LIVE FEED
OpenAI Releases GPT-5.6 Under Controlled Access

OpenAI Releases GPT-5.6 Under Controlled Access

FIRST LOOK ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 TechCrunch AI

OpenAI's GPT-5.6, a frontier model with advanced cyber capabilities, is being released exclusively to vetted partners under a White House-directed limited-access programme coordinated with the Office of the National Cyber Director and OSTP. This controlled rollout signals that the model's offensive cyber potential — including autonomous vulnerability identification and exploitation — is significant enough to warrant government-gated distribution, mirroring Anthropic's Project Glasswing model for Claude Mythos. For defenders, the emergence of a government-approved, partner-tier distribution model creates new supply chain trust questions and raises the stakes around who gains early access and how that access is verified, monitored, and potentially abused.

Claude Mythos Accelerates Automated Vulnerability Discovery

Claude Mythos Accelerates Automated Vulnerability Discovery

ATLAS OWASP MEDIUM Moderate risk · Monitor closely ▲ 6.5 SecurityWeek

Anthropic's Claude Mythos model is accelerating automated vulnerability discovery to a degree that may fundamentally disrupt the bug bounty and offensive security industries. As AI transitions from a force multiplier to a potential replacement for human security researchers, the economics and structure of vulnerability disclosure programs face significant pressure. The shift raises critical questions about the future of human-led offensive security and whether AI-generated findings will saturate or devalue traditional bounty programs.

Claude Mythos Generates Working Exploits for Firefox, Windows

Claude Mythos Generates Working Exploits for Firefox, Windows

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 9.2 SecurityWeek

Anthropic's Claude Mythos Preview model demonstrated the ability to generate functional proof-of-concept exploits targeting known Firefox and Windows vulnerabilities within minutes to hours, compressing the traditional patch gap window dramatically. Testing also revealed that public Anthropic models with safety guardrails disabled could produce working exploits, though at a lower success rate than Mythos. The findings underscore how frontier LLMs are shifting the threat landscape for unpatched N-day vulnerabilities by automating and accelerating exploit development previously bottlenecked by scarce reverse engineering expertise.

Claude Mythos Unauthorized Access Exposes AI Security

Claude Mythos Unauthorized Access Exposes AI Security

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 The Hacker News

A reported unauthorized access to Anthropic's Claude Mythos model within hours of its limited technical preview highlights acute security risks as agentic AI is deployed across classified defense and intelligence networks. The incident underscores vulnerabilities specific to AI infrastructure in high-security environments, including training data poisoning, access control failures, and cross-domain classification boundary erosion. Secure IT infrastructure, governed access, and cross-domain data controls are identified as prerequisites for safe AI deployment at mission scale.

CVE-2026-5194: Anthropic Claude Discovers 10,000+ Flaws

CVE-2026-5194: Anthropic Claude Discovers 10,000+ Flaws

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 The Hacker News

Anthropic's Project Glasswing has deployed Claude Mythos Preview — a frontier AI model — to autonomously discover over 10,000 high- and critical-severity vulnerabilities across widely used open-source software, with 1,094 confirmed as valid high/critical flaws. The initiative highlights a growing asymmetry: AI is accelerating vulnerability discovery far faster than the security community can remediate, compressing patch windows and raising the stakes for defenders. Anthropic is now urging shorter patch cycles and hardened defaults, warning that comparable offensive capabilities could soon be broadly accessible to threat actors.

GPT-5.5 and Claude Mythos Lower Barriers to Offensive AI

GPT-5.5 and Claude Mythos Lower Barriers to Offensive AI

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Schneier on Security

The UK AI Security Institute has evaluated GPT-5.5 and found it comparable to Claude Mythos in identifying security vulnerabilities, with both models now generally available to the public. This parity raises serious concerns about the lowered barrier to entry for offensive cyber operations, as adversaries can leverage widely accessible models for vulnerability research. Commentary from security experts highlights that LLM-based vulnerability discovery is constrained to known attack patterns, but the existence of jailbreaks means guardrails provide only partial mitigation.

GPT-5.5 Matches Claude Mythos in Vulnerability Discovery

GPT-5.5 Matches Claude Mythos in Vulnerability Discovery

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Simon Willison

The UK's AI Security Institute has evaluated OpenAI's GPT-5.5 for offensive cybersecurity capabilities, finding it comparable to Anthropic's Claude Mythos model in identifying security vulnerabilities. Unlike Mythos, GPT-5.5 is generally available, meaning its vulnerability-discovery capabilities are accessible to a broad population including malicious actors. This raises significant concerns about the proliferation of AI-assisted exploitation tools at scale.

Qihoo 360 AI System Discovers 1,000 Vulnerabilities

Qihoo 360 AI System Discovers 1,000 Vulnerabilities

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.2 SecurityWeek

Chinese cybersecurity firm 360 Digital Security Group claims its multi-agent AI system autonomously discovered nearly 1,000 vulnerabilities, including a critical Office zero-day allegedly dormant for eight years, drawing direct comparisons to Anthropic's restricted Claude Mythos model. The developments signal that AI-driven autonomous vulnerability discovery is rapidly proliferating beyond tightly controlled Western research environments. This raises significant concerns about AI-accelerated offensive capabilities reaching nation-state threat actors at scale.

Autonomous Exploit Generation: Claude Mythos Risk

Autonomous Exploit Generation: Claude Mythos Risk

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 8.5 Schneier on Security

Bruce Schneier analyses Anthropic's Claude Mythos Preview and Project Glasswing, a controlled deployment programme aimed at finding and patching software vulnerabilities before the model is publicly released due to its advanced cyberattack capabilities. The piece highlights a growing offensive AI capability gap, noting that newer LLMs can autonomously chain memory corruption bugs and operationalise exploits without human orchestration, while observing that defenders currently retain a marginal advantage because vulnerability discovery is easier than exploitation. Schneier warns that this advantage is narrowing rapidly and that the industry must prepare for a world of commoditised zero-day exploits.

Anthropic Claude Mythos Sparks AI Vulnerability Storm Warning

Anthropic Claude Mythos Sparks AI Vulnerability Storm Warning

ATLAS OWASP HIGH Significant risk · Prioritise patching ▲ 7.2 Dark Reading

The Cloud Security Alliance has issued a warning about an anticipated 'AI vulnerability storm' following the release of Anthropic's Claude Mythos model, urging CISOs to prepare defensive postures in advance of expected exploit activity. The advisory signals growing institutional concern that major LLM releases create systemic risk windows as adversaries probe new model capabilities and attack surfaces. Security leaders are being advised to treat post-release periods of frontier AI models as high-alert intervals requiring elevated monitoring and response readiness.

US summons bank bosses over cyber risks from Anthropic's latest AI model

US summons bank bosses over cyber risks from Anthropic's latest AI model

ATLAS OWASP CRITICAL Active exploitation · Immediate action required ▲ 8.5 HN AI Security

The US Treasury convened major bank executives to discuss cybersecurity risks posed by Anthropic's unreleased Claude Mythos model, which the company claims has surpassed nearly all human experts at finding and exploiting software vulnerabilities. A code leak prompted Anthropic to publicly acknowledge the model's unprecedented offensive cyber capability, raising systemic financial sector risk concerns. The meeting signals growing regulatory awareness of AI-enabled cyber threats to critical financial infrastructure.

◉ AI THREAT BRIEFING

Stay ahead of the threat.

Twice-weekly digest of critical AI security developments — every story mapped to MITRE ATLAS and OWASP LLM Top 10. Free.

No spam. Unsubscribe anytime.