Frontier AI labs are converging on a new strategy for controlling their most cyber-capable models while still commercializing them: selective access.

Why it matters: OpenAI's trusted-access program and a pending program from Anthropic are creating a new power center in cybersecurity where AI companies help decide which defenders can use the most advanced cyber capabilities.

• For decades, competitive advantage in cybersecurity largely came from talent, data and infrastructure. Now, it also comes from access to models.

Driving the news: Moments ago, Anthropic announced it will make a version of its Mythos class of models, Fable 5, available to the general public.

• Fable 5 includes protections that block some high-risk cybersecurity and biology requests and instead route users who ask about those issues to Claude Opus 4.8.
• At the same time, Anthropic is offering users of its restricted Mythos Preview program an upgrade to its new Mythos 5 model.
• Dianne Penn, Anthropic's head of product management for research and labs, tells Axios the company is being deliberately conservative at launch, meaning some legitimate security work may also get routed away from Fable 5.

The intrigue: Anthropic is also working on a formal trusted-access program that would determine who gets access to Mythos 5 and future less restricted models.

• The company has not provided a timeline for launching the program.
• Behind the scenes, organizations have spent the last two months lobbying Anthropic for access to Mythos Preview.
• Last week, the company expanded access to more than 200 companies and governments (more on that below!).

The big picture: OpenAI is already using a similar two-tier system.

• The company has been vetting security researchers and organizations to decide who gets access to models that could help accelerate their cyber defenses.
• The company rolled out an alternate version of its GPT-5.5 model with fewer guardrails to let those cyber defenders hunt for bugs, study malware and reverse engineer attacks.

Between the lines: It's now up to the AI labs to decide who gets access to the cybersecurity industry's most cutting-edge capabilities.

• Security vendors, researchers and critical infrastructure operators eager to get frontier AI into their products and workflows have been scrambling for access.

Reality check: Selective access gives Anthropic and OpenAI the best of both worlds, allowing them to ensure scary hacking capabilities are only in the hands of the good guys — while also finding a way to monetize their increasingly powerful models as they consider entering the public markets.

What to watch: Whether trusted-access users begin finding vulnerabilities, conducting research and building products that organizations without access simply can't match.

Anthropic has also been making a huge push to extend access to its less-restricted but gate-kept Mythos Preview to more governments and companies over the past week.

Why it matters: It's a delicate dance. Sharing the model with too few organizations means others will be unable to get ahead of the forthcoming wave of AI-powered cyber threats.

• Sharing access with too many risks letting the capabilities leak to adversarial hackers and foreign governments.

Driving the news: Anthropic said last week it had expanded access from approximately 40 organizations to around 200. That reportedly includes more than 15 countries.

• Australia, Canada, the European Union, New Zealand and South Korea all now say they have access to Mythos.
• That's in addition to the U.S. and U.K., which were included as initial members of Anthropic's Project Glasswing.

Zoom in: Cyber companies have also been flowing into my inbox all week with news of their access to Mythos.

• Dragos, Rubrik, Qualys and Dell are among those who have publicly said they now have access to Mythos.
• The Financial Times reported that Okta now has Mythos access, too.

Mythos Preview can now turn newly disclosed software vulnerabilities into working exploits in hours instead of weeks, according to Anthropic research shared first with Axios.

Why it matters: AI's ability to find new bugs has been getting most of the attention. But Anthropic's findings suggest advanced models may be just as effective at rapidly weaponizing flaws that defenders already know about.

• That could dramatically shrink the "patch gap" between a vulnerability's disclosure and widespread patching.

Driving the news: Anthropic's frontier red team tested Mythos against vulnerabilities in Mozilla Firefox and the Microsoft Windows kernel that were disclosed in January and February.

• Researchers evaluated bugs disclosed after the models' knowledge cutoff dates to measure how quickly AI could turn public patches into working exploits.

Threat level: Within 31 minutes, Mythos generated its first proof-of-concept exploit for a Windows kernel vulnerability.

• In 18 of the 21 kernel bugs tested, Mythos was able to cause a "blue screen of death." Mythos also created eight distinct exploits, with the longest exploit taking about 5.7 hours to create.
• With Firefox, Mythos also had success: Across 18 security patches, Mythos built eight working code-execution exploits.

The big picture: Most cyberattacks target known vulnerabilities that companies haven't patched yet.

Read the rest.

While all eyes have been on President Trump's AI security executive order, the White House issued a sweeping national security directive Friday that sets deadlines for securing, procuring and deploying AI across the military and intelligence community.

Why it matters: Issues such as military use of AI, intelligence community procurement of AI tools, and protecting AI models from espionage and distillation attacks are all on the table.

• The memo Trump signed builds on his AI executive order by directing national security agencies to quickly procure new AI tools and determine operational guidelines for using them.

⏱️ Agencies now face quick deadlines on the following security work:

• Creating a new partnership program by October between frontier AI companies and national security agencies — including NSA's Artificial Intelligence Security Center, the Defense Department, the Department of Energy, and the intelligence community — to share threat intelligence, conduct joint AI red-teaming, and help secure advanced AI systems.
• Reviewing and updating procurement processes across these agencies to allow for "rapid onboarding of the most advanced AI models from multiple vendors" in the next 120 days.
• Developing a joint AI risk-management and assurance strategy among the Office of the Director of National Intelligence, the Defense Department, the NSA, the Department of Homeland Security, the Energy Department and the Treasury Department that creates baseline AI security practices for national security work.
• Updating the Defense Department's directive on autonomy in weapon systems in the next three months to ensure "deliberate adoption of AI systems that respect the chain of command and operational authorities."
• Standing up a new AI National Security Strategic Reserve of top nongovernment experts to weigh in on pressing AI national security issues.
• Developing standardized methodologies for testing and validating national security AI systems by October.

Read the full memo.

@ D.C.

‼️ Anthropic has reportedly embedded around half a dozen forward-deployed engineers within the NSA to help the agency use Mythos for offensive cyber operations. (Financial Times)

🤔 President Trump is reportedly considering Palantir CTO Shyam Sankar as his nominee to run the Cybersecurity and Infrastructure Security Agency. (The Record)

🗳️ The U.S. government has stopped sharing key information about election threats with state officials and has halted some cybersecurity services months before the 2026 midterm elections. (Bloomberg)

@ Industry

🧳 Anne Neuberger, former deputy national security adviser for cyber and emerging tech, is joining Andreessen Horowitz as a full-time partner and the firm's first head of global affairs. (Axios)

👨🏻‍⚖️ WhatsApp asked a federal court to hold spyware firm NSO Group in contempt of court after finding evidence suggesting it's targeting WhatsApp users via a phishing campaign. (Axios)

📈 CrowdStrike and Palo Alto Networks reported better-than-expected earnings last week as fears around AI hacking fueled customer demand. (Cybersecurity Dive)

@ Hackers and hacks

👀 Microsoft shut down more than 70 of its own GitHub repositories, including those tied to Azure and AI coding agents, after hackers seemingly planted credential-harvesting malware in some AI coding tools. (404 Media)

📲 Instagram was still notifying newly targeted users about potential account takeovers after the company publicly said it had fixed a problem where its Meta AI support chatbot willingly changed account holders' email addresses. (TechCrunch)

I got a (rare) chance to stop by a few of the Smithsonian museums during my D.C. trip last week!

• ✍🏻 My review: They're still fun — and perfect for beating the unbearable summer humidity!