OpenAI Just Released GPT-5.4-Cyber to Counter Anthropic. The AI Security Arms Race Is Here.
OpenAI launched a cybersecurity AI model for verified defenders, one week after Anthropic Mythos terrified global regulators. The gloves are officially off.
The AI Post newsroom — delivering AI news at the speed of intelligence.
OpenAI just fired back at Anthropic with its own cybersecurity AI model. And the timing could not be more obvious.
The company released GPT-5.4-Cyber on Tuesday, exactly one week after Anthropic's Mythos model caused a global regulatory panic. GPT-5.4-Cyber is a "more permissive" version of GPT-5.4, designed specifically for cybersecurity work with lowered refusal boundaries for what OpenAI considers "legitimate defensive work."
Access is limited to OpenAI's Trusted Access for Cyber program, which requires identity verification and is expanding from hundreds to thousands of "verified defenders" in the coming weeks.
**The Anthropic Effect**
Anthropic's Mythos didn't just worry cybersecurity experts. It terrified them. The model's ability to find and exploit vulnerabilities at superhuman speed prompted emergency meetings between Treasury Secretary Scott Bessent, Fed Chair Jerome Powell, and Wall Street bank CEOs.
Ireland's National Cyber Security Centre director told parliament that similar models from "bad actors" should be expected before the end of the year. Anthropic co-founder Jack Clark said Chinese open-weight models with these capabilities could arrive within 12 to 18 months.
Now OpenAI is racing to match those capabilities, at least for the "good guys."
**The Enterprise Battle**
This isn't just about cybersecurity. It's about OpenAI losing ground to Anthropic in the enterprise market. Data from payments company Ramp shows nearly one in three U.S. businesses paid for Anthropic tools in March.
OpenAI has been cutting back on consumer projects to focus on enterprise. The company paused plans for an adult ChatGPT version and put its Stargate UK project on hold. It's also launching a "superapp" inspired by Anthropic and dedicated health AI tools shortly after Anthropic's Claude health features.
**What Happens Next**
The AI security arms race is now official. Both companies are building models that can hack anything, but limiting access to "trusted" parties. The question is whether their screening processes can keep these tools away from bad actors long enough for defenses to catch up.
Ireland's warning suggests they can't. If cybersecurity AI models are coming from state actors and Chinese labs within months, the window for defensive preparation is shrinking fast.
The bigger question: Will having two AI companies racing to build the most powerful hacking tools make us more secure, or just ensure that the tools proliferate faster?