The tit-for-tat rivalry between OpenAI and Anthropic spans product, capital, and commercial fronts.
Recently, Anthropic announced the launch of Claude Mythos, an AI model specifically designed to uncover vulnerabilities, triggering a wave of "panic" across the industry.
On April 14, OpenAI fired back on the public opinion front with an internal memo, directly accusing Anthropic of using fearmongering to win over customers and criticizing its reported revenue of US$8 billion as inflated.
Immediately after, on April 15, OpenAI released a new fine-tuned model variant, GPT-5.4-Cyber, specifically targeting cybersecurity, and also significantly relaxed its previously stringent "refusal" boundaries.
At its core, the newly released GPT-5.4-Cyber is a special variant of OpenAI's latest flagship model. Its most fundamental change is that it no longer acts as "cautiously" as general-purpose models.
In the past, when you tried to get a model to analyze a piece of code with attack characteristics, the safety mechanism might have rejected the request outright due to being overly sensitive. With this new GPT-5.4-Cyber, by lowering the refusal threshold for legitimate cybersecurity work, defenders can truly delve into those sensitive gray areas.
What has drawn even more industry attention is that this new model possesses binary reverse engineering capabilities. This means security professionals no longer need to rely on source code to directly "dissect" compiled software.
This simultaneous capability upgrade signals that cyber defense is shifting from manual audits in the past to an agent-driven, continuous defense model. This shift is not a sudden idea but a long-planned strategy by OpenAI; they want defense capabilities to stay perfectly synchronized with the evolution speed of the models themselves.
Having a powerful tool alone is not enough. Who can use it and how it is used are the keys to solving cyber risks.
Alongside the new model release, OpenAI has significantly expanded its "Trusted Access for Cyber" (TAC) program. This initiative, launched just in February 2026, now aims to extend to thousands of verified independent defenders and hundreds of professional teams protecting critical software.
OpenAI's defense logic is as follows: instead of one company deciding behind closed doors who is qualified to defend cyberspace, it is better to establish an objective, automated verification system that empowers more legitimate defenders.
Now, both individual users and enterprise teams have clear paths to access. Individuals can verify their identity on a specific page, while enterprises can apply for permissions through official representatives.
This approach actually addresses a long-standing contradiction: how to prevent powerful technology from being maliciously exploited without letting cumbersome security checks become a stumbling block for defenders.
By introducing different access tiers, OpenAI is experimenting with more refined management: ordinary users access general-purpose models with tight safeguards, while rigorously vetted security vendors and researchers can challenge "specialized tools" like GPT-5.4-Cyber, which come with higher privileges and looser constraints.
Stepping back to look at the past week, you can see that OpenAI's move is highly targeted.
On April 7, Anthropic had just demonstrated its "Project Glasswing." According to them, their Mythos model has already discovered thousands of major vulnerabilities in operating systems and web browsers.
This pressure has not only made competitors nervous but has also unsettled financial regulators. US Treasury Secretary Scott Bessent and Federal Reserve Chair Jerome Powell even convened Wall Street leaders to discuss the potential impact such novel AI models could have on financial infrastructure.
Facing this "preemptive" stance from its rival, OpenAI adopted a different narrative. Instead of overstating the potential disasters AI might cause, it emphasized the effectiveness of existing safeguards.
In its April 15 statement, OpenAI explicitly stated that current guardrails are sufficient to mitigate risks and support the large-scale deployment of existing models. This subtle difference in tone reflects the two giants' diverging philosophies on AI safety. Anthropic tends to isolate risks through controlled, private releases, while OpenAI advocates learning and improving through broad access and iterative deployment in real-world settings.
Beyond the new Cyber model, OpenAI has already made substantial financial commitments to the defense ecosystem.
These include a US$10 million grant to support cybersecurity initiatives and recent support for the Linux Foundation (which Anthropic has also contributed to). Perhaps the most tangible result is the software security agent, Codex Security, which entered private testing six months ago. According to officially disclosed data, this system has already helped remediate over 3,000 critical and high-severity vulnerabilities across the digital ecosystem.
This shift in defense logic has far-reaching implications.
In the past, software security relied primarily on periodic vulnerability audits and a static list of risks. But now, by integrating advanced coding models into developers' workflows, security checks become real-time and actionable. This "fix-as-you-build" approach is fundamentally changing the underlying logic of software development.
Amid this series of releases, OpenAI also offered a prediction.
They believe that, in the long run, future models will require a broader range of defensive capabilities, and those capabilities will soon surpass the best specialized models available today. The current GPT-5.4-Cyber might just be a transitional step.
As model scales increase further, managing high-risk capabilities with "dual-use" potential will become a challenge that the entire industry must face.
Currently, OpenAI is still conducting limited iterative deployments of GPT-5.4-Cyber. For developers accessing the model through third-party platforms, OpenAI has even retained restrictions such as "Zero Data Retention" (ZDR) to ensure safety boundaries are maintained even in the absence of direct visibility.
Overall, the cybersecurity race ignited by the two AI giants sends a shared signal: in the future digital world, the strongest shield will inevitably be forged by the smartest mind. In our own words, it is "fighting fire with fire."
(Source: Tencent Technology)
Related News:
Deepline | From speed to endurance: Meet China's 'humanoid robot marathon' on April 19!
Deepline | WeChat cracks down on AI-generated content: Why the panic?
Comment