Vendors caution: cyber models are double‑edged

The strange part of this week’s artificial intelligence news is that the companies are bragging about what their cyber models can do and then refusing to ship them widely. Anthropic said its new Claude Mythos Preview model is being held to a small circle of partners because it can find and exploit serious software flaws, and Axios reported on April 9 that OpenAI is preparing a separate cybersecurity product for only a limited set of users. (anthropic.com) (axios.com 1) (axios.com 2) A software vulnerability is a mistake in code that acts like a hidden unlocked window in a building. A model that can spot one bug can often also show how to climb through it, which is why the same tool can help defenders patch systems or help attackers break into them. (helpnetsecurity.com) (anthropic.com) Anthropic says Mythos Preview did not just answer security questions in chat. The company says the model autonomously identified zero-day vulnerabilities, meaning previously unknown flaws, across major operating systems and web browsers during internal testing. (anthropic.com) (helpnetsecurity.com) That is why Anthropic wrapped the launch inside a gated program called Project Glasswing instead of a normal public release. Bloomberg and CNBC reported that partners in the effort include Apple, Amazon, Microsoft, Cisco, CrowdStrike, and Palo Alto Networks, which are the kinds of companies that already run large security teams and critical infrastructure. (bloomberg.com) (cnbc.com) OpenAI has been moving in the same direction for months. In February, OpenAI introduced Trusted Access for Cyber, a framework that says stronger cyber capabilities should be given through identity checks, trust reviews, and managed access rather than thrown open to everyone with an application programming interface key. (openai.com) Axios now says OpenAI is finalizing a cybersecurity product with advanced capabilities for a small set of partners. That makes the market signal pretty clear: sell the defensive service, keep the most dangerous general-purpose capability behind a gate, and decide case by case who gets to touch it. (axios.com) (openai.com) This is a break from the old software pattern where a company released a tool and let customers decide how to use it. With frontier cyber models, the vendor is acting more like a lab handling hazardous material, because the same system that helps find one company’s weak spots could also scan the wider internet for thousands more. (anthropic.com) (nextgov.com) The commercial logic is easy to see. A managed security product creates revenue, gives the model maker logs and oversight, and reduces the chance that a public release becomes the engine behind a major breach traced back to its own model. (axios.com) (openai.com) The policy problem is harder. If a handful of firms get early access to machines that can discover flaws at scale, those firms may patch faster than everyone else, while smaller companies, open source maintainers, and public agencies wait outside the gate. (nextgov.com) (bloomberg.com) So the new posture from vendors is not “artificial intelligence for cybersecurity” in the broad consumer sense people got used to over the last two years. It is closer to “artificial intelligence for cybersecurity, but only inside a controlled room,” because the companies building these models now seem to believe the safest product is the one they never fully release. (axios.com 1) (axios.com 2)