OpenAI has unveiled GPT-5.4-Cyber, a version of its latest flagship model tuned for defensive cybersecurity work. The new model arrives just a week after Anthropic said its own frontier model, Mythos, is being used in a tightly controlled program for the same purpose. The timing says plenty: the AI race is no longer just about chat, code, or image generation. It is increasingly about who can claim the right to help find the bugs that keep the internet wobbling along.
According to the company, GPT-5.4-Cyber is designed to support security teams rather than attackers. That distinction matters, because vendors are now trying to frame AI as a force multiplier for defense at the exact moment regulators, researchers, and network defenders are worrying about the same tools being turned around the other way. The pitch is simple: if models can help spot weaknesses faster, they can also help narrow the window before those weaknesses get exploited.
OpenAI’s GPT-5.4-Cyber answers Anthropic’s Project Glasswing
Anthropic set the pace on April 7 with Mythos, which it is deploying under ”Project Glasswing” with select organizations allowed to use the unreleased Claude Mythos Preview model for defensive cybersecurity. The company says the model has already found ”thousands” of major vulnerabilities in operating systems, web browsers, and other software. That is a serious claim, and the subtext is obvious: AI security demos are moving from polished slides to controlled real-world use, where the prize is fewer blind spots and the risk is overconfident automation.
- OpenAI model: GPT-5.4-Cyber
- Use case: defensive cybersecurity work
- Anthropic model: Mythos
- Anthropic program: Project Glasswing
- Anthropic claim: ”thousands” of major vulnerabilities found
Why security teams are suddenly the AI prize
This is also a clean business move. Security is one of the few enterprise categories where buyers already pay for speed, accuracy, and triage, even when the output is messy. If OpenAI and Anthropic can convince CISOs that their models reliably surface real flaws instead of flooding inboxes with expensive noise, they get a stronger foothold in a market where trust is hard-won and switching costs are high.
For everyone else, the rivalry is useful in a blunt way: the pressure to outdo a competitor tends to produce faster iteration. The open question is whether these models become genuinely useful assistants for defenders or just very polished assistants that make security look more automated than it really is. Either way, the next battle in frontier AI may be less about what the models can write and more about what they can catch before someone else does.