OpenAI has expanded its Daybreak cybersecurity initiative with a new suite of tools and partnerships.

The post OpenAI Refocuses Cybersecurity Efforts on Patching Over Discovery appeared first on SecurityWeek.

Intelligence agencies for the United States, Canada, UK, Australia and New Zealand are warning that advanced AI models capable of wreaking havoc in the cyber domain are “months away” from being publicly available.

In a joint statement, the Five Eyes alliance say they expect the kind of advanced hacking capabilities provided by frontier models like Anthropic’s Fable 5 and OpenAI’s Daybreak to become broadly available the public within the year, despite efforts by AI companies to withhold them or restrict their access.

“Frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities,” the agencies said. “The timeline is not years, it is months.”

The statement, which included signatures from NSA’s Director of the Cybersecurity Directorate David Imbordino and acting CISA Director Nick Andersen, does not specifically cite secret or classified sources or methods to reach this conclusion.

But much of the underlying justification provided by the intelligence agencies also aligns with what public cybersecurity and AI experts have been warning about for months.

AI models capable of exploiting cybersecurity weaknesses are already available today through multiple channels: older commercial models, open-source versions, or foreign and black-market sources. And while newer models like Mythos are reportedly significantly more powerful for cybersecurity-related tasks, the breakneck pace of frontier model development often means that yesterday’s restricted frontier AI is tomorrow’s free, open-source AI.

Representative Andrew Garbarino, R-N.Y., Chair of the House Homeland Security Committee, said the warning from intelligence agencies “underscores what the Committee has repeatedly heard through roundtables, briefings, and hearings with industry leaders: China is just months, if not now weeks, away from achieving frontier AI capabilities comparable to those of the United States.”

“This threat reinforces the urgency of ensuring that federal agencies and critical infrastructure operators can responsibly leverage advanced U.S. models, and receive the guidance and support necessary to do so, to find vulnerabilities before adversaries can exploit them,” said Garbarino in a statement.”

The agencies flag legacy systems, sluggish patching loops, unnecessary internet connectivity, weak identity and access controls, and a lack of pre-incident planning by organizations as key weaknesses that AI will excel at exploiting.

“The rapid pace of frontier AI development means cyber risk assumptions can become outdated in months, not years,” the agencies wrote. “We must act before and be prepared to adapt and withstand evolving threats.”

Since large language models burst onto the scene, open-source models have run about 6-8 months behind the largest frontier AI companies.

To give an idea of how quickly the field develops: the capabilities described in the Amazon threat intelligence report that convinced the Trump administration to place export controls on Fable 5 could already be accomplished through older models like Claude Opus and Claude Sonnet, as well as open-source Chinese models.

Anthropic shut down access to their Fable 5 and Mythos 5 models as a result, and despite releasing a statement that they believe the White House decision was a “misunderstanding” the dispute remains resolved.

Programs like Anthropic’s Project Glasswing and OpenAI’s Trusted Access for Cyber Program provide AI systems to organizations for cyberdefense.  The goal is to give defenders a head start in finding and fixing vulnerabilities before AI systems can exploit them routinely in the coming years.

However, for all the fear surrounding the new technology, the recommended guidance is largely the same as it has been for decades. Governments, businesses and leaders must stop treating the digital security of their work as an afterthought or compliance issue.

“Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy,” the agencies wrote. “Those that do not will face growing operational and strategic disadvantage.”

06/23/2026: This story was updated to include comment from Rep. Andrew Garbarino, R-N.Y.

The post Intel agencies: Frontier AI models will reshape cybersecurity faster than expected appeared first on CyberScoop.

AI By Matthew S. Smith This might be hard to believe, but we’re now at least four years into the era of AI large language models — and perhaps up to nine, depending on your definition. OpenAI’s ChatGPT was released in 2022, GPT-3 was released in 2020, and the paper that defined the transformer architecture […]

The iOS app version of ChatGPT has a great hidden feature for choosing how intelligent you want your answer to be.

I used ChatGPT to create action figures based on different eras of my life — the results felt oddly nostalgic

ChatGPT's expanding capabilities and unchanged subscription price have sparked a debate over whether it's a good deal or headed for a cliff

OpenAI’s threat intelligence team tracked what it believes are two distinct clusters of activity online from groups with ties to China and posting content seemingly designed to stoke anger around divisive topics like AI and data centers.

The first, dubbed “Data Center Bandwagon,” used ChatGPT to create imagery and social media comments claiming data center buildouts were raising electricity prices for Americans.

Another used the tool to develop images and online posts characterizing tariffs as a covert means for the countries to exert control over the global technological landscape. According to OpenAI, the originating prompts directed ChatGPT to only include U.S. President Donald Trump in this content, while leaving out Chinese President Xi Jinping, who has also made use of tariffs.  

In both cases, OpenAI said the operators “likely originated” in China. The anti-data center content was traced to an unnamed Chinese technology company that holds multiple contracts with regional Chinese governments, and both clusters used VPNs to evade restrictions, prompted ChatGPT in simplified Chinese and asked for both English and Chinese-language outputs, all while posing as Americans on social media platforms like X and YouTube.

“This looks like a classic example of a foreign influence operation jumping onto the bandwagon of a genuine and pre-existing domestic debate and trying to manipulate it by using fake accounts posing as Americans,” online, said Ben Nimmo, principal investigator at OpenAI and author of the report. 

While OpenAI – which has sought to raise hundreds of millions of dollars in funding to build datacenters in the U.S. – is not a neutral party, the report does not claim that anti-data center sentiment in the country is being driven or bolstered by foreign propaganda online.

There’s little evidence that the campaigns got much attention outside their own amplification networks. Such engagement from third parties is an imperfect but important indicator of an influence operation’s impact. OpenAI rated the campaigns a 1 and 2 on the Bookings breakout scale, scores that indicate activity on one or more platforms but no evidence of meaningful engagement by targeted audiences.

Additionally, researchers who study state-sponsored influence campaigns say these groups are happy to latch onto and amplify genuine domestic movements or messaging so long as it serves their larger destabilization goals.

Others have suggested that piggybacking off established narratives with organic momentum – like public anger at AI and data centers – can make an influence operation appear more effective.

While AI tools can be leveraged to create such internet content at scale, they often fail to gain traction. Some images used by Chinese actors appear clunky or use overly direct messaging that display a lack of familiarity with both the English language and internet virality.

“I do want to be really clear here: this was not a case of an influence operation creating a debate,” said Nimmo. “The debate existed already. This was an influence operation from China trying to interfere in it. We didn’t see any signs that it succeeded.”

He added that while such views are “reasonable” and “sincerely held” by many participants on both sides, “what we don’t want to see is a covert foreign influence operation posing as Americans to try to shape it, still less a foreign influence operation using the very AI that it attacks.”

According to the OpenAI report, the actors used ChatGPT to edit work reports which contained operational security details about their social media campaigns. In them, they described their goals as “establishing persistent and credible accounts, producing visually appealing content to expand audience reach in different regions and maintaining long term account viability by anticipating platform enforcement.”

Another report fed into ChatGPT discussed how best to leverage Facebook’s content ecosystem, groups, pages, hashtags, advertising tools, recommendation systems and reporting mechanisms, as well as strategies for evading Meta’s detection of coordinated inauthentic accounts.

The campaign around tariffs also used ChatGPT to create short comments, comics in English but also Italian, Japanese and traditional Chinese accusing the US of putting profits over loyalty to its allies. OpenAI said they were targeted by the same network on X with an influence campaign alleging a widespread user data breach that Nimmo said “never happened.”

While OpenAI said the campaigns likely originated in China, they do not directly attribute the operations to the Chinese government or actors working on their behalf, but do note that many parts of the campaign and its tactics overlap with pre-established Chinese government propaganda campaigns online.

The post OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers  appeared first on CyberScoop.

Earlier this year, Anthropic executives said that their new AI model, Claude Mythos, had such powerful capabilities for harm that they would not release it publicly.

On Tuesday, the company said it was making an altered version of Mythos available to the public, promising “new guardrails” that thwart the model’s best-in-class performance in hacking and bioweapons research.

Anthropic said Claude Fable 5 was the “same underlying model” as Mythos, but its responses for certain topics like cybersecurity and biology will be drawn from a previous Claude Opus model that is already public.

“Releasing a model this capable comes with risks. Without safeguards, Fable 5’s capabilities in areas like cybersecurity could be misused to cause serious damage,” the company said in a draft blog sent to CyberScoop ahead of the announcement. “We’ve therefore launched the model with safeguards that route queries on a narrow set of topics to our next-most-capable model, Claude Opus 4.8.”

Anthropic also said they subjected Fable 5 to both internal and external red team testing for common model vulnerabilities, like jailbreaking. Anthropic said these tests identified no known “universal” jailbreaking techniques, but does not specify if partial jailbreaking techniques were discovered.  

The company is betting that won’t change when Fable 5 is made available to the broader public, but it’s worth noting that cybersecurity researchers have consistently found ways to jailbreak older AI models.

“The uplift from Mythos-level capabilities is valuable to many adversaries—for instance, those who could financially gain from cyberattacks—and we therefore expect them to be motivated to try to circumvent our safety measures,” the company wrote.

Anthropic is changing its data retention policies for Fable and Mythos models, keeping all user traffic for 30 days on both its own platforms and third-party services. A White House executive order creates a voluntary framework for AI companies to share frontier models with the government up to 30 days before public release. The company says the retained data won’t be used to train new Claude models or for “any non-safety-related-purpose.”

Following publication, a spokesperson for Anthropic told CyberScoop the company’s data retention policies “are specific to their safeguards work and is unrelated to the EO.”

Most organizations are still deciding whether to adopt AI into their IT and cybersecurity ecosystem.  But models like Mythos can scan for vulnerabilities, chain together exploits, and steal data from a victim network in minutes. Automation in hacking existed before AI, but experts have said frontier models like Mythos and OpenAI’s Daybreak can allow even low-level cybercriminals to wreak havoc.

While Anthropic cited its commitment to developing safe and secure AI in its reasons for not publicly releasing Mythos, many organizations have been clamoring for access, and its enhanced cybersecurity functions in cybersecurity and other areas have been the subject of congressional hearings, national security papers and White House executive orders.

Releasing a limited version of the model in Fable 5 represents an attempt to split the difference between those two desires. Anthropic said it would release follow up benchmarks and assets for the model.

So what can Fable 5 do? 

Anthropic said it’s possible the restrictions built into Fable will make it harder for the model to fulfill both malicious and legitimate user requests.

“Because we have prioritized safety, we’ve deliberately tuned the safeguards to be cautious, and they are still stricter than would be ideal—for example, sometimes benign requests will trigger our classifiers,” the company wrote. “We recognize that this will be frustrating to some users, and our aim is to reduce false positives as we update and refine the safeguards after launch.”

If Fable 5 draws its cybersecurity and biology answers entirely from Claude Opus 4.8, it will still provide users with impressive – though not unique – dual use cybersecurity capabilities.

According to the system card published for Opus 4.8, the model is a slight improvement on previous models like 4.7 in the realm of cybersecurity but was “generally much less capable than Mythos Preview.”

Opus 4.8 was tested on its ability to write complete end-to-end exploits and build exploit primitives that provide attackers with the ability to execute arbitrary code. It averaged a score just 5 out of 16 in proficiency, compared to Mythos Preview which scored closer to 10.

Without safety guardrails in place, Opus 4.8 can still reproduce nearly 80% of previously discovered vulnerabilities in real open-source software projects when given a high level description of the weakness. The system card said Anthropic’s unspecified safeguards whittle this success rate down to 1%.

Another test assessing Opus’ ability to develop exploits for the popular Firefox browser found that, again without guardrails, the model could identify a full working exploit 8.8% of the time and a partial working exploit 68.8% of the time.

The company also said that members of Project Glasswing – a consortium of public and private businesses given access to a preview version of Mythos – will be able to upgrade to the latest full model, Claude Mythos 5, to continue their work. Access to Mythos 5 will be expanded over time “through a more systematic trusted-access program” including federal agencies.

The post Anthropic’s new model is Mythos on a leash appeared first on CyberScoop.

AI models such as Anthropic’s Claude Mythos and OpenAI’s Daybreak represent a fundamental inflection point in security. These advances are not only reshaping technology but also redefining trust, risk, and the relationship between humans and intelligent systems. As innovation accelerates, AI governance and responsible deployment are becoming strategic priorities for every organization.

Historically, governments have played a stabilizing role during moments of transformational technological change. Yet the pace and scale of the AI era demand a new model, one built on partnership rather than control, balancing societal responsibility with the need to sustain innovation and global competitiveness.

The White House’s executive order on AI governance signals that collaboration between the industry and policymakers will increasingly shape the future landscape. Proposed frameworks that promote transparency and responsible development point toward a more coordinated approach to risk management.

Effective governance of AI models should balance clear safeguards with the speed of innovation, aligning organizations, policy makers, and technology leaders around a shared goal: advancing AI in ways that strengthen trust, security, and long-term value. The path forward is not defined by heavy-handed oversight, but by building an ecosystem of accountability.

Three key points substantiate this approach.

First, the industry should recognize Anthropic’s release of Mythos as an example of responsible innovation. Company leaders recognized the model’s risks and deliberately delayed broader deployment, allowing early testing to surface vulnerabilities before widespread adoption.

The broader lesson extends beyond a single model release. Responsible leadership means prioritizing decisions that build trust and enable sustained innovation. As AI capabilities accelerate, the most successful organizations that lead will be those that weave accountability through their ambitious pursuits, rather than treating them as competing priorities.

Second, innovation rarely thrives under rigid frameworks. History has shown that many compliance regimes, while well-intentioned, incentivize organizations to optimize for requirements rather than outcomes. Security is strengthened through systems designed for resilience and trust, which goes beyond mere compliance.

Third, slowing U.S.-based AI innovation risks weakening long-term competitiveness. The U.S. remains a leader in AI but maintaining that position will require balancing responsible safeguards with continued investment and progress. Overly restrictive approaches risk slowing domestic advancement while other nations continue accelerating development and capability.

An effective AI governance approach would encourage further responsible AI model development, as demonstrated by Anthropic. It would avoid direct government regulation and instead enforce accountability for companies that are irresponsible with AI development.

Hopefully, the partnership and collaboration between government entities and industry will continue beyond the White House order. Policymakers and industry leaders should create incentives that reward AI vendors for considering societal implications before releasing new solutions. This framework would highlight responsible providers as models for the industry while imposing meaningful consequences based on demonstrated societal harm that direct affects business and technology decisions.  

AI models such as Mythos and Daybreak underscore a broader reality: the future of AI will be shaped by the trust around innovation, not merely by its development pace. The next era of AI leadership will require a new model of collaboration between industry and policymakers that maintains the speed and adaptability that innovation demands while establishing meaningful accountability for real-world outcomes.

The objective should be to guide progress responsibly. The organizations and nations that lead in the AI era will be those that demonstrate how innovation and accountability work together to strengthen trust, security, and long-term value creation.

Art Gilliland is CEO of Delinea, a cybersecurity company focused on human, machine and AI identity protection.

The post The AI security race needs accountability, not overregulation appeared first on CyberScoop.

The Active Sessions and Lockdown Mode features are being made more broadly available by the AI giant.

The post OpenAI Rolling Out ChatGPT Account Security Controls appeared first on SecurityWeek.

New research is causing quite some controversy on Reddit — but it makes some very interesting points.

I used years of Reddit comments and Google history to create an AI version of myself in ChatGPT

OpenAI has confirmed that GPT-4.5 will be removed from ChatGPT next month, marking the end of the GPT-4 era.

I asked ChatGPT to create a realistic home workout for a middle-aged body, and after two weeks, I’m surprised by how effective and sustainable it’s been.

Adding one simple question to ChatGPT prompts helps the AI better understand what you actually need

I used ChatGPT to make my routine neighborhood walks feel less repetitive

OpenAI on Wednesday hailed its plans to safeguard information and aid cybersecurity defenders in the 2026 midterm elections, including work to combat deepfakes and other forms of artificial intelligence misuse. 

The announcement builds on commitments from major tech companies in 2024, including OpenAI, to protect elections from AI-infused election interference — efforts that some thought weren’t enough. Government agencies, non-governmental institutes and others have increasingly warned about AI’s ability to have a negative impact on elections even as they advertise its potential for good.

OpenAI’s plan has five planks: spreading reliable information about voting and election results, helping with cybersecurity, watermarking deepfakes, enforcing policies that ban users from deploying its tools for election interference, and weeding out political bias in its models.

OpenAI highlighted that it has made its Codex Security agentic framework and Trusted Access for Cyber framework available to election officials, and was briefing the National Association of Secretaries of State and the National Association of State Election Directors on its tools.

“This is an important moment for cyber defenders across industries, and we believe AI plays a critical role in hardening digital infrastructure — including systems that support elections,” the company said. “OpenAI is committed to building resilience across the infrastructure stack, including in ways that support election execution.”

Some elements of OpenAI’s plans aren’t new so much as it’s taking pieces from other announcements and putting them together in one, such as reiterating last week’s partnership with SynthID to add watermarks to images generated with ChatGPT to assist in evaluating whether something is real or a deepfake.

One new element of Wednesday’s announcement is that OpenAI has struck a partnership with the Associated Press on sharing election data.

One election security expert welcomed the OpenAI announcement.

“Given the prevalence and amplification of disinformation about our elections, sometimes coming from leaders in high office, it’s always a good thing when platforms and services embrace their obligation to deliver accurate information to users,” David Becker, executive director of the Center for Election Innovation & Research, told CyberScoop. “It appears OpenAI is doing that with this announcement. I hope other platforms embrace this responsibility as well.”

The post OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms appeared first on CyberScoop.

I discovered that adding one simple instruction to ChatGPT prompts made its advice feel less idealized and much more useful for everyday life

OpenAI co-founder Andrej Karpathy is now part of Anthropic's AI team and will helm a team that handles pre-training research.

1Password says AI coding agents should never hold persistent secrets, introducing a just-in-time credential model for OpenAI Codex designed to keep credentials out of prompts, code repositories, and model context.

The post 1Password Teams With OpenAI to Stop AI Coding Agents From Leaking Credentials appeared first on SecurityWeek.