DocsQuick StartAI News
AI NewsAI is too dangerous—OpenAI has also started locking down its models.
Industry News

AI is too dangerous—OpenAI has also started locking down its models.

2026-04-09
AI is too dangerous—OpenAI has also started locking down its models.

After Anthropic restricted the release of its Mythos model, OpenAI also plans to make its cutting-edge models with advanced cybersecurity capabilities available only to invited enterprises. The AI industry has officially entered the era of "limited release."

Frontier Models No Longer Open to Everyone

OpenAI is following Anthropic’s lead — hiding its most powerful models and reserving them for a select few.

According to sources quoted by Axios, OpenAI is refining a new model equipped with advanced cybersecurity capabilities. However, the company does not plan to release it publicly and instead intends to grant access only to a small number of pre-approved companies. This strategy mirrors Anthropic’s decision earlier this week to limit access to its Mythos Preview model.

This is not a typical phased rollout or gradual expansion. For the first time, an AI company is deliberately choosing not to make a model public because it’s “too powerful and could be misused.” The industry’s direction has shifted.

Comparison of OpenAI and Anthropic Model Release Strategies

Anthropic Fired the First Shot

It all started with Anthropic. On Tuesday, April 8 (local time), Anthropic announced that its latest Mythos Preview model would not be publicly released and that access would be restricted to carefully selected tech and cybersecurity companies.

The reason is straightforward: Mythos Preview’s offensive cybersecurity capabilities are too strong.

CrowdStrike’s Senior Vice President of Counter Adversary Operations, Adam Meyers, bluntly called Mythos’s capabilities a “wake-up call” for the entire industry. This was not PR talk but a real warning from a seasoned security veteran who has spent years in the field.

Anthropic’s reasoning: rather than putting a loaded gun on the shelf, better to lock it in a safe and lend it only to trusted hands. They also stated that if sufficiently strong safety safeguards can be developed, future Mythos models might be released more broadly.

This marks the first time a leading AI company has adopted an “invitation-only” release strategy for a new model. But soon, it wouldn’t be the only one.

OpenAI Follows: From Pilot to Standard Practice

OpenAI, for its part, wasn’t unprepared for this shift.

As early as February, after launching its most cybersecurity-capable reasoning model, GPT-5.3-Codex, OpenAI initiated a pilot program called “Trusted Access for Cyber.” This invite-only program allowed selected organizations to access models “with enhanced cybersecurity abilities or higher privileges to accelerate legitimate defensive work.”

To attract participants, OpenAI offered generous terms—committing $10 million in total API credits (about 68 million RMB). That’s no small amount and shows how seriously OpenAI regards the program.

In retrospect, that pilot looks more like a rehearsal. Sources say that OpenAI’s new model under development will extend and expand this invitation-based release approach.

In other words, “Trusted Access for Cyber” may no longer remain a pilot but become part of OpenAI’s standard process for releasing frontier models.

What Are They Afraid Of?

To understand this decision, we need to understand what these models can actually do.

Over the past year, former government officials and top security experts have repeatedly warned: if such AI models fell into the wrong hands, they could autonomously disrupt water systems, power grids, or financial infrastructure. A year ago, such statements might have sounded like science fiction. Now, the consensus in the security community is that this capability already exists.

Specifically, the most advanced AI models today can:

  • Automatically scan massive codebases and identify vulnerabilities that human researchers would need weeks to find
  • Write working exploit code targeting those vulnerabilities
  • Execute a full attack chain from reconnaissance to penetration with minimal human input
  • Understand and bypass common defensive mechanisms

This is not theoretical. As SANS Institute’s Chief AI Officer, Rob T. Lee, put it plainly: “You can’t stop the model from enumerating code or finding bugs in old codebases—those abilities already exist.”

The key phrase: “already exist.” Not “might one day.” It’s here, now.

Does Limited Release Actually Work?

That’s the question everyone’s asking. Frankly, the answer is complicated.

Stanislav Fort, CEO of the security firm Aisle, offers a useful distinction: if a company’s concern lies with a model’s ability to write new exploit code—rather than just find vulnerabilities—then limiting release of frontier models “makes more sense.”

That distinction matters. Bug-hunting and exploit-writing are two different tiers of capability. Many open-source models can already perform the former quite well, so blocking one or two proprietary models won’t stop that knowledge from spreading. But the latter—automatically producing high-quality, directly usable attack code—is still the domain of cutting-edge models. Restricting access during this window could indeed buy time.

However, Wendi Whitmore, Chief Intelligence Officer at Palo Alto Networks, offered a sobering forecast at this week’s HumanX conference in San Francisco: within weeks or months, models with similar capabilities will appear in the open domain.

This implies that restricted release is essentially a “delay tactic.” It doesn’t solve the root issue, but it buys defenders precious time—like holding floodwaters at bay just long enough for an evacuation.

What This Means for Developers

For ordinary developers, the immediate impact is simple: you might not get to use the newest, most powerful models right away.

In recent years, the release cycle has been “launch and use”—once OpenAI announced a new model, developers could access it the same day via API. But if invitation-only releases become the norm, future rollouts could look like this:

  1. Model completes training and internal evaluation
  2. Released only to invited security/tech companies (for weeks or months)
  3. Gradual broader access once safeguards are confirmed
  4. Public release to all developers (or possibly never)

For developers and companies that rely on the latest capabilities, this introduces a new factor to consider: you’ll need to build buffer time into product roadmaps for “model access delays.”

The good news: mainstream general-purpose models (GPT-5, Claude Sonnet 4, Gemini 2.5, etc.) remain unaffected. The restrictions mainly target frontier models with specialized cybersecurity capabilities. For most use cases, existing model APIs work as usual.

If you use an API aggregation platform like OpenAI Hub, you benefit from flexibility—switching between multiple models as needed. When one becomes restricted, you can quickly pivot to another, avoiding single-vendor lock-in. For example:

import openai

client = openai.OpenAI(
    api_key="your-openai-hub-key",
    base_url="https://api.openai-hub.com/v1"
)

# When a frontier model is restricted, seamlessly switch to others
response = client.chat.completions.create(
    model="gpt-5",  # or claude-sonnet-4, gemini-2.5-pro, etc.
    messages=[
        {"role": "system", "content": "You are a secure code auditing assistant."},
        {"role": "user", "content": "Please check the following code snippet for SQL injection risks..."}
    ]
)

print(response.choices[0].message.content)

The Bigger Picture: AI Safety’s “Nobel Dilemma”

As IT Home aptly put it: Nobel invented dynamite for peaceful purposes, but it ended up used in war.

AI faces the same dilemma. GPT-5.3-Codex was designed to help security teams identify and fix vulnerabilities faster—but the same power can be used for attack. The model itself is morally neutral; what matters is who uses it, and how.

Unlike dynamite, however, an AI model can be copied at essentially zero cost. Once its weights are leaked or reverse-engineered, they can never be contained again. That’s why AI companies are choosing to control access at the source, rather than relying solely on user-side restrictions.

From an industry perspective, this “limited release” approach could accelerate several trends:

  • The value of AI security firms will rise sharply, as they’re most likely to gain frontier model access
  • The gap between open-source and closed-source models may widen further in cybersecurity
  • Governments will face increased pressure to establish a regulatory framework for tiered AI model releases
  • For enterprises, “access to the latest model” will become a new factor in vendor selection

No Turning Back

Every security expert interviewed delivered the same message: there’s no turning back.

AI’s role in cybersecurity has surpassed the critical threshold. Even if OpenAI and Anthropic lock away their most capable models, the open-source community is advancing far faster than expected. Limiting releases can buy time—but not change direction.

The real question isn’t “whether to restrict,” but “what to do after restricting.” Defenders must use this window to build AI-powered automated defense systems as quickly as possible. Both sides—attackers and defenders—are using AI. The winner in this arms race will be whoever moves faster.

For the developer community, this marks a turning point: AI’s “wild west” era is ending. Models are no longer simply judged by how powerful or open they are. Once capabilities reach a certain threshold, responsible release strategies become the new industry standard.

That’s not a bad thing. The game’s just changed.


References

Related Articles

View All

Contact Us

We usually reply quickly during business hours

Scan WeChat

Support: Hub Assistant

WeChat ID: