Overview
- OpenAI is scaling its Trusted Access for Cyber program to thousands of verified defenders, giving them GPT‑5.4‑Cyber, a tuned version of GPT‑5.4 that lowers refusals for legitimate security work and adds binary reverse engineering.
- Anthropic is keeping Claude Mythos in a tight pilot under Project Glasswing with a few dozen large partners, saying the model has found thousands of previously unknown high‑severity flaws across major operating systems and browsers, including a decades‑old OpenBSD bug.
- Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell urged major U.S. banks to take the threat seriously, and European and UK authorities began sector checks and simulations to gauge financial‑system exposure.
- Independent researchers reproduced some Mythos‑flagged bugs using smaller, cheaper models, which suggests similar vulnerability‑hunting skills are spreading beyond a single lab and raises questions about novelty and false positive rates.
- Access is moving to tiered, ID‑verified programs as companies try to get tools to defenders without fueling misuse, with Anthropic also releasing Opus 4.7 to the public with dialed‑back cyber features and pointing sanctioned security work through a verification pathway.