The two leading AI labs went behind closed doors with House Homeland Security Committee staff last week to explain why their newest models can find and exploit security flaws faster than any human team — and why that demands a fundamentally different approach to release.
OpenAI and Anthropic each held separate classified briefings with staffers on the House Homeland Security Committee on Thursday, April 24, marking the first time Congress has received classified-level presentations on the offensive cyber capabilities of frontier AI models. The sessions centered on two systems that have upended the cybersecurity landscape in April: Anthropic's Mythos Preview, which identified thousands of previously unknown zero-day vulnerabilities across every major operating system and web browser, and OpenAI's GPT-5.4-Cyber, a fine-tuned variant of GPT-5.4 built specifically for defensive security work.
The briefings came at the invitation of House Homeland Security Chair Andrew Garbarino (R-N.Y.), who has been hosting private roundtables with tech and AI executives as Congress scrambles to understand how rapidly AI capabilities are evolving. A committee spokesperson described the meetings as a "proactive engagement with these companies on recent frontier model developments," including their implications for critical infrastructure cybersecurity.
Two Models, Two Philosophies
The two companies have arrived at starkly different conclusions about how to handle AI systems capable of punching holes in the world's most widely deployed software.
Anthropic delayed the public release of Mythos Preview entirely. During internal red-teaming, the model demonstrated an ability to identify and then exploit zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so. Over 99 percent of the vulnerabilities the model found had not yet been patched. Rather than ship the model broadly, Anthropic launched Project Glasswing on April 7, a consortium of 11 major technology companies — including Amazon Web Services, Apple, CrowdStrike, Google, JPMorgan Chase, Microsoft, and NVIDIA — that receive controlled access to Mythos Preview to find and fix critical flaws before attackers can use the same capabilities. Anthropic committed up to $100 million in usage credits for the program, along with $4 million in direct donations to open-source security organizations.
"Controlling access to its models is the best way to boost global cybersecurity," Anthropic told lawmakers, according to people familiar with the briefing.
OpenAI took the opposite approach. It classified GPT-5.4-Cyber as having "High" cyber capability under its Preparedness Framework — a designation that triggers enhanced safety protocols — but chose to expand access through a tiered system rather than restrict it. The company is drawing at least three practical lines: baseline access to general models, trusted access with fewer refusal guardrails for legitimate security work, and a higher tier of specialized access for vetted defenders. Individual users can verify their identity at chatgpt.com/cyber, while enterprises can request access through an OpenAI representative.
"We believe the best defense is putting our most powerful model at all levels of government to fight hackers," OpenAI said in a statement accompanying its briefing to federal agencies and Five Eyes allies on April 20.
The Scale of the Threat
The numbers shared during the briefings underscore why both companies felt classified sessions were necessary. Mythos Preview identified thousands of zero-day vulnerabilities — many of them critical — across foundational software that underpins global commerce, government operations, and military systems. Some of these flaws had gone undetected for decades. The model's ability to not merely find but exploit these weaknesses in an automated chain represented what one congressional aide called "a qualitative shift in the threat landscape."
OpenAI's briefing to federal agencies earlier in April reportedly included demonstrations of GPT-5.4-Cyber's binary reverse engineering capabilities and its ability to lower the technical barrier for defensive workflows that previously required teams of specialized analysts. The company briefed the Department of Defense, Treasury, Commerce, Homeland Security, Justice, and State on the model's capabilities, and the White House Office of Management and Budget has begun setting up protections to allow federal agencies to use a version of Mythos as well.
The Bigger Picture
The classified briefings represent a watershed moment in the relationship between AI companies and the U.S. government. Until now, congressional engagement with frontier AI capabilities has largely occurred through public hearings and voluntary commitments. The shift to classified sessions signals that the cybersecurity implications of these models have crossed a threshold where public discussion alone is insufficient.
Bruce Schneier, the cybersecurity researcher and public interest technologist, wrote on his blog that Mythos "forces a rethink of vulnerability management" across the entire industry. The question is no longer whether AI can find software flaws at scale — it demonstrably can — but whether defenders can patch them faster than adversaries can weaponize the same discovery capabilities.
The dual briefings also exposed a policy vacuum. Congress has no existing framework for regulating AI models with offensive cyber capabilities, and the voluntary commitments both companies have made — Anthropic's restricted release, OpenAI's tiered access — are exactly that: voluntary. Garbarino's committee is expected to hold a public hearing on AI cybersecurity before the August recess, but legislation remains unlikely before 2027.
What to Watch
Three developments will shape this story in the weeks ahead. First, whether Project Glasswing's 11 member companies can patch the thousands of vulnerabilities Mythos has identified before details leak or adversaries develop similar capabilities independently. Second, how OpenAI's tiered access model performs in practice — specifically whether the vetting process is rigorous enough to prevent abuse without creating bottlenecks that undermine defensive use. And third, whether the classified briefings produce any legislative momentum, or whether Congress remains in its familiar posture of concern without action as AI capabilities continue to accelerate ahead of regulation.
"We believe the best defense is putting our most powerful model at all levels of government to fight hackers."— OpenAI, Company statement