The Morning After Mythos

Jay Allen

Jay Allen

6 min read
The Morning After Mythos

There is a particular kind of announcement that lands quietly, even when it shouldn't. Anthropic's release of Claude Mythos Preview on 7 April was one of those. No product launch, no livestream: a controlled disclosure to a handful of vetted companies, a 240-page system card, and the statement that the model had found thousands of previously unknown vulnerabilities across every major operating system and browser in common use. In the five weeks since, Project Glasswing has expanded well beyond its original twelve named partners, drawing in over forty organisations that build or maintain critical software infrastructure. Patches are being written. The Glasswing partners are moving. Today, OpenAI answered with Daybreak. The sequence matters. Mythos set the terms of the debate. Daybreak is the first substantive institutional response to it. But the model found vulnerabilities faster than the world can fix them, and nothing that launched today changes that underlying arithmetic.

Daybreak is structured around three versions of GPT-5.5. The base model carries standard safeguards and is intended for general-purpose and developer work. GPT-5.5 with Trusted Access for Cyber is cleared for most defensive security workflows: secure code review, vulnerability triage, malware analysis, detection engineering, and patch validation. GPT-5.5-Cyber, the most capable and most restricted variant, is available only via preview access for specialised teams conducting authorised red teaming, penetration testing, and controlled validation. The tiered logic is deliberate and reflects the same tension Anthropic worked through with Mythos: a model capable of finding and exploiting vulnerabilities can also be turned against itself.

OpenAI's list of launch partners includes Cloudflare, Cisco, CrowdStrike, Palo Alto Networks, Oracle, Zscaler, Akamai, and Fortinet. Several of those names appeared in the Project Glasswing announcement five weeks ago. The overlap is not accidental. It reflects where the major security vendors are placing their bets, which is with both companies simultaneously, and it underlines a structural reality about this moment: the vendors with the technical standing and governance infrastructure to handle frontier AI in a security context are a small enough group that both Anthropic and OpenAI are drawing from the same pool.

The agentic layer that Daybreak sits on is Codex Security, which builds a threat model from a repository, focuses analysis on realistic attack paths, and generates and tests patches directly inside that codebase. OpenAI's framing is "resilient by design," meaning security is embedded into the development loop from the start rather than applied after the fact. Threat modelling, dependency risk analysis, patch validation, and detection engineering are treated as part of how software is built rather than as work that happens once it is finished. This is a meaningful reorientation if it holds in practice. Most enterprise security is still remedial: tools and teams applied to code that already exists in production. Shifting the intervention point upstream has long been a stated goal of the security industry. Whether an AI system can actually operationalise it at scale is a different question.

The honest answer from the Mythos deployment is that the discovery side of this equation is solved in ways that the remediation side is not. Mythos Preview found thousands of zero-day vulnerabilities in the weeks before its April announcement, including a flaw in OpenBSD that had survived 27 years of human review and a bug in FFmpeg that had been missed by automated testing tools five million times. Working without human steering, it chained together Linux kernel vulnerabilities to escalate from user-level access to full machine control. The capability to find bugs at the machine scale has now been demonstrated. Mozilla's experience makes this concrete in ways the aggregate numbers do not. An earlier pass with Opus 4.6 found 22 bugs in Firefox 148. Mythos found 271 in Firefox 150, more than twelve times as many, with almost no false positives, across vulnerabilities that had survived years of human review. Firefox CTO Bobby Holley described the experience as giving his team "vertigo," and the remediation numbers bear that out: Firefox shipped 423 bug fixes in April 2026 alone, against 31 in the same month the previous year. Holley was careful to note that none of the bugs found were beyond what an elite human researcher could have caught. What changed was the pace and scale at which they were being surfaced. Mozilla, to its credit, has moved fast and shipped the fixes. It has also said it is fully committed to AI-assisted security workflows going forward. Most of the infrastructure Mythos scanned does not have Mozilla's engineering resources sitting behind it. Fewer than 1% of the vulnerabilities Mythos identified have been patched across the programme's full scope. Forrester made the arithmetic plain: remediation capacity in open source does not scale. It remains human, finite, and largely volunteer-dependent. Anthropic turned discovery into an exponential problem without providing a corresponding solution for the people who have to write the patches.

Daybreak does not obviously fix this either. The workflow it describes, generating and testing patches directly in repositories, is plausible for codebases that are owned by organisations large enough to be using enterprise AI tooling. It is less clear what it offers for the open-source infrastructure that Mythos found most vulnerable and that the Linux Foundation, one of the Glasswing partners, publicly acknowledged has historically been left to secure itself. Dane Knecht at Cloudflare called Daybreak a meaningful step forward for teams trying to improve their security posture. He is probably right about that, for teams. The harder problem is the infrastructure that no team owns.

Anthropic CEO Dario Amodei gave the threat timeline a specific number in early May: six to twelve months before Chinese AI reaches comparable capability to Mythos. That framing has generated some pushback from practitioners, and not all of it is unreasonable. The argument that defenders are currently ahead of adversaries assumes the adversaries are still catching up. The exploitation window for critical vulnerabilities has already compressed to minutes in some documented cases. Researchers at AISLE demonstrated that eight specific vulnerabilities from the Glasswing announcement could be reproduced using small, cheap, open-weight models, one of which had 3.6 billion parameters and cost $0.11 per million tokens to run. Their conclusion, that the moat in AI cybersecurity is the system built around the model and not the model itself, cuts against both Anthropic's and OpenAI's positioning. Both companies are selling access to frontier model capability. DeepSeek's V3 and R2 models are already running locally via Ollama on consumer hardware, with no API account, no billing relationship, and no terms of service that a threat actor would respect. If capable-enough models are already circulating freely, the differentiation is in the workflow, the governance, and the integration, which is precisely what Daybreak is building.

The access problem is the part of this conversation that neither company has properly resolved. Mythos reached roughly forty organisations at launch. Daybreak's tiered model is more open in structure, but still requires verification and vetting for the variants with meaningful offensive capability. That is the correct call. The AISI's evaluation of Mythos Preview found it capable of autonomously executing multi-stage attacks on vulnerable networks in controlled environments; this is not a capability you put into general circulation. But the consequence of that caution is a distributional problem. The organisations with access to these tools are, with limited exceptions, large American technology companies and financial institutions. Central banks, smaller governments, critical infrastructure operators in the developing world, and the NHS: none of them are in the initial cohorts. CrowdStrike's own data puts AI-enabled attacks at 89% growth in 2025. The tools to defend against them are available to a fraction of the potential targets. That gap is not solved by either announcement.

There is a line in the Mythos system card that has stayed with me since the April release. After concluding that catastrophic risks from the model remain low, Anthropic writes that it finds it alarming that the world appears on track to proceed rapidly toward developing superhuman systems without stronger mechanisms in place to ensure adequate safety across the industry as a whole. A frontier AI lab, in the official documentation for its most capable model, describes the industry's own trajectory as alarming. OpenAI's Daybreak does not carry equivalent language, and the documentation is less extensive, but the tiered access structure and the explicit pairing of greater capability with stronger verification and account-level controls reflect the same underlying concern. Both companies are running the same calculation: the capability exists whether or not it is released, and controlled deployment into verified defensive contexts is better than the alternative. The logic holds, but the question is what happens when the next lab to reach this threshold makes a different call.

Project Glasswing was Anthropic's attempt to use the capability constructively before someone else uses it destructively. Daybreak is OpenAI's attempt to build a durable platform around the same premise. Behind both of them is the trajectory Amodei named: the next OpenAI model, followed by Gemini, followed by open-source models from China and elsewhere. The capability will replicate. The cost of running it will fall. The governance frameworks are not moving at the same pace.

What Daybreak adds to the picture Glasswing started is a clearer operational model for embedding frontier AI into a security workflow rather than deploying it as a standalone tool. That is a genuine contribution to the problem, and it is more tractable than trying to solve the remediation bottleneck or the access inequality at once. Whether it is sufficient is a different question. The patch rate from Mythos suggests it is not, at least not yet. The discovery side of AI-powered security is now well ahead of the response side, and nothing that launched today changes that arithmetic.

The morning it names itself after is still a long way off.

Read more