Become a TechRadar Insider
Humans are a cantankerous bunch. We don’t agree on much. But if there’s one certainty in this world – one North Star we can all get behind – it’s that the AI industry has never been quiet. And it’s been particularly noisy of late.
We’ve had Musk and Altman levelling up their feud by going head-to-head in the courts, investors growing increasingly concerned with whether they’ll ever see a return on their investment, and all the while regulators are standing on the sidelines wondering what they should be doing about AI tools at all.
Head of Cyber Advisory, Phoenix Software.
But somewhere in the midst of all this chaos, there is real work being done. With their heads down and headphones on, AI developers (and their growing army of AI agents) are just getting on with the job of rolling out continuous updates.
While most of these updates are iterative in nature – merely small arms fire in the ongoing attritional warfare between the big players – Anthropic and OpenAI may have just changed the nature of the war by unveiling an entirely new weapons class.
The question now is not whether they should take these weapons to battle (you can’t rewind time), but about who they are giving these weapons to.
Head-to-head: Anthropic vs. OpenAI
So, what’s happened exactly? In summary, two of the world’s leading AI companies recently launched powerful new tools to identify cyber vulnerabilities — and they’re taking very different routes to market. This divergence highlights a critical tension at the heart of AI security: control versus scale.
On 7th April 2026 Anthropic announced “Claude Mythos Preview”. One week later, on 14th April 2026, OpenAI announced “GPT Cyber 5.4”. Both AI models are focused on cybersecurity, specifically their ability to identify and exploit software vulnerabilities almost instantaneously.
These new models are the quintessential Double-Edged Sword; on the one hand, they are a software developer’s dream because they can identify serious software vulnerabilities so quickly, but on the other hand, they are a software developer’s nightmare because they can help attackers, well, do the exact same thing – “identify serious software vulnerabilities so quickly.” Whether they are “good” or “bad” is a matter of whose side you’re on.
Two different approaches to opening Pandora’s Box
While the PR might suggest that both companies are taking an equally cautious and responsible approach to their product’s respective launches, the approaches are actually very different.
Neither product is being released publicly at this time. Anthropic’s Claude Mythos Preview is being deployed through Project Glasswing, a tightly controlled group of companies which includes AWS, Apple, Google, Microsoft, Nvidia, Cisco, CrowdStrike, and the Linux Foundation (i.e. all the companies responsible for the bulk of the world’s critical IT infrastructure).
Anthropic has explicitly warned that the model’s ability to autonomously discover severe vulnerabilities makes wider access unsafe for now. If they are opening Pandora’s box, they are at least lifting the lid up slowly and only giving the keys to people they know and trust.
By contrast, OpenAI’s "GPT 5.4 Cyber,” has been launched through an expanded Trusted Access for Cyber program. While still gated via a multi-tier verification process, the model is being made available more broadly to thousands of individual defenders and hundreds of security teams, significantly broadening access when compared to Anthropic’s approach.
OpenAI argues this “democratized defence” model is necessary to keep pace with AI driven threats, but it raises the risk of powerful capabilities spreading too quickly. They too are opening the lid slowly, but they are more trustful of who has the keys.
Implications for the rest of us
Why does this split in approach matter, and what does it reveal about the differing risk attitudes of these two AI leaders? Ultimately, this is a question about the best approach to opening Pandora’s Box. Do you lift the lid up slowly inch-by-inch to see what happens, or do you close your eyes and just flip the lip open in one go? Regardless of the scenario, you still can’t close the lid again once it’s opened.
Anthropic’s approach is to fix the world's critical infrastructure before the capability is available to bad actors. If they can patch the Linux kernel and major browsers today, then when the model inevitably leaks or is built by a bad actor, the most devastating vulnerabilities will have already been addressed.
On the other hand, OpenAI believes that a small group of companies cannot possibly see every threat. By giving GPT-5.4-Cyber to thousands of verified defenders, they are saturating the ecosystem with an army of AI-assisted defenders to repel any future AI-assisted attack. But how good is their multi-tier verification process?
On balance, Anthropic’s more managed approach feels like the right one at this time, as the ability to autonomously discover severe vulnerabilities is a major risk that needs to be taken very seriously.
Tick, tick, boom
The hype of AI is becoming very real indeed, and the change is coming at an incredible pace. We are entering the era of autonomous self-healing code. Whether we like it or not, this is a paradigm shift that cannot be undone.
But it's interesting to see these two companies taking such different views on how these solutions should be brought to market. Both approaches aim to strengthen defense — but the two companies clearly have very different risk tolerances. I doubt this will be the last time their differing approaches will be brought into question.
We are no longer asking the question about whether AI will transform cybersecurity. That much is proven. The question now is whether the industry can move fast enough without creating the very threats it’s trying to prevent. I said the AI industry is never quiet. You can expect the next six months to be positively deafening.
We've ranked and reviewed the best antivirus software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit