Three days ago, Anthropic revealed it built an AI model so good at hacking that it could not release it to the public. Claude Mythos Preview found thousands of zero-day vulnerabilities in every major operating system and browser. The Treasury Secretary and Fed Chair called an emergency meeting about it. Apple, Google, Microsoft, Nvidia, and JPMorgan lined up to pay for access.

Now OpenAI wants one too.

According to Axios, OpenAI is developing its own cybersecurity-focused AI model specifically designed to find and exploit software vulnerabilities. The company confirmed it is working on "dedicated cybersecurity capabilities" that would compete directly with Anthropic's Project Glasswing. Multiple people familiar with the effort say OpenAI has been accelerating the project since Mythos Preview was announced.

The Defensive Arms Race

Both companies frame this as defense. Anthropic says Mythos Preview is meant to help companies find vulnerabilities before attackers do. OpenAI will almost certainly use the same framing. And they are not wrong. The cybersecurity industry has a massive labor shortage. AI that can scan millions of lines of code for exploitable weaknesses could genuinely help.

But here is the uncomfortable truth everyone in the industry knows and nobody wants to say out loud: a tool that finds vulnerabilities is also a tool that exploits them. The difference between a penetration testing AI and a hacking AI is who is holding the keyboard.

Why This Is Different From Everything Else

Anthropic handled Mythos Preview like a controlled substance. Limited access. Twelve companies. $100 million in research credits. Mandatory coordinated disclosure of any vulnerabilities found. No public release until safeguards are proven. The company is treating its own AI like a weapon, because it is one.

The question is whether OpenAI will apply the same restraint. This is the company that released GPT-4 to the public in weeks, launched DALL-E without content safety figured out, and shipped Sora despite internal concerns. Speed is in its DNA. And right now, every day without a competing product means Anthropic locks in more enterprise cybersecurity contracts.

The Money at Stake

Anthropic is pricing Mythos Preview at $25 per million input tokens and $125 per million output tokens. That is expensive, and companies are lining up anyway. The global cybersecurity market is worth $200 billion and growing. If AI can automate even a fraction of vulnerability discovery, whoever controls the best model controls a massive new revenue stream.

For OpenAI, this is also about proving relevance. Anthropic just demonstrated that Claude Mythos is genuinely better at specific, high-value tasks than anything OpenAI offers. That is a first. Every previous model comparison was about general intelligence benchmarks. This is about a real-world capability with immediate commercial value. If OpenAI cannot match it, the narrative that Anthropic builds better models starts hardening into consensus.

What to Watch

The next 90 days will tell us everything. Will OpenAI restrict access to its cyber model like Anthropic did? Will Google build its own? Will the government try to regulate AI hacking tools before they proliferate? Right now we have two companies building AI that can find every crack in every system on the internet. In six months, we could have five. The cybersecurity industry just changed forever, and most people have not even realized it yet.