The best security AI is now gatekept — plan like you're not on the list

This spring, AI quietly crossed a line in security. In April, Anthropic's Mythos — a model built to autonomously find and fix vulnerabilities — turned up thousands of previously unknown zero-days on its own, in an episode people started calling the "Vulnpocalypse." OpenAI followed with GPT-5.5-Cyber, a version of its flagship trained to be more permissive on security work — red teaming, penetration testing, exploit validation.

Here's the uncomfortable fact under all of it: the same model that finds a thousand holes so you can patch them can find them so someone else can walk through them. Defense and offense are the same capability. So the labs did something new — they put the best security models behind a velvet rope.

What "gatekept" actually means

GPT-5.5-Cyber and Mythos don't go to everyone. They go to vetted partners. OpenAI runs a "Trusted Access for Cyber" program and just extended it to European governments, cyber agencies, and EU institutions; Anthropic keeps Mythos even tighter, behind a partner program with a launch list that includes the big security firms. If you're not on the list, you cannot have the most capable defender. The cyber frontier is rented, not sold — and only to approved tenants.

Why that's defensible — and why it's uncomfortable

Both things are true, so hold them at once.

It's defensible: an autonomous exploit-finder in random hands is genuinely dangerous, and you cannot open-source a tool that produces a thousand working zero-days. Restricting it is the responsible-looking move.

It's also uncomfortable, because it means a private company now decides who gets defended well. If machine-speed bug-finding is the new frontier of defense, and only a curated list gets it, then everyone else — the small company, the open-source maintainer, the hospital with no OpenAI contract — is defending with last-generation tools. "Who is protected" just became a commercial decision made by the same handful of companies that also sell the offensive capability. That's not a conspiracy. It's just the shape of the market right now, and it's worth saying out loud.

And the rope leaks anyway

Here's the part that makes the velvet rope a false comfort: the capability spreads. Experts warn that offshoots of these models will be plenty powerful enough to wreak havoc even if they're a step behind the frontier. So you end up with the worst possible shape: the defenders are a club, the attackers are everyone, and the gap between them is set by a vendor's partner list. I wrote a week ago about one amateur who breached nine government agencies with off-the-shelf AI. That person was never going to be on anyone's trusted-access list, and it didn't slow them down.

The honest takeaway if you're not on the list (most of us)

Don't wait for the cavalry, because it probably isn't coming to you. Three things follow:

• Assume your attacker is already AI-augmented. Not next year — now. Design your defense for an adversary who can find your bugs at machine speed, whether or not you can.
• The boring defenses still decide the outcome. The headline breaches of 2026 fell to weak passwords and missing MFA, not exotic exploits. AI removed the labor floor on attacks; it didn't break the locks. So the unglamorous basics matter more now, not less.
• You don't need the gatekept model to play defense. Open-weight security tooling trails the frontier by months but still finds the obvious holes faster than you will by hand — and it runs on your own hardware, where no one can gate it. The frontier cyber model is behind a rope; the 80%-as-good one is a download.

The point

The cyber arms race got a new rule this spring: the best weapon is rented, not sold, and only to approved tenants. If you're a government or a Fortune 100, you're defended. If you're everyone else, the lesson isn't to lobby for a seat at the table. It's that your safety can't depend on a partner list you're not on. Do the unglamorous basics, assume the attacker has the AI you don't, and lean on the very-good local tools nobody can gate. The cavalry isn't coming. Be your own.