OpenAI reportedly plans 'Mythos' model
OpenAI is reportedly developing a new cybersecurity‑focused model codenamed 'Mythos' but is cautious about broad release because of potential misuse, reflecting rising model-maker concern about downstream harms. The report underscores that labs are balancing capability with risk when deciding how and where to deploy new systems. (axios.com)
OpenAI is reportedly building a cybersecurity model and not planning to put it on the open shelf. Axios reported on April 9 that the company is preparing a system for a small group of partners instead of a broad public launch. (axios.com) That is unusual only if you think of chatbots as public products first. In cybersecurity, the same model that helps a defender find a software flaw can help an attacker find the same flaw faster. (openai.com) OpenAI has been laying the policy track for this for more than a year. Its updated Preparedness Framework, published on April 15, 2025, says the company measures frontier risks in areas including cybersecurity and can add safeguards or limit deployment when capability rises. (openai.com) The company’s own cyber post from December 10, 2025 says model capability is moving up on both sides of the field at once. OpenAI described the upside as better defense and the downside as dual-use risk, which is policy language for tools that work for cops and burglars alike. (openai.com) Axios says the internal codename is “Mythos,” but the bigger detail is the release plan. The report says OpenAI wants a restricted program for trusted users, which is closer to lending out a master key under supervision than selling copies at retail. (axios.com) That approach matches how other labs are moving. Anthropic wrote on October 3, 2025 that its Claude Sonnet 4.5 model had become useful for real cybersecurity work, and it framed the project as helping defenders detect, analyze, and fix vulnerabilities. (anthropic.com) Anthropic also spent this week building a fence around that idea. On April 8, 2026, it announced Project Glasswing with Amazon Web Services, Apple, Cisco, Google, Microsoft, NVIDIA, Palo Alto Networks, and others to secure critical software as artificial intelligence gets better at cyber work. (anthropic.com) OpenAI has been building the same kind of review machinery internally. Its Preparedness Framework PDF says a Safety Advisory Group recommends what safeguards are required before deployment, and OpenAI’s December 2025 post says it is using outside experts to test frontier risks in cybersecurity. (cdn.openai.com) (openai.com) So this story is less “OpenAI made a hacker bot” than “the labs now think cyber ability is strong enough to need controlled distribution.” When companies start treating a model like sensitive infrastructure instead of a normal app launch, it usually means the capability curve has moved ahead of the old release playbook. (axios.com) (openai.com)
