TL;DR: Anthropic and OpenAI are shifting to closed-model distribution strategies for their most advanced systems, such as Claude Mythos2 Preview, to prevent high-risk cyber-offensive capabilities from falling into unsafe hands. This transition establishes restricted, defensive-first access as the new operational standard for frontier artificial intelligence in 2026.
Anthropic recently restricted access to its unreleased model, Claude Mythos2 Preview, because the system can find and exploit software vulnerabilities faster than almost any human specialist. This decision reflects a deliberate strategy among frontier model developers to guard highly capable systems rather than release them openly. See our Full Guide to understand how the balance between open-source sharing and commercial security is shifting.
The economic stakes of these capabilities are massive. Global cybercrime costs estimate around $500 billion annually. Software security flaws frequently survive decades of human review. Because new frontier models can now independently discover these flaws in minutes, unrestricted public access to raw model weights poses an immediate threat to banking systems, critical infrastructure, and national security. State-sponsored cyberattacks have already disrupted corporate networks, healthcare delivery, and military logistics. In this context, open-sourcing highly capable software-development systems is no longer a viable policy for commercial developers.
Why are AI developers shifting from open-source to closed-model releases?
AI developers are shifting to closed-model releases because frontier models have acquired highly specialized capabilities in software vulnerability discovery and exploitation that could compromise national security if distributed openly. Anthropic formed Project Glasswing to address this threat specifically. Under this initiative, the developer restricts access to its Claude Mythos2 Preview model, an unreleased system designed to find high-severity vulnerabilities across major operating systems and web browsers. By keeping the model closed, Anthropic prevents malicious actors from repurposing the technology for offensive cyberattacks. Without these strict access controls, the cost, effort, and expertise required to execute devastating global cyberattacks would fall to near zero.
The Cybersecurity Threat of Open-Weight Proliferation
If a model with the capabilities of Claude Mythos2 Preview were released with open weights, malicious actors could easily fine-tune it to automate zero-day exploits. Sophisticated state-sponsored groups from Russia, China, North Korea, and Iran already target critical infrastructure. Open availability of automated hacking tools would allow these actors to scale their attacks exponentially, threatening power grids, healthcare databases, and financial systems.
How does Project Glasswing use closed AI models to defend critical software infrastructure?
Project Glasswing deploys the closed Claude Mythos2 Preview model to scan and patch vulnerabilities in critical infrastructure before malicious actors can exploit them. Anthropic has partnered with over 40 organizations, including major software developers and open-source maintainers, to secure civilian digital infrastructure. The company is committing up to $100 million in model usage credits and donating $4 million directly to open-source security organizations. This closed, defensive deployment model ensures that security experts use the tool for defensive scanning while keeping the model's dangerous exploitation capabilities contained within a secure cloud API.
Finding Vulnerabilities That Evaded Decades of Human Review
The Claude Mythos2 Preview model has already identified thousands of high-severity zero-day vulnerabilities in every major operating system. Many of these flaws survived decades of manual code audits and millions of automated tests. By restricting access to a verified group of defensive researchers, Project Glasswing aims to patch these flaws systematically without exposing the exploit details to the public.
Why is OpenAI adopting a closed-model approach for its latest frontier models?
OpenAI relies on closed-model access for its latest reasoning-focused models to maintain safety guardrails and prevent the unauthorized generation of autonomous cyber weapons. Like Anthropic, OpenAI has shifted away from open-source releases for its highly capable reasoning systems, such as the o1 series. These models excel at chain-of-thought processing, allowing them to plan multi-step operations and write sophisticated code. If these weights were leaked or open-sourced, bad actors could strip away safety guardrails entirely. Closed APIs allow OpenAI to monitor model usage in real-time, block malicious prompts, and revoke access for users who attempt to generate malware or scan infrastructure without authorization. This centralized control is essential for managing geopolitical risks.
Geopolitical Security and National Defense Interests
Government agencies and intelligence communities require frontier developers to secure their model weights. The US government increasingly views highly capable code-generation models as dual-use technologies with significant military utility. If a foreign adversary obtained the raw weights of a model capable of automated zero-day generation, it would neutralize defensive cyber advantages overnight. Keeping models behind secure cloud interfaces protects the technological lead of democratic nations.
Key Takeaways
- Closed-model distribution is the new baseline strategy for frontier developers like Anthropic and OpenAI to mitigate the national security risks of advanced code-generation capabilities.
- Claude Mythos2 Preview demonstrates that modern frontier models can discover zero-day vulnerabilities that have survived decades of traditional human audits and automated testing.
- Defensive initiatives like Project Glasswing use secure cloud APIs to coordinate with over 40 security organizations, deploying $100 million in credits and $4 million in donations to reinforce digital infrastructure.
