On April 7, 2026, Anthropic launched Project Glasswing with gated access to Claude Mythos Preview. On April 14, 2026, OpenAI followed with GPT-5.4-Cyber inside its Trusted Access for Cyber programme.
That caution is reasonable. Cyber models are dual use, and a model that materially improves vulnerability discovery or exploit analysis should not be released carelessly.
The mistake is treating access control as a durable solution. It is not. At best, it gives defenders a short head start before comparable capability spreads through other labs, stolen access, fine tunes, open models, or conventional tooling used by capable operators.
We Have Seen This Before
In April 1995, CERT published an advisory about SATAN, the Security Administrator Tool for Analyzing Networks, ahead of its public release. Critics argued that publishing a tool for administrators would also help attackers find weak systems.
The concern was real, but the lesson was simple: tools like SATAN did not create insecure systems. They exposed them. Keeping such tools private would not have stopped serious attackers from building equivalents. It would mostly have slowed smaller defenders.
Use The Window
The same applies to cybersecurity AI. Restriction may buy a little time, but it will not preserve exclusivity for long. So the value of gating depends entirely on what defenders do with that window.
That means:
- accelerating patching and secure by default development
- extending access beyond the biggest firms to open-source maintainers and smaller defenders
- hardening the software supply chain while the window exists
- sharing defensive findings quickly instead of treating them as private advantage
- assuming attacker parity will arrive sooner than institutions hope
If that happens, restricted access is useful. If not, it is just delay dressed up as control.
What matters is not whether the gate holds forever. It will not. What matters is what gets fixed before it opens.