OpenAI put GPT-5.5 in front of every paying ChatGPT and Codex user today, with the API held back. Anthropic has Mythos Preview running only inside Project Glasswing, a set of partnerships with AWS, Apple, Google, Microsoft, CrowdStrike, and a short list of others, with nothing in consumer Claude and nothing on the API. Both labs land around 82 on CyberGym, 81.8 to 83.1, with the usual caveats about vendor benchmarks. Distribution is the story this week, not the score.
Two weeks ago I wrote about the asymmetry window between frontier cyber capability and defender access. Another interesting variable is which channel the capability ships through, and this week made clear that each lab is making that call on its own, with no coordination between them and no particular agreement about what the right channel looks like.
Bets
OpenAI's bet is that frontier cyber belongs in the hands of individual paying users. Anyone with a $20 subscription got interactive access to GPT-5.5 yesterday, and anyone who wanted to run the model against code without a human in the loop got told to wait, because the API is held back on the stated ground that "API deployments require different safeguards".
Anthropic's bet runs the other direction. Mythos is available to Project Glasswing partners and no one else, with no consumer chat and no API, scoped to specific defensive use cases inside each partner company. Where OpenAI chose breadth and capped automation, Anthropic chose depth and capped breadth.
One lab is treating frontier cyber as a consumer capability that needs its automation gated. The other is treating it as an institutional capability that needs its audience gated. Different bets, different constraints. The timing reflects competitive dynamics too, not just philosophy. Project Glasswing announced first, and the GPT-5.5 release cadence suggests OpenAI was responding as much as following its own schedule. Neither bet is necessarily correct, and there is no reason to expect the two labs will converge to the same answer in the next few quarters.
Threat models
The same capability shipped through different channels produces three different threat models. An attacker working through OpenAI's channel pays for ChatGPT and works interactively with GPT-5.5, cannot automate against a target, but can sit at a keyboard and probe for as long as the quota allows, which is a real step change for skilled but non-institutional actors. An attacker reaching for Mythos has a harder entry and a larger prize, because the model is not directly accessible and would require compromising someone inside a Glasswing partner. Everyone else is in the gap. That third group is most organizations: mid-market SaaS, hospitals, cities, the long tail of the Fortune 5000, none with direct access to either model through any channel.
The defender side is the inverse. Glasswing partners have Mythos inside their defensive programs right now, and OpenAI subscribers have GPT-5.5 inside a chat window, which is not the same thing as having it run on every PR or on a schedule against production infrastructure. Everyone else has neither.
Policy
The shape of who gets frontier cyber capability, and in what form, is being set by each lab's unilateral release choice. There is no coordination between the two, no regulator forcing a particular distribution, and no industry standard for what cyber-capable models are allowed through which channels. The two companies are setting policy by shipping product. OpenAI's product team and Anthropic's policy team made opposite calls this month, and those calls are now the de facto distribution policy for frontier cyber in the market.
That posture is not stable either. Anthropic could widen Mythos access to Claude next quarter. OpenAI could pull GPT-5.5 back behind the API and re-gate the whole thing. The threat model for every defender outside the labs shifts with each release decision, and no one outside the labs gets a vote in the timing or the direction.
This is what governance by release posture looks like, and it has been true for a while in AI broadly. It became concrete for cyber this week.
Defenders
A defender who built their posture on "frontier access is gated, so attackers do not have it either" has a problem today, because OpenAI just handed interactive frontier cyber to any paying user. A defender who built their posture on "frontier access will be available via API, so we will pipe it into our scanners" also has a problem. Neither lab is offering that.
The useful question is no longer which lab has the best cyber model. It stopped being that around Mythos Preview. The useful question is which lab is shipping which capability through which channel, and how a defensive program survives the answer changing every quarter.
The bridge between frontier capability and defender-grade tooling was never going to be the labs' job to build. It has to come from vendors bringing the labs' models and harnesses into their own products, through partnerships and specialized contracts, and turning that access into something that runs on every PR, every schedule, every alert. That layer is where the asymmetry gets bridged, or does not.
Security has always had to work across asymmetric distribution of capability. That is not new. What is new is that the asymmetry now resets on the release cadence of two labs making independent, uncoordinated calls about who should have frontier cyber first.