Models now a cyber risk to critical systems

The scary part is not that artificial intelligence can write phishing emails anymore. It is that the newest models are being evaluated for finding software flaws, turning known bugs into working break-ins, and helping with stealthy intrusions against real systems, including industrial ones. (axios.com) (openai.com) Critical infrastructure is the boring machinery that keeps daily life on: power grids, water plants, hospitals, banks, pipelines, and telecom networks. The Cybersecurity and Infrastructure Security Agency says the United States has 16 such sectors because failure there can hit public health, safety, and the economy at once. (cisa.gov) Those systems already run on old software, thin staffing, and a backlog of unpatched flaws. What changed this week is that Anthropic and OpenAI are both now publicly describing models strong enough in cyber work that they built special limits around them. (anthropic.com) (openai.com) Anthropic said on April 7 that Claude Mythos Preview would not be made generally available. In its system card, the company said the model’s capability jump was large enough that it would only be used in a restricted defensive program with selected partners. (anthropic.com) Anthropic’s companion program is called Project Glasswing. It launched with partners including Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks, plus more than 40 additional organizations tied to critical software infrastructure. (anthropic.com) OpenAI made a parallel admission on March 5 in its GPT-5.4 Thinking system card. The company said GPT-5.4 Thinking is its first general-purpose model with implemented mitigations for “High” cybersecurity capability. (openai.com) OpenAI defines that “High” bar in concrete terms. In a December 2025 post, it said models at that level could develop zero-day remote exploits against well-defended systems or meaningfully assist with stealthy enterprise or industrial intrusion operations aimed at real-world effects. (openai.com) That is why this story is landing on water utilities and hospital networks, not just software companies. If a model can help a defender find a bug in a router, the same skill can help an attacker find the weak hinge on a treatment plant, a medical device network, or a regional power operator. (cisa.gov) (openai.com) The companies’ response is not “trust the model less.” It is “trust fewer people with the model”: restricted rollout, identity checks, automated monitoring for suspicious cyber activity, and product controls like sandboxing and configurable network access. (anthropic.com) (openai.com) (developers.openai.com) (cdn.openai.com) Anthropic is also putting money behind the defensive side. The company said Project Glasswing includes up to $100 million in usage credits and $4 million in donations to open-source security groups, which is a clue to the scale of patching work it expects ahead. (anthropic.com) Axios summed up the shift in one line: operators of water, electricity, health care, and financial services are “on the clock.” The countdown is not about a single announced attack; it is about frontier models moving cyber offense from a specialist craft toward something faster, cheaper, and easier to scale. (axios.com)