stabilizing role during moments of transformational technological change. Yet the pace and scale of the AI era demand a new model, one built on partnership rather than control, balancing societal responsibility with the need to sustain innovation and global competitiveness.
The White House’s executive order on AI governance signals that collaboration between the industry and policymakers will increasingly shape the future landscape. Proposed frameworks that promote transparency and responsible development point toward a more coordinated approach to risk management.
Effective governance of AI models should balance clear safeguards with the speed of innovation, aligning organizations, policy makers, and technology leaders around a shared goal: advancing AI in ways that strengthen trust, security, and long-term value. The path forward is not defined by heavy-handed oversight, but by building an ecosystem of accountability.
Three key points substantiate this approach.
First, the industry should recognize Anthropic’s release of Mythos as an example of responsible innovation. Company leaders recognized the model’s risks and deliberately delayed broader deployment, allowing early testing to surface vulnerabilities before widespread adoption.
The broader lesson extends beyond a single model release. Responsible leadership means prioritizing decisions that build trust and enable sustained innovation. As AI capabilities accelerate, the most successful organizations that lead will be those that weave accountability through their ambitious pursuits, rather than treating them as competing priorities.
Second, innovation rarely thrives under rigid frameworks. History has shown that many compliance regimes, while well-intentioned, incentivize organizations to optimize for requirements rather than outcomes. Security is strengthened through systems designed for resilience and trust, which goes beyond mere compliance.
Third, slowing U.S.-based AI innovation risks weakening long-term competitiveness. The U.S. remains a leader in AI but maintaining that position will require balancing responsible safeguards with continued investment and progress. Overly restrictive approaches risk slowing domestic advancement while other nations continue accelerating development and capability.
An effective AI governance approach would encourage further responsible AI model development, as demonstrated by Anthropic. It would avoid direct government regulation and instead enforce accountability for companies that are irresponsible with AI development.
Hopefully, the partnership and collaboration between government entities and industry will continue beyond the White House order. Policymakers and industry leaders should create incentives that reward AI vendors for considering societal implications before releasing new solutions. This framework would highlight responsible providers as models for the industry while imposing meaningful consequences based on demonstrated societal harm that direct affects business and technology decisions.
AI models such as Mythos and Daybreak underscore a broader reality: the future of AI will be shaped by the trust around innovation, not merely by its development pace. The next era of AI leadership will require a new model of collaboration between industry and policymakers that maintains the speed and adaptability that innovation demands while establishing meaningful accountability for real-world outcomes.
The objective should be to guide progress responsibly. The organizations and nations that lead in the AI era will be those that demonstrate how innovation and accountability work together to strengthen trust, security, and long-term value creation.
Art Gilliland is CEO of Delinea, a cybersecurity company focused on human, machine and AI identity protection.
The post The AI security race needs accountability, not overregulation appeared first on CyberScoop.
The Active Sessions and Lockdown Mode features are being made more broadly available by the AI giant.
The post OpenAI Rolling Out ChatGPT Account Security Controls appeared first on SecurityWeek.
OpenAI on Wednesday hailed its plans to safeguard information and aid cybersecurity defenders in the 2026 midterm elections, including work to combat deepfakes and other forms of artificial intelligence misuse.
The announcement builds on commitments from major tech companies in 2024, including OpenAI, to protect elections from AI-infused election interference — efforts that some thought weren’t enough. Government agencies, non-governmental institutes and others have increasingly warned about AI’s ability to have a negative impact on elections even as they advertise its potential for good.
OpenAI’s plan has five planks: spreading reliable information about voting and election results, helping with cybersecurity, watermarking deepfakes, enforcing policies that ban users from deploying its tools for election interference, and weeding out political bias in its models.
OpenAI highlighted that it has made its Codex Security agentic framework and Trusted Access for Cyber framework available to election officials, and was briefing the National Association of Secretaries of State and the National Association of State Election Directors on its tools.
“This is an important moment for cyber defenders across industries, and we believe AI plays a critical role in hardening digital infrastructure — including systems that support elections,” the company said. “OpenAI is committed to building resilience across the infrastructure stack, including in ways that support election execution.”
Some elements of OpenAI’s plans aren’t new so much as it’s taking pieces from other announcements and putting them together in one, such as reiterating last week’s partnership with SynthID to add watermarks to images generated with ChatGPT to assist in evaluating whether something is real or a deepfake.
One new element of Wednesday’s announcement is that OpenAI has struck a partnership with the Associated Press on sharing election data.
One election security expert welcomed the OpenAI announcement.
“Given the prevalence and amplification of disinformation about our elections, sometimes coming from leaders in high office, it’s always a good thing when platforms and services embrace their obligation to deliver accurate information to users,” David Becker, executive director of the Center for Election Innovation & Research, told CyberScoop. “It appears OpenAI is doing that with this announcement. I hope other platforms embrace this responsibility as well.”
The post OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms appeared first on CyberScoop.
1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentials out of prompts, code repositories, and model context.
The post 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials appeared first on SecurityWeek.
As defenders get their hands on newer AI models with more powerful cybersecurity capabilities like Anthropic’s Mythos and OpenAI’s Daybreak, organizations are being told to prepare for a flood of new vulnerability reports.
But for bug bounty programs across the nation, that day may already be here, as yesterday’s frontier models and today’s open-source AI tools have dramatically increased the volume of bug reports flowing into companies around their own products or on larger bounty platforms online.
GitHub, one of the world’s largest online code repositories, said it is tightening its definition of a “complete” bug report after a significant increase in AI-assisted submissions over the past year.
Although the influx has had some benefits, many reports are submitted without proof of concept, are reliant on unrealistic attack scenarios or cover issues already listed as ineligible. As a result, the company is having difficulty separating signal from noise.
“This isn’t unique to GitHub,” wrote Jarom Brown, senior product security engineer at GitHub. “Programs across the industry are grappling with the same challenge, and some have shut down entirely.”
Brown said GitHub does not want to ban the use of AI generated reports entirely, calling it a “force multiplier” for security in the right context. But in a world where it’s never been easier to use AI to generate theoretical bugs, the company wants researchers to go the extra mile to confirm that their discoveries can actually be exploited in real-world conditions.
What we need is the same standard we’ve always expected: validation,” Brown wrote. “An AI-assisted finding that’s been verified, reproduced, and submitted with a working proof of concept is a great submission. An unvalidated output submitted as-is without reproduction or demonstrated impact is not.”
Grant Bourzikas, chief security officer at Cloudflare, said triaging bugs and proving they can be exploited has always been one of the hardest parts of vulnerability research, and AI vulnerability scanners and code have “made it worse.”
For instance, code written in C and C++ programming languages are vulnerable to a range of exploits – like buffer overflows and out-of-bounds reading and writing – that don’t exist in memory safe languages like Rust. AI tools scanning software written in memory unsafe programming languages are far more likely to generate false positives.
But one of the biggest flaws continues to be that AI tools are also designed to give the user what they’re asking for, even when it’s not there. This leads to the generation of bug reports filled with speculation and qualifiers around exploitability that require human follow up.
“That’s a reasonable bias for an exploratory tool,” Bourzikas wrote. “It’s a ruinous one for a triage queue, where every speculative finding spends human attention and tokens to dismiss, and that cost compounds across thousands of findings.”
Cloudflare recently shared results from testing Mythos on 50 of its own code repositories, looking for exploits. Bourzikas called Mythos “a different kind of tool doing a different kind of work” from other frontier models, and that it made significant progress in reducing false positives.
For example, he pointed to two Mythos capabilities that stood out compared to other models: chaining exploits together and generating its own proof-of-concept code to confirm exploitability.
Older models could spot many of the same bugs, but they often couldn’t figure out how to exploit them effectively, or show that the issue could be exploited in real world conditions.
Others have argued that the gap in bug hunting capabilities between newer frontier AI models and older ones, or open source models available today is not as large as advertised.
Swedish software developer Daniel Stenberg, lead developer for curl, an open source file transfer tool used around the world, recently wrote about his experience with Mythos Preview. Like others, he has also seen a higher volume of AI-fueled bug reports over the past year, but said the flood of low-quality reports has tapered off significantly since March as models have improved.
Curl is mature and polished by the standards of most software: Stenberg estimates each line of code has been rewritten or altered at least four times, and he said he has used both human and AI tools in the past to implement hundreds of bug fixes over Curl’s existence.
That makes it a unique testing ground for the enhanced capabilities of Mythos, which was reportedly so powerful at finding vulnerabilities that Anthropic opted not to release it to the general public.
After gaining access to Mythos, Stenberg received the results of a scan of 178,000 lines of curl code. Ultimately, the scan flagged five “confirmed” vulnerabilities. Further exploration by human researchers found that 4 of the bugs were false positives or had no security impact. The one remaining bug Mythos found? A low-severity flaw that will be fixed in a regular June update.
Even as he praised the impact of AI on cybersecurity generally, Stenberg concluded that for all the hype, Mythos is only “a bit better” than previously released models.
“My personal conclusion can however not end up with anything else than that the big hype around this model so far was primarily marketing,” he wrote. “I see no evidence that this setup finds issues to any particular higher or more advanced degree than the other tools have done before Mythos.”
The post AI might cut false positives, but it won’t stop the slop appeared first on CyberScoop.
Two employee devices were compromised in the attack, and credential material was stolen from OpenAI code repositories.
The post OpenAI Hit by TanStack Supply Chain Attack appeared first on SecurityWeek.
Two of the most advanced artificial intelligence models — Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 — have significantly surpassed the already-accelerating pace at which AI systems are completing autonomous cybersecurity tasks, according to separate findings published Wednesday by the United Kingdom’s AI Security Institute (AISI) and Palo Alto Networks.
The AISI, which conducts pre-deployment evaluations of frontier AI models on behalf of the British government, said both Claude Mythos Preview and GPT-5.5 have substantially exceeded the doubling trend the institute had been tracking since late 2024. Whether the results represent an isolated capability jump or the start of a new, faster trajectory remains unclear.
The AISI estimated earlier this year that frontier models’ 80% reliability cyber time horizon — a measure of how long a task takes a human expert, used as a proxy for AI autonomy — had been doubling approximately every five months. That was itself roughly half the eight-month doubling time the institute estimated in November 2025. Now Mythos Preview and GPT-5.5 have since outperformed any trend lines the institute has measured.
“Frontier AI’s autonomous cyber and software capability is advancing quickly: the length of cyber tasks that frontier models can complete autonomously has doubled on the order of months, not years,” the AISI wrote.
The clearest evidence of the capability jump came from the AISI’s cyber ranges, its structured simulations of multi-stage attacks against small, undefended enterprise networks. A newer checkpoint of Claude Mythos Preview became the first model to complete both of the institute’s ranges. It solved “The Last Ones,” a 32-step simulated corporate network attack, in 6 of 10 attempts, and completed “Cooling Tower” — previously unsolved by any model — in 3 of 10 attempts. GPT-5.5 solved “The Last Ones” in 3 of 10 attempts.
Palo Alto Networks reached similar conclusions through its own testing. The company said it began testing Claude Mythos in April as a launch partner for Anthropic’s Project Glasswing, and has since tested Claude Opus 4.7 and OpenAI’s GPT-5.5-Cyber as part of OpenAI‘s Trusted Access for Cyber program.
“The latest models are extraordinarily capable at finding vulnerabilities and changing them into critical exploit paths in near-real-time,” Palo Alto Networks wrote.
The company released security advisories covering 26 CVEs representing 75 issues — compared to a typical monthly volume of fewer than five CVEs — that were identified through AI model scanning across more than 130 products. All important vulnerabilities in its SaaS products had been patched, with patches available for all customer-operated products.
The AISI was careful to note the limits of its data. The estimates are based on a relatively small number of models, and the hardest tasks in the test suite have the least amount of human comparison data. Even so, the institute said the overall trend holds up: dropping any single model from the analysis barely moves the needle, shifting the estimated doubling time by less than a month in either direction. Separate research from METR, a nonprofit that tracks how quickly AI handles software tasks, arrived at a nearly identical figure — a doubling time of approximately four months since late 2024.
“No single benchmark result should be read as a precise measure of AI capability,” the AISI wrote. “Regardless, the direction of change and rapid growth have been consistent across the models, methodological choices and independent data we examined.”
Palo Alto Networks outlined four immediate priorities for enterprises as these models continue to grow in usage: First, find and fix vulnerabilities in code and applications before attackers do. Second, shrink the attack surface and use AI to spot security misconfigurations. Third, deploy detection and response tools across all systems, using machine learning to catch threats in real time. Fourth, build security operations fast enough to respond in minutes, because AI-powered attacks may soon unfold that quickly.
The AISI said it is developing more demanding evaluations, including new cyber ranges and the addition of active cyber defenses, to better reflect real-world conditions as model capabilities continue to advance.
The post Researchers say AI just broke every benchmark for autonomous cyber capability appeared first on CyberScoop.
The House Homeland Security Committee is digging into Anthropic’s AI model Mythos in a series of briefings and hearings, as questions proliferate on whether and how the federal government will make use of the technology touted for its ability to autonomously uncover cyber vulnerabilities.
Wednesday brought a closed-door briefing for the House Homeland Security Committee from Anthropic. The chairman of the panel’s cybersecurity subcommittee said he is planning to hold a hearing on the topic. And committee Democrats are requesting a classified briefing with Anthropic.
A committee aide who attended the briefing said it included a live demonstration of Mythos, “allowing members to see firsthand how advanced AI can identify and reason through software vulnerabilities. What we saw reinforced the urgency of ensuring that federal agencies, including our civilian cyber defenders, can responsibly access and deploy the most advanced U.S. models to find and patch vulnerabilities before foreign adversaries or criminal actors exploit them.”
A number of key lawmakers, including top committee Democrat Bennie Thompson of Mississippi and GOP cyber subcommittee chair Andy Ogles of Tennessee, told CyberScoop they weren’t able to attend Wednesday’s briefing. A second source who attended said it was a “productive” meeting.
“Members on both sides were focused on preserving U.S. advantage in AI, which basically came down to preserving our edge on compute power,” the source said. “They were also asking questions about whether the federal government was using Mythos, including about where CISA is and the impact of the supply chain risk designation.”
The Hill reported that Wednesday’s briefing was led on the Anthropic side by Logan Graham, from the company’s frontier red team, and Josh Tilstra, from the firm’s national security programs and policy team. It follows another recent closed briefing with Anthropic and OpenAI for the House Homeland Security Committee.
Ogles told CyberScoop he plans to hold a hearing of his subcommittee related to Mythos, but wasn’t able to attend Wednesday’s briefing due to scheduling conflicts. The top Democrat on Ogle’s subcommittee, Delia Ramirez of Illinois, also was unable to join due to prior commitments, but she was set to receive a rundown from staff about Wednesday’s briefing, her office said.
There’s a divide on which federal agencies are using Mythos thus far. For example: CISA reportedly isn’t, but the National Security Agency is.
The federal divide on its use follows a Department of Defense blacklist that labeled the company a “supply chain risk” after Anthropic resisted pressure from the Pentagon to use its Claude AI model in ways the company opposed. The department says it has been using Mythos to identify cyber vulnerabilities despite the blacklist.
A turf battle is brewing within the Trump administration over testing of AI models, The Washington Post reported this week. Connecticut Rep. Jim Himes, the top Democrat on the House Intelligence Committee, said this week that it would be ‘insane” for U.S. spy agencies not to have early access to advanced AI models.
The Mythos briefing came one day after OpenAI announced its own cybersecurity initiative.
The committee aide said that “as the PRC aggressively works to close the AI innovation gap with the United States, the committee remains focused on ensuring that America’s AI leadership translates into a durable national security advantage, not a temporary lead that adversaries can copy, steal, or rapidly commoditize.”
Updated 5/13/26: to include comment from a committee aide who attended the briefing.
The post Closed briefing sets stage for House hearing on Anthropic’s Mythos and cyber risks appeared first on CyberScoop.
OpenAI has unveiled Daybreak, a cybersecurity initiative that combines the company’s large language models with its Codex agentic framework to help organizations identify, patch, and validate software vulnerabilities across the development lifecycle.
The platform is built around three model tiers: GPT-5.5 for general-purpose use, GPT-5.5 with Trusted Access for Cyber for verified defensive security workflows, and GPT-5.5-Cyber, a more permissive variant intended for specialized use cases such as authorized red-teaming and penetration testing. Each tier carries different safeguard levels and access controls, with the most capable tier paired with stronger identity verification and account-level oversight.
“For cyber defense, it means seeing risk earlier, acting sooner, and helping make software resilient by design,” a company blog post reads.
OpenAI did not respond to CyberScoop’s request for further comment.
Daybreak arrives weeks after Anthropic unveiled Project Glasswing, built around Claude Mythos Preview, a cybersecurity-focused AI system Anthropic has described as capable of autonomously identifying software vulnerabilities at scale. Anthropic has kept access to Mythos tightly restricted, citing both safety concerns and national security considerations, and has not made the model commercially available.
The structure of Daybreak reflects a deliberate effort to calibrate access against the risk these models present. The standard GPT-5.5 model is available for general enterprise and developer work. GPT-5.5 with Trusted Access for Cyber is aimed at security professionals engaged in defensive workflows, including vulnerability triage, malware analysis, detection engineering, and patch validation. GPT-5.5-Cyber, the highest-capability tier, is currently in preview and reserved for specialized workflows under controlled conditions.
OpenAI has framed the access controls as a response to the dual-use nature of the underlying technology. The same AI capabilities that allow defenders to understand relationships across codebases, identify subtle vulnerabilities, and accelerate remediation could be misused, the company acknowledged. The platform pairs expanded capability with what OpenAI describes as trust, verification, proportional safeguards, and accountability.
“We don’t think it’s practical or appropriate to centrally decide who gets to defend themselves,” the company said in a prior blog post related to the Trusted Access for Cyber program. “Instead, we aim to enable as many legitimate defenders as possible, with access grounded in verification, trust signals, and accountability.”
Several major technology and cybersecurity companies are already working within the Trusted Access for Cyber framework, including Cisco, Oracle, CrowdStrike, Palo Alto Networks, Cloudflare, Fortinet, Akamai, and Zscaler.
Anthony Grieco, Cisco’s chief security and trust officer, described the technology as a “force multiplier for defenders,” noting that models like GPT-5.5 are changing the pace of security operations, from incident investigation to proactive exposure reduction. He added that the value of the technology lies not in the model alone but in the enterprise framework built around it.
At the federal level, the Trump administration is weighing how Anthropic’s Mythos will be used to protect government networks, with Federal CIO Greg Barbaccia telling CyberScoop last month he sees its potential to strengthen federal cyber defenses and the significant uncertainties that remain about how it would perform in real-world conditions.
Elsewhere, the European Commission is in discussions with OpenAI about potential access to its advanced AI models for identifying cybersecurity vulnerabilities.
Other industry experts told CyberScoop that while these models are very good at finding vulnerabilities, that’s only part of the puzzle when it comes to an enterprise security plan.
“The question that determines breach impact is not how fast you find the vulnerability. It’s how far a compromised identity can move before anyone knows it’s compromised,” said Doug Merritt, chairman & CEO, Aviatrix, a cloud security company. “That’s an infrastructure problem — what is each workload allowed to reach, on every path, independent of whether the breach has been detected? No patching tool answers that. Containment does.”
Jared Atkinson, CTO of SpecterOps, an identity management company, says defenders need to focus on what attackers can reach once inside, while still working to identify vulnerabilities faster.
“AI will accelerate portions of offensive security operations, but it does not fundamentally change the underlying problem defenders face. Most organizations still struggle to see and manage the attack paths that connect initial access to critical systems and data,” he said. “As these tools mature, visibility into identity exposure and post-compromise attack paths becomes increasingly urgent.”
The competitive cybersecurity dynamic between Anthropic and OpenAI has been building for months. OpenAI publicly announced the Trusted Access for Cyber program before Anthropic’s Glasswing rollout and has since expanded it to thousands of individuals and organizations. In April, the company released GPT-5.4 Cyber, a model variant specifically optimized for cybersecurity tasks, including testing and vulnerability research, governed by Know-Your-Customer and identity verification requirements.
Cybersecurity experts in the United States and United Kingdom have described Claude Mythos as a meaningful improvement over previous frontier models in identifying cybersecurity vulnerabilities, though debate continues over its practical impact on information security. GPT-5.4 Cyber has similarly been fine-tuned for testing and vulnerability research, with OpenAI indicating it intends to make iterative improvements as the program matures.
OpenAI’s stated intent is to expand access to Daybreak’s most capable models over time, working alongside industry and government partners as it deploys what it describes as “increasingly more cyber-capable models” through an iterative deployment approach. The company has indicated it is cautious about exercising too much centralized control over which sectors or industries participate in the program.
CEO Sam Altman framed the initiative in broad terms. “AI is already good and about to get super good at cybersecurity,” he wrote on X. “We’d like to start working with as many companies as possible now to help them continuously secure themselves.”
The post Daybreak is OpenAI’s answer to the AI arms race in cybersecurity appeared first on CyberScoop.
Advanced Account Security provides stronger login methods, more secure account recovery, shorter sessions, and training exclusion.
The post OpenAI Rolls Out Advanced Security for ChatGPT Accounts appeared first on SecurityWeek.
GPT‑5.4‑Cyber is a model fine-tuned for defenders, lowering boundaries for legitimate cybersecurity work.
The post OpenAI Widens Access to Cybersecurity Model After Anthropic’s Mythos Reveal appeared first on SecurityWeek.
OpenAI said it is expanding its Trusted Access for Cyber program to “thousands of individuals and organizations,” who will use the company’s technology to root out bugs and vulnerabilities in their products.
The program will also incorporate GPT 5.4 Cyber, a new variant of ChatGPT that OpenAI says is specifically optimized for cybersecurity tasks. OpenAI’s goal with this release is to make advanced cybersecurity tools more widely accessible.
The company said access to the program and cybersecurity-focused model will still be governed by “strong” Know-Your-Customer and identity verification rules to help prevent the model’s spread to bad actors.
“Our goal is to make these tools as widely available as possible while preventing misuse,” the company said in a blog posted Tuesday. “We design mechanisms which avoid arbitrarily deciding who gets access for legitimate use and who doesn’t.”
OpenAI’s announcement comes one week after Anthropic rolled out Project Glasswing, a similar effort that seeks to provide major tech companies with Claude Mythos, an unreleased model that Anthropic officials have claimed is too dangerous to sell commercially.
OpenAI officials noted they publicly announced Trusted Access for Cyber program months earlier. They have also quietly avoided direct comparisons to Mythos, and GPT 5.4 Cyber.
Cybersecurity experts in the U.S. and UK have described Mythos as a significant improvement from previous frontier models around identifying (and potentially exploiting) cybersecurity vulnerabilities, though there remains debate and speculation about the model’s ultimate impact on information security.
Similarly, GPT 5.4 Cyber has been finetuned for testing and vulnerability research, though OpenAI wants to make iterative improvements to the program as lessons are learned.
The company has plans to allow a broader group of cyber operators to use the model to protect critical infrastructure, public services and other digital systems. The company said it is also leery of having too much influence over which industries or sectors ultimately take part in the program.
“We don’t think it’s practical or appropriate to centrally decide who gets to defend themselves,” the blog stated. “Instead, we aim to enable as many legitimate defenders as possible, with access grounded in verification, trust signals, and accountability.”
The post OpenAI expands Trusted Access for Cyber program with new GPT 5.4 Cyber model appeared first on CyberScoop.
OpenAI updated its security certificates and is requiring all macOS users to update to the latest versions after determining its products, along with many others, were impacted by a widespread supply-chain attack that briefly infected a popular open-source library in late March, the company said in a blog post Friday.
The artificial intelligence vendor said it “found no evidence that OpenAI user data was accessed, that our systems or intellectual property was compromised, or that our software was altered.”
Yet, because a GitHub workflow the company uses to sign certificates for macOS applications downloaded and executed a malicious version of Axios, the company is treating the soon-to-be defunct certificate as compromised.
A North Korean hacking group injected malware into two versions of Axios after it compromised the lead maintainer’s computer via social engineering and took over his npm and GitHub accounts. Jason Saayman, the lead maintainer for Axios, said the malicious versions of the software were live for about three hours before removal.
Google Threat Intelligence Group, which tracks the threat group as UNC1069, said the impact of the attack was broad with ripple effects potentially exposing other popular packages. The JavaScript libraries flow into dependent downstream software through more than 100 million and 83 million downloads weekly.
The attack was discovered just weeks after a series of other open-source tools, including Trivy, were compromised by UNC6780, also known as TeamPCP, resulting in aggressive extortion attempts.
OpenAI insists the malware that infected Axios did not directly impact its certificate, which is designed to help customers confirm they are downloading legitimate software.
“The signing certificate present in this workflow was likely not successfully exfiltrated by the malicious payload due to the timing of the payload execution, certificate injection into the job, sequencing of the job itself, and other mitigating factors,” the company said in the blog post. “Nevertheless, out of an abundance of caution we are treating the certificate as compromised, and are revoking and rotating it.”
Older versions of OpenAI’s macOS apps may lose functionality and will no longer be supported when the certificate is fully revoked May 8, the company said.
OpenAI, which hired a third-party digital forensics and incident response firm to aid its investigation and response, pinned the root cause of the security issue on a misconfiguration in its GitHub workflow. The company said it corrected that error and worked with Apple to ensure fraudulent apps posing as OpenAI cannot use the impacted certificate.
The 30-day window is designed to minimize disruption for users, but OpenAI said it will speed up the revocation deadline if it identifies any malicious activity. The company did not immediately respond to a request for comment.
The post OpenAI’s Mac apps need updates thanks to the Axios hack appeared first on CyberScoop.
Login