Anthropic, OpenAI Limit Access After Models Find Exploits

Anthropic announced it will require a physical government ID, such as a passport or driver’s license, and a live selfie to unlock certain features. Verification will be handled by partner Persona, and the company stated identity data will not be used to train its models. Accounts that fail checks or that attempt access from unsupported locations can be banned. Anthropic said the verification is intended to prevent abuse, enforce usage rules and meet legal obligations.

The verification requirement followed an internal report and a company blog post describing the Claude Mythos Preview model’s ability to find and exploit software flaws. Anthropic wrote that Mythos is “capable of identifying and then exploiting zero-day vulnerabilities in every major operating system and every major web browser when directed by a user to do so.”

The company described engineers with no formal security training prompting Mythos to search for remote code execution bugs overnight and returning the next morning to a complete, working exploit. Anthropic provided several examples: a 27-year-old bug in the OpenBSD kernel, a 16-year-old flaw in FFmpeg’s H.264 codec, and a 17-year-old vulnerability in FreeBSD’s NFS server that Mythos reportedly exploited to gain full root access without authentication. The company said the process cost under $2,000 at API pricing and took less than a day.

Anthropic added that Mythos produced exploits that chained multiple browser bugs, including a JIT heap spray, to escape browser and operating-system sandboxes. The company reported thousands of additional high- and critical-severity vulnerabilities and said more than 99% of the identified bugs remain unpatched.

An evaluation from the UK’s AI Security Institute described Mythos as a “step up” in cyber capabilities, reinforcing Anthropic’s assessment of the model’s power to find and exploit long-standing defects.

Anthropic said it launched Project Glasswing to give limited access to defenders at major technology companies, including Amazon, Apple and Google, so those companies can address critical infrastructure issues before attackers have a chance to exploit them. Anthropic recommended installing security updates immediately rather than waiting for routine monthly schedules.

OpenAI issued a narrower approach for its GPT-5.4‑Cyber model. The company released the model with a reduced refusal boundary to assist legitimate cybersecurity work and limited access to participants in its Trusted Access for Cyber (TAC) program. OpenAI described GPT-5.4‑Cyber as able to analyze compiled software without source code to detect malware and vulnerabilities. Access is restricted to vetted cybersecurity experts, researchers and organizations defending critical systems.

Both companies urged faster patching and defensive action, recommending immediate installation of security updates and restricted access programs to confine advanced analysis to trusted users.