OpenAI and Anthropic both disclosed capability evaluations this month showing frontier models can autonomously identify and exploit cybersecurity vulnerabilities at human-expert level. Anthropic's Mythos was the disclosure that drove the Trump administration to reconsider AI oversight earlier this month. OpenAI's GPT-5.5 capability set, released in late April, includes similar vulnerability-discovery primitives. Security teams across financial services, healthcare, and federal agencies are now treating both as part of the operational threat model.
Three operational facts to keep separate.
First, what the labs are claiming. Anthropic's internal testing on Mythos identified "thousands of zero-day vulnerabilities across major operating systems and web browsers" before being gated to a small number of vetted organizations under Project Glasswing. OpenAI has not published comparable numerics for GPT-5.5's vulnerability-discovery output but has described similar capability shapes. External red-team validation has not produced comparable numerics yet for either lab.
Second, what threat actors already have access to. The frontier model with the highest publicly-documented vulnerability-discovery rate sits behind the most aggressive access gates. Open-source models tuned for code analysis are below the frontier in raw capability but available without gating. Defensive thinking should assume the gating buys quarters of lead time.
Third, the defensive disparity. The detection infrastructure for AI-assisted exploitation has been slower to develop than the offensive capability. CISA's KEV catalog still depends on observed exploitation in the wild as the trigger for advisory escalation. By the time a vulnerability is detected, exploited, and tracked, the AI-assisted variant of the attack has had weeks or months of operational use. The structural gap is widening.
The accelerating disclosure-to-exploitation window on this month's Cisco SD-WAN CVE (four hours from disclosure to first exploit attempts) is the practical manifestation. Attacker tooling has automated. The next generation will incorporate frontier-model assistance for novel-target discovery and exploit-chain construction.
For security teams: assume the disclosure-to-exploitation window is now measured in hours for any high-severity CVE. Move patch windows accordingly. For policy operators: the federal AI oversight conversation reignited by Mythos will produce concrete requirements within the next two quarters. Frontier model deployments above the compute threshold should prepare disclosure-and-evaluation compliance now.