OpenAI’s cybersecurity model 'Mythos' leak

OpenAI is reportedly building a new cybersecurity product and planning to keep the first release inside a small partner circle instead of putting it on the open market right away. Axios reported on April 9 that the company is finalizing the product for a limited set of partners because its cyber capabilities may be strong enough to raise autonomy and hacking concerns. (axios.com) This is a change in how frontier artificial intelligence gets shipped. The old pattern was model first and access later, but OpenAI already set up a February 5 program called Trusted Access for Cyber that checks identity and trust before giving people stronger cyber tools. (openai.com) Trusted Access for Cyber is not a vague waiting list. OpenAI says the pilot is for enterprises and security practitioners doing defensive work, and its application asks about uses like penetration testing, vulnerability assessment, malware reverse engineering, and cryptographic research. (openai.com) The company has been preparing for this in public for months. On December 10, 2025, OpenAI said cyber capabilities in its models were advancing rapidly and that it was layering in safeguards, limiting misuse, and working with security experts as those capabilities got stronger. (openai.com) OpenAI also rewrote the safety rulebook around this problem. Its updated Preparedness Framework treats cybersecurity as one of the tracked danger areas, alongside biological and chemical risks and artificial intelligence self-improvement, which means a model can trigger extra controls before release if its cyber performance crosses a threshold. (openai.com) The important detail is that the risk is not just “bad advice” in a chat window. Axios says labs are now worried about models that can do more of the hacking job on their own, which turns release strategy into part of the safety system, the same way a dangerous chemical is handled with locked cabinets and trained staff instead of a public shelf. (axios.com) That helps explain why access policy is starting to look like product design. OpenAI’s own cyber safety documentation says some users can verify identity for high-risk cybersecurity work, while security researchers who need even more capable or permissive models can apply to an invite-only program. (developers.openai.com) The timing also lines up with a wider industry shift. Anthropic has been limiting access to its own powerful cyber model through a program called Project Glasswing, with companies like Microsoft, Amazon, Apple, CrowdStrike, and Palo Alto Networks named as early users rather than a broad public rollout. (cnbc.com) OpenAI is putting money behind the gated approach too. When it launched Trusted Access for Cyber, it tied the program to GPT-5.3-Codex and said it would commit $10 million in application programming interface credits to speed up defensive use by approved organizations. (openai.com, openai.com) So the leak is not just about one secretive model. It shows that for cyber-capable artificial intelligence, the release button is no longer a single moment; it is a sequence of identity checks, partner deals, monitoring systems, and staged exposure built to keep the strongest tools in a smaller room. (axios.com), (openai.com)