OpenAI To Limit New Model Release On Cybersecurity Fears

OpenAI is reportedly preparing a new cybersecurity product for a small group of partners, out of concern that a broader rollout could wreak havoc if it were released more widely. If that move sounds familiar, it's because Anthropic took a similar limited-release approach with its Mythos model and Project Glasswing initiative. Axios reports: OpenAI introduced its "Trusted Access for Cyber" pilot program in February after rolling out GPT-5.3-Codex, the company's most cyber-capable reasoning model. Organizations in the invite-only program are given access to "even more cyber capable or permissive models to accelerate legitimate defensive work," according to a blog post. At the time, OpenAI committed $10 million in API credits to participants. [...]

Restricting the rollout of a new frontier model makes "more sense" if companies are concerned about models' ability to write new exploits -- rather than about their ability to find bugs in the first place, Stanislav Fort, CEO of security firm Aisle, told Axios. Staggering the release of new AI models looks a lot like how cybersecurity vendors currently handle the disclosure of security flaws in software, Lee added. "It's the same debate we've had for decades around responsible vulnerability disclosure," Lee said.

Hey what a coincidence...

[Junta]

Anthropic announces that they have a super awesome AI product that's just too awesome for anyone for anyone to see.

And then immediately OpenAI has the exact same thing.

FOMO on "my technology is too scary to exist" is a fun twist.

I know, it's not the first time, someone even linked an article where OpenAI said the same sort of thing about GPT-2 back in 2019...

Re:

[anonymouscoward52236]

OpenAI: "This is just for a few select companies to have..."

Wait, doesn't that go against OpenAI's mission statement of OPEN ACCESS???

Re: Hey what a coincidence...

[in70x]

I recently used codex latest model with my agentic augmented vuln research method. I found 6 high security bugs and produced PoCs for them in a very short period of time. Itâ(TM)s a set of open source networking utils Iâ(TM)m sure youâ(TM)ve heard ofâ¦. This is a real threat. It made me find bugs that would take weeks or months find them in a couple hoursâ¦

Re:Hey what a coincidence...

[Powercntrl]

Wait, doesn't that go against OpenAI's mission statement of OPEN ACCESS???

I'm pretty sure the "open" part now refers to opening your wallet.

Re:

[nomadic]

The difference is we can see what OpenAI puts out generally and see what Anthropic puts out and see pretty clearly which one is miles ahead of the other. I believe Anthropic, not so sure about OpenAI.

Re:

[Junta]

While Anthropic is generally more credible, they have indulged in performative bullshit for the sake of the hype train.

Frankly, if they didn't, they would have been screwed over no matter how well they actually made a product.

Not crazy about the "do things to open source projects, but obfuscate the fact that it's LLM originated" Anthropic thing either way.

Us too

[DarkOx]

So Anthropic demos Mythos and OpenAI has to say put out a press release.

Altman's house of cards is collapsing...

Re:Us too

[Junta]

I do suspect that OpenAI will be the 'Netscape' of this bubble pop. Early mover that in many ways sparked something significant that got left behind by others that did it better.

I am so eager for a bubble pop to recalibrate expectations to properly leverage LLM as appropriate instead of the current madness. It will be an adjustment, but without the craze it won't be nearly so obnoxious.

Re: Us too

[toutankh]

Who do you have in mind who did better than Netscape back then? The one thing IE did better was insert itself everywhere.

Re:

[Zero__Kelvin]

This is a core misunderstanding that is often repeated by people who haven't researched AI system design. The new models are not LLMs, though they do have one component in the stack [youtube.com] that is an LLM. What you are doing is talking about a web stack as though it was just a database, then talking about what databases can and cannot do ... essentially saying "databases can't create user interfaces!" ..."I really hope people will stop over-hyping these database thingys." For the record, the linked video doesn't p

Re:

[Junta]

The problem being I haven't seen a good term that refers to the extended LLM scenario that is specific enough to exclude other things like machine vision.

Everyone is referring to the extended LLM scenario and despite things feeding improvements, it still cannot do everything that people promise/believe it can do. I have been inundated by project proposals that largely center around "screw everyone but my job, AI can replace everyone but me", and they are just full of bad ideas.

Basically, the good old "I ha

Re:

[Zero__Kelvin]

The problem I am addressing here is that man (most?) people see AI and think it is an alias for LLM. The general term you are looking for is "AI Stack", for which AI is the short form. An AI Stack can (and currently typically does) include a LLM, but there is much more to the stack. One possible layer is the machine vision component you describe. There is a difference between generative and agentic AI, but a complete AI stack these days has both as part of a complete AI system, as well as additional compone

Re:

[Zero__Kelvin]

Your post represents a phenomenal misunderstanding of pretty much every issue you tried to address. Cybersecurity is *not* the same as Internet Security, and the web is not the internet. Almost all of today's systems run on Linux, and AI can now find flaws that have been zero days for decades. Exploits include, but are not limited, to local escalations. Really, you wrote so many words without really saying anything that even remotely suggests that you know what you are talking about that I am at a loss to e

Re:

[nightflameauto]

So Anthropic demos Mythos and OpenAI has to say put out a press release.

Altman's house of cards is collapsing...

Dude, the next model is gonna be so scary that they won't even let THEMSELVES use it.

Prolossus: The Beforbin Preject

[Pseudonymous Powers]

Our spendthrift would-be oligarchs are now fighting over which one of them gets to push the Blow Up Everything button, which may be entirely imaginary.

Firesign Theatre Got It Right

[crunchy_one]

As the Firesign Theatre said so many years ago, "A power so great, it can only be used for good, or evil."

This isn't a mirage

[LindleyF]

Tech companies are running scared on this. Exploits are getting way too easy and there are few clear mitigations. Right now limiting the release might work, but what happens in a year when the open models have caught up?

Re:

[nomadic]

I mean in theory you can have the AI identify and fix the exploits. Yeah it's an arms race but as some point the defense will probably win.

Re: This isn't a mirage

[LindleyF]

Fixes require review. Attacks do not. Attackers are either in or out; easier to automate.

Re:

[ceoyoyo]

there are few clear mitigations.

Other than fixing your bugs.

Or don't computer

[ebunga]

Just get everything off the internet. Shouldn't we be up to Internet 2027 already?

Re: This isn't a mirage

[LindleyF]

That doesn't scale. Yes, fix the bugs, but "don't have vulnerabilities" isn't a plan. How do you operate when the window between a bug being introduced and exploited is measured in minutes?

Re:

[ceoyoyo]

Fixing your bugs scales pretty well. What doesn't scale well is hoping nobody notices. Works great for the hockey pool you wrote in Python one weekend for your buddies. Not so well for stuff lots of people are going to use.

Current situation: you look for bugs, then you release your software and, if it's "scaled" a million other people look for bugs.

New situation: you run an AI bug scanner and fix your bugs, then you release your software a million other people run an AI bug scanner.

The only situation in whi

Re:

[Junta]

The same argument could be made around automated fuzzing. A new class of security misbehavior may be identified automatically, and it turns out you can use such tools to identify things to fix as well.

Of course, it could be a problem if it has a high false positive rate, where the attacker can hit false positives and barely be impacted but the false positives drive an impossible churn to keep up with on the defense side... Which frankly could be a thing based on my experience with LLM code review that can

Re:

[Hentes]

IF models get that good at coding, that will probably mean the end of purpose built software anyway. At that point, everybody will be able to roll their own, tailored to the user's exact needs.

Re: This isn't a mirage

[LindleyF]

It's already there for tools with verifiable results. The other day, for the first time I had to tell someone "I have no idea how this migration tool works but I have verified it does the right thing."

For user-facing stuff we're probably a few years away still.

Supposedly limited-release

[Alain Williams]

Nation states will have sleeper agents who will grab a copy, send it home and go back to sleep waiting for the next big thing. How really dangerous it is - time will tell.

any guardrails on this model?

[sziring]

The real question is if this model doesn't have guardrails to "do no harm" or attempt to crack password or was tuned to specifically allow what they block the general public from.

Another bone headed move that we are starting to see from our AI overlords. Build powerful models that they gate keep and possibly lend to governments first.

I bet this will play out quite nicely as foreign countries and anyone with enough money to build a similar model, even a watered down model to fine the same security holes and

Re:

[Onthax]

Do no harm coded AI's will then be hit by other AI's to get around the "do no harm". They won't be able to fix the bug in their own AI software that allows it to be used to break other software.

Walled gardens

[CAIMLAS]

The big frontier model providers are all moving towards an Enterprise-first approach to their products, gradually nerfing the 'value' lines and eliminating any subsidization paid plans may have previously (and currently) have. The free ride of investment subsidy couldn't have continued much longer and allow the companies to remain solvent.

This is just a part of that: super special tools and models will be kept amongst a small subset of enterprise companies and governments at a high premium, and they will gr

Heard this before

[Torp]

Are they playing the "AI is dangerous" card in hope of getting some cushy government regulated barriers to entry again?

Altman did it before...

Cybersecurity is a chimera ..

[Mirnotoriety]

Given that the current technology cannot successfully isolate process memory, cybersecurity is a chimera.

Chimera: a thing which is hoped for but is illusory or impossible to achieve.

Hit the wall hard

[lucifuge31337]

Yet another .something release because they crashed into steeply diminishing returns training model complexity after incenerating hundres of millions of dollars trying to get to a v6. The stench of panic is unmistakable.

It is known as the digital apartheid

[stormhalplus]

This is the excuse. You get zero security risk if nothing is buggy. If developers close the holes nobody can break security of anything. Handing it to a few companies is the worst way to close them. Fact is Big companies get access to the technology and are the only ones able to provide secure systems (likely at a very prohibitive price for the rest), create new patents and close the door for the rest. Monopolize the industry etc. We need to fight back for open AI (and I don't mean the closed company). I me