OpenAI Ships a Cyber Model to the EU While Anthropic Holds Mythos Back — Two Bets on the Same Risk
OpenAI granted EU institutions and vetted security teams access to GPT-5.5-Cyber. Anthropic is still holding its comparable model, Mythos, back. Same dual-use technology, opposite release decisions — and the contrast is a lesson in how to think about powerful AI.
When two of the most capable companies in a field look at the same technology and make opposite decisions about whether to release it, that disagreement is worth more than either decision alone. It means the technology sits in genuinely contested territory — not obviously safe, not obviously too dangerous — and that the right answer depends on judgment calls reasonable experts can make differently.
That is exactly the situation with cybersecurity-focused AI models. OpenAI has granted access to GPT-5.5-Cyber, a cybersecurity-specialized variant of its model, to vetted cybersecurity teams and EU institutions. Anthropic, which has its own comparable capability in a model referred to as Mythos, has been holding it back rather than releasing it broadly. Same class of technology. Same understanding of what it can do. Opposite calls.
For a business leader, the temptation is to ask which company is right. That is the wrong question, and it has no answer yet. The useful question is what the disagreement teaches about reasoning under this kind of uncertainty — because the dual-use problem these two firms are wrestling with in public is the same problem every organization adopting powerful AI faces in private.
The Dual-Use Core of the Problem
A cybersecurity AI model is the cleanest possible example of dual-use technology, and understanding why makes the rest of the disagreement legible.
The defensive use is real and valuable. A capable cyber model helps defenders find vulnerabilities before attackers do, analyze threats faster, triage incidents, and harden systems. Security teams are perpetually outnumbered by the surface they have to protect. A model that materially increases their throughput is a genuine good, and the case for putting it in defenders' hands is strong.
The offensive use is the same capability, redirected. The skills that let a model find a vulnerability to fix it are the skills that let it find a vulnerability to exploit it. There is no clean technical seam between the two. A model good enough to be worth giving to defenders is, by construction, good enough to be dangerous in the hands of an attacker. The capability does not change with intent — only the user does.
This is why the release decision is genuinely hard. Release the model and you arm both defenders and attackers, betting that defenders benefit more. Withhold it and you deny defenders a real tool, betting that keeping attackers from it matters more. Neither bet is obviously correct. The honest position is that this is a hard call, and the OpenAI–Anthropic split is two competent organizations landing on opposite sides of a hard call.
Two Strategies for Managing the Same Risk
The interesting part is not that the companies disagree — it is that each strategy is internally coherent.
OpenAI's bet: controlled access beats no access. OpenAI did not open GPT-5.5-Cyber to everyone. It granted access to vetted security teams and EU institutions — gated distribution to identified, accountable recipients. The underlying logic is that the defensive benefit is large and urgent, and that the offensive risk can be managed by controlling who gets in rather than by withholding the capability entirely. The control is the vetting, not the secrecy.
Anthropic's bet: some capabilities aren't ready to leave the building. Anthropic's choice to hold Mythos back reflects a different weighting — that for some capabilities, the risk of broad release outruns any access control you can realistically enforce, and the responsible move is to keep the model internal until that calculus changes. The control is the withholding itself.
Both can be right, because they are different bets, not different facts. OpenAI and Anthropic do not disagree about what cyber models can do. They disagree about how much to trust access controls, how urgent the defensive need is, and how to weigh diffuse future risk against concrete present benefit. Those are judgment parameters, not measurements. Two careful organizations can plug in different values and reach opposite, defensible conclusions — and that is the most useful thing for an outside observer to internalize.
Where This Shows Up in Practice
Security and IT functions. For organizations in the EU or running vetted security teams, GPT-5.5-Cyber may become an available tool. The decision to use it should mirror the vendors' own reasoning: weigh the concrete defensive uplift against the handling, access-control, and misuse questions the capability raises inside your own walls. Adopting a powerful cyber tool without that internal discipline simply relocates the dual-use problem onto your network.
Any function adopting powerful AI. The dual-use structure is not unique to cybersecurity. A model that can analyze your competitors can profile you. A model that automates outreach can automate manipulation. A model that drafts persuasive copy can draft persuasive deception. The OpenAI–Anthropic disagreement is a vivid case of a pattern that runs through nearly every capable AI tool a business deploys.
Leadership and risk governance. The most transferable lesson is about decision-making, not cybersecurity. Two of the best-resourced AI organizations in the world reached opposite conclusions on the same technology. Any leader who expects clean, unanimous answers on AI risk is expecting something the field's own leaders cannot produce. The realistic standard is a defensible, well-reasoned bet — not certainty.
What Business Leaders Should Take From This
Adopt the dual-use lens as a standing habit. For any powerful AI capability you bring in, ask the question explicitly: what does this enable for a malicious user, not just a well-intentioned one? The benefit is what the vendor sells you. The dual-use risk is what you have to surface yourself. Make it a routine line in every AI evaluation, not an afterthought.
Match your control to your release strategy. OpenAI's model is "broad capability, narrow access." Anthropic's is "withhold until ready." Both are legitimate; the failure is having neither. When you deploy a capable AI internally, decide deliberately: who gets access, under what vetting, with what monitoring — or whether some capabilities should not be deployed at all yet. An undeclared strategy is the same as no control.
Expect disagreement among experts and plan around it. Do not wait for consensus on AI risk; the people closest to the technology do not have it. Build your governance to function under uncertainty — defensible bets, documented reasoning, room to revise — rather than stalling for an authoritative answer that is not coming. Decisiveness under uncertainty is the actual skill being tested.
Watch what the labs withhold, not only what they ship. Product announcements get attention; restraint does not. But a frontier lab choosing to hold a model back is a strong signal about where the capability frontier has become genuinely dangerous. Anthropic keeping Mythos internal tells you something real about cyber-capable models. Track the withholdings — they are a free read on risk from the people with the most information.
The Stakes
The organizations that handle this well will not pick a side in the OpenAI–Anthropic disagreement and call it analysis. They will extract the transferable lesson: powerful AI is structurally dual-use, expert judgment on it genuinely diverges, and the job of a leader is to make a defensible bet with explicit controls — not to wait for a certainty that the field cannot supply.
The ones that handle it poorly will treat AI risk as someone else's settled problem. They will assume the vendors have worked it out, adopt capable tools without ever asking the dual-use question, and apply no deliberate access strategy of their own. They will have outsourced a judgment that cannot be outsourced — and the disagreement between OpenAI and Anthropic is the proof that it cannot, because if it could, those two companies would not have reached opposite conclusions.
OpenAI shipped its cyber model to the EU under controlled access. Anthropic is keeping Mythos back. Neither is the answer. The disagreement is the lesson: in a field where the leaders themselves split on the hard calls, the organizations that thrive are the ones that learn to reason carefully under uncertainty — and the ones that struggle are the ones still waiting for someone to hand them the certainty.
Sources: OpenAI to give EU access to new cyber model but Anthropic still holding out on Mythos (CNBC), OpenAI News
