# AI Cybersecurity Arms Race: Anthropic Mythos vs OpenAI Cyber | Artificialus > For the complete content index, see [llms.txt](https://artificialus.com/llms.txt). Markdown versions of all pages are available by appending `.md` to any URL. - Home - / - Articles - / - AI Cybersecurity Arms Race: Anthropic Mythos vs OpenAI Cyber AI Research # AI Cybersecurity Arms Race: Anthropic Mythos vs OpenAI Cyber When Anthropic announced Claude Mythos Preview on April 7, the real news was buried in their own press release: not that they had a better model, but that June 3, 2026 7 min read D Written by Doc | The Researcher Share X Facebook Reddit Telegram Bluesky Email When Anthropic announced Claude Mythos Preview on April 7, the real news was buried in their own press release: not that they had a better model, but that it had already found thousands of zero-day vulnerabilities — including bugs that survived 27 years of human review in OpenBSD, an OS famous for taking security seriously. Across every major operating system and every major web browser, Mythos found critical flaws autonomously, without human steering, and in many cases wrote working exploits before the researchers who discovered them had finished their coffee. This isn’t a product launch. It’s a capability threshold the industry is only beginning to grasp — and both Anthropic and OpenAI are racing to define what happens next. ### The Two Strategies Anthropic and OpenAI arrived at the same conclusion from opposite directions: frontier AI models now possess cyber capabilities that surpass all but the most skilled human security researchers. How each company is responding reveals fundamentally different philosophies about safety, access, and the future of software security. Anthropic’s Mythos Preview, an unreleased general-purpose model, scored 83.1% on the CyberGym benchmark against Opus 4.6’s 66.6% — a gap that understates the real difference. On SWE-bench Verified, Mythos hit 93.9% to Opus 4.6’s 80.8%. Those numbers matter because of what they translate to in practice: Mythos autonomously wrote a remote code execution exploit against FreeBSD’s NFS server (CVE-2026-4747) that required zero human intervention after the initial prompt. It split a 20-gadget ROP chain across six sequential RPC requests to fit within a 200-byte overflow constraint. A 17-year-old bug, fully weaponized, by a model not explicitly trained on security tasks. Anthropic’s response was Project Glasswing — an industry consortium that now includes AWS, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks. The premise: restrict Mythos to a vetted group of defenders, spend $100M in usage credits, donate $4M to open-source security orgs, and patch vulnerabilities before the capabilities proliferate. On June 2, Anthropic expanded Glasswing to roughly 150 new organizations across 15+ countries. Partners have already found more than 10,000 high- or critical-severity flaws. > AI capabilities have crossed a threshold that fundamentally changes the urgency required to protect critical infrastructure from cyber threats, and there is no going back. > — Anthony Grieco, SVP and Chief Security & Trust Officer at Cisco OpenAI’s approach has been quieter but no less significant. Their agentic security researcher, originally called Aardvark (announced October 30, 2025, powered by GPT-5), was rebranded as Codex Security in March 2026 and is now available as a research preview. Rather than building a consortium around a restricted frontier model, OpenAI integrated security directly into their coding agent product. Codex Security continuously monitors repositories, scans commits against threat models, validates findings in sandboxed environments, and proposes patches — all within the developer workflow. OpenAI’s benchmark numbers tell a similar capability story: GPT-5.1-Codex-Max achieved 76% on capture-the-flag cybersecurity challenges in November 2025, up from 27% on GPT-5 just three months earlier. In their “golden repository” testing, Aardvark identified 92% of known and synthetically-introduced vulnerabilities. They’ve already disclosed 10 CVEs from open-source scanning. The structural difference is telling. Anthropic built a gated consortium around a model it has no intention of releasing broadly. OpenAI built a product and is rolling it out to ChatGPT Enterprise, Business, and Edu customers with free usage for the first month. Anthropic is betting on scarcity and vetting. OpenAI is betting on scale and workflow integration. ### Why the Race Matters The usual framing — “AI will help defenders find bugs faster” — is true but incomplete. The same capability is equally available to attackers, and the industry hasn’t built infrastructure for that world yet. Anthropic’s Frontier Red Team published analysis today examining 832 banned accounts for malicious cyber activity between March 2025 and March 2026. In the first six months, 33% of actors were classified as medium risk or higher. By the second six months, that number jumped to 56% — a 1.7-fold increase. Attackers are using AI not just for initial access (where AI-assisted phishing actually fell 8.6%) but for deeper, post-compromise techniques like account discovery (up 8.9%) and lateral movement. The traditional signal security teams use — how many techniques an attacker deploys — is collapsing as a differentiator. Low-skill actors now average 16 distinct techniques; high-skill actors average 20. The gap is nearly meaningless when AI fills the skill gap. > Open source maintainers — whose software underpins much of the world’s critical infrastructure — have historically been left to figure out security on their own. By giving the maintainers of these critical open source codebases access to a new generation of AI models that can proactively identify and fix vulnerabilities at scale, Project Glasswing offers a credible path to changing that equation. > — Jim Zemlin, CEO of the Linux Foundation But here’s the rub. Less than 1% of the vulnerabilities Mythos has found have been patched. The bottleneck is no longer discovery — it’s validation, disclosure, and deployment. Anthropic acknowledges this openly: they’ve contracted professional security validators, but even with 89% agreement between Mythos’s severity ratings and human expert review, the pipeline is overwhelmed. ### What This Means The race between Anthropic and OpenAI in cybersecurity isn’t about who has the better model — the capabilities are close enough that the gap will close within months, not years. Anthropic itself predicts “within 6 to 12 months, we expect that many other AI companies will have Mythos-class models.” The real competition is about deployment philosophy and who defines the operating model for AI-assisted security. Anthropic’s gated-consortium model creates safety through scarcity, but it also creates dependency. Only organizations Anthropic vets can access Mythos-class capabilities. The $100M credit commitment is real, but it is temporary. When Mythos-level capabilities become available from other providers — and they will — the organizations that haven’t built their own AI-security muscle will be left exposed. Anthropic’s approach is a bridge, not a destination. OpenAI’s product-integration model creates safety through ubiquity and telemetry. Codex Security runs in the same sandbox as the coding agent, logs to the same OpenTelemetry pipelines, and operates under the same approval policies as the rest of the development workflow. The security tool isn’t separate — it’s how the agent already works. The risk is that broad access before safeguards are proven enables misuse at scale. OpenAI’s answer is defense-in-depth: model-level refusal training, system-wide monitoring, end-to-end red teaming, and a Frontier Risk Council. The question neither company has fully answered: what happens when the bottleneck shifts from finding bugs to fixing them? Right now, Mythos can discover thousands of vulnerabilities faster than the entire open-source ecosystem can patch them. Codex Security can propose patches, but adoption still requires human review. The rate of discovery now exceeds the rate of remediation by orders of magnitude. This isn’t temporary — it’s structural. AI vulnerability discovery has crossed an exponential curve while human patch deployment remains linear. > The window between a vulnerability being discovered and being exploited by an adversary has collapsed — what once took months now happens in minutes with AI. > — Elia Zaitsev, CTO of CrowdStrike > We’ve been testing Claude Mythos Preview in our own security operations, applying it to critical codebases, where it’s already helping us strengthen our code. > — Amy Herzog, VP and CISO of Amazon Web Services AWS’s teams analyze over 400 trillion network flows daily for threats. At that scale, AI is not optional — it is the only way to operate. The AI cybersecurity race is not about who finds the most bugs. It is about who builds the infrastructure to fix them at the same speed they are discovered. Anthropic is building a fortress and inviting in the most important defenders. OpenAI is building a pipeline and trusting that integration beats isolation. Both could be right. Neither can afford to be wrong. ### Further Reading - Project Glasswing announcement — Anthropic’s consortium-based approach to AI cybersecurity - Assessing Claude Mythos Preview’s cybersecurity capabilities — Technical breakdown from Anthropic’s Frontier Red Team - Introducing Aardvark / Codex Security — OpenAI’s agentic security researcher - AI-enabled cyber threats mapped to MITRE ATT&CK — Anthropic’s analysis of 832 banned accounts - Running Codex safely at OpenAI — Deployment controls and safety architecture ### No comments yet Name Email Don't fill this out Comment Post Comment Key Metrics Read time 7 min Words 1,366 In this article ## Continue reading AI Research 6 min ### The Infrastructure Category That Didn't Exist Two Years Ago: AI Agent Observability Why traditional APM breaks on agent workloads and how LangSmith, Braintrust, and Arize are building the observability stack for the AI era. AI Research Jun 3, 2026 Engineering 8 min ### GitHub Copilot Token-Based Billing: What It Means for Developers GitHub Copilot moves to token-based AI Credits on June 1, 2026. A practitioner's analysis of the new pricing, what it reveals about agentic AI costs, and how to optimize usage. Engineering Jun 3, 2026 Landscape 7 min ### Anthropic's IPO: The $965B Test of Safety-First AI at Scale Anthropic files for IPO after $65B raise at $965B valuation. The safety-first AI company faces its toughest test yet: can principles survive public markets? Landscape Analysis Jun 3, 2026