OpenAI Answers Anthropic’s Mythos Alarm with GPT-5.4-Cyber and Calmer Message
TL;DR: OpenAI has introduced GPT-5.4-Cyber, a model aimed at defenders, alongside a three-pillar security strategy framed around customer validation, iterative deployment, and open-source investment. The rollout reads as a direct counter to Anthropic’s claim last week that its Mythos model is too dangerous for general release.
OpenAI’s Tuesday announcement lands in the middle of an industry argument. Anthropic restricted Mythos Preview to a small set of critical-industry partners, saying the model could help attackers chain complex intrusions, and set up a cross-vendor coalition to track the cyber implications of frontier AI. OpenAI’s message is the opposite: current defences are enough for today’s models, tighter controls will be warranted only when capability meaningfully jumps, and broad access matters.
Three Pillars, One Positioning Play
The first pillar is a “know your customer” approach through Trusted Access for Cyber, an automated vetting system OpenAI launched in February. The second is iterative deployment, with OpenAI arguing that real-world feedback strengthens jailbreak resilience and defender tooling faster than delayed releases. The third is ecosystem investment, including a donation to the Linux Foundation for open-source security and a grants programme running since 2023.
GPT-5.4-Cyber slots into that same positioning. Where Mythos is locked down, GPT-5.4-Cyber is pitched explicitly at security operations centres and defenders, on the view that concentrating capability with a few big labs is itself a risk.
The Expert Split Behind the Corporate Disagreement
The split between OpenAI and Anthropic mirrors a genuine divide among security researchers. Some argue Anthropic’s framing risks triggering a broad “anti-hacker” backlash that would entrench incumbents, while others point out that known defensive weaknesses could be exploited at new speed once agentic AI becomes widely available. Independent UK government testing published this week — the AISI evaluation of Mythos — sits between the two positions, finding Mythos roughly comparable to GPT-5.4 on individual tasks but stronger on multi-step attack chaining.
Looking Forward
For UK security teams choosing between vendor ecosystems, the strategic question is which trade-off to accept: Anthropic’s controlled-access posture, which may limit defender tooling, or OpenAI’s open-deployment posture, which assumes defensive capabilities can keep pace. Procurement teams in regulated sectors should expect pointed questions from boards and regulators about how each vendor’s release philosophy affects operational risk, particularly as the Bank of England’s Governor has already flagged Mythos as a financial-stability concern this week.