OpenAI and Anthropic spark intense cybersecurity race

The role of a CISO, or chief information security officer, has rapidly turned into one of the most demanding positions in the business domain.

This season, Anthropic's Mythos and OpenAI's GPT-5.5 models have unleashed a wave of apprehension, with fears that sophisticated AI models might soon breach systems globally, exacerbating existing cybersecurity challenges.

An increasing number of companies rely on external code libraries compared to prior times, potentially facilitating the spread of hacks if vulnerabilities exist within those code packages. 

Moreover, last year, coding tools from OpenAI and Anthropic gained momentum, enabling developers to produce millions of code lines. These tools tend to generate mistakes and vulnerabilities that developers overlook, putting researchers, companies, and governments on high alert.

"There is a widespread prediction of increased hacking this year," noted Isaac Evans, CEO of the cybersecurity startup Semgrep.

An OpenAI spokesperson highlighted recent cyber-focused announcements and software releases designed to enable AI advancements to assist defenders in working faster and more efficiently. The company's "Daybreak" page invites developers to request a security scan. While Anthropic is also engaged in a cybersecurity initiative, it did not reply to Business Insider's request for comment.

Evans' startup specialises in code security and offers a popular, free code-scanning tool. He revealed that a recent threat led his company to inspect its codebase for vulnerabilities, uncovering two issues stemming from the Anthropic's Claude product.

This is a consequence of the AI-coding surge. Evans stated that if a company increases its code output by tenfold, it should anticipate tenfold vulnerabilities, if not more.

Feross Aboukhadijeh, the CEO of cybersecurity startup Socket, echoed Evans’ concerns about developers scrutinising new code less thoroughly. Coupled with the use of external code libraries to augment a company's internal code, this creates a "perfect storm" of risk, Aboukhadijeh asserted.

Open-source code libraries are typically well-managed, adhering to a principle of transparency to identify and fix bugs. Nowadays, many companies use code from these repositories — AI tools often draw from them — making a single security flaw potentially jeopardise numerous companies.

"The vulnerability surface of all software is expanding extremely rapidly," Aboukhadijeh remarked.

Security teams already utilise new AI models to hunt for vulnerabilities while being concerned about attackers securing access to models of similar capacity. Then, on April 7, what is now referred to as the "Mythos Moment" occurred.

That day, Anthropic declared its new versatile AI model, Mythos, had discovered thousands of critical security vulnerabilities, some known to humans for over a decade. While it identified vulnerabilities, it could also exploit "any key operating system and all major web browsers," the company explained, adding that some lab engineers used the technology to discover working hacks overnight.

The organisation chose not to release the model beyond a select group of trusted partners, allowing defenders some lead time. The Mythos announcement underscored: "Ultimately, the security landscape is poised to become extremely challenging."

Anthropic's alert — they had developed a model too hazardous for immediate release — resonated globally. The Trump administration started considering a mechanism to vet new AI models.

The UK government officials also published an open letter regarding Mythos, advising businesses, "If your board hasn't convened on cyber risk recently, raise it at your next meeting and continue to do so. This isn't a matter to offload to your IT department and forget."