Ok so why I don’t have access to this if I already pay for the max plan? Should I pay a security researcher to run codex on my code? Is this how it is supposed to work? Let’s hope we get some real cyber models that people can actually use from the Chinese without the stupid application forms.
I don't know what the solution to this is, but I find it somewhat unfair that I pay money to Anthropic, and I pay money to OpenAI, and neither of them will let me use their best models for securing the software I work on.
Admittedly Opus 4.8 xhigh does a good job, but are my customers not entitled to have more security from a Fable/Mythos or GPT-5.5-Cyber audit over the codebase? Or I guess the inverse question: why aren't they allowed that audit?
(Fable/Mythos being unavailable notwithstanding.)
It seems OpenAI will at least let me do this narrowly, at greater cost, by using one of their partners. But I already pay them money!
The problem is even worse than that. OpenAI and Anthropic have your source code and superior knowledge of its vulnerabilities. All you can do is hope that they won't one day use it against you.
I think using open weight models will solve this. I believe they are nearly caught up and much of the gains are in the harnesses or properly orchestration of subqueries. (I'm no expert, just my opinion).
When the open weight models catch up, if they don't get lobbied and banned by OpenAi and Anthropic, then you'll be able to use them to properly secure your software.
I'm not sure I follow your logic. Paying for a service does not mean you get access to all potential services a provider offers. Providers can choose to keep some services internal.
Silly example: I pay Netflix for their most basic plan, so I get ads. Just because I already pay them money, doesn't mean I have a right to no ads! It also doesn't mean I have a right to 8k streaming; maybe Netflix reserves that for their internal cinema.
No one commenting on the fact that oAI is releasing a Claude Mythos-class model - with apparent 0 restrictions or concerns by the US government, while Anthropic's (their competitor) model has been pulled weeks prior by the administration for 'security' reasons.
It certainly has nothing to do with openAI's co-founders donating to the current administrations election fund, are actively supporting the DoW war efforts of autonomous weapons and also otherwise being ideology tightly coupled with the current US government.
Man, some of you are so out of the loop that you will invent conspiracy theories to justify some deeply cynical fiction. OAI has been more proactive about doing customer KYC than A\.
OpenAI, four months ago, started to require users to verify their identity if they flagged their activities on frontier models (gpt-5.3-codex and higher) as risky. Their filters were originally quite coarse and it resulted in a ton of normal tasks being flagged. There was a lot of drama about it at the time, but it seems like things have smoothed out.
KYC goes back to a year or two ago. API access to gpt-image-1 required it.
Do you think that Anthropic's models would have been pulled if they did not say for months how their models is basically going to break the whole internet and that governments should most definitely restrict AI? I doubt it.
The problem is, though, given Anthropic have said all of that, they really have very little grounds for objecting to the US government's intervention here. Everything that the government would have to prove to justify their intervention has already been freely admitted by Anthropic, even though the "admission" was maybe more intended as a marketing ploy.
This is how you do it when you're not AS childish. You go "here's a model for cybersecurity" and put a price on it. I know they're releasing it to some vendors first, etc. but the lack of a clown spectacle is nice.
The whole "it's too dangerous to release!" is complete hogwash.
A person can take a hammer, walk out in the street, and we can count how many people he can kill with the hammer before he is stopped. My local hardware store still sells hammers, and I haven't seen the CEO of it claim that their hammers are much more dangerous and it's totally going to end the world if you allow any random person to have one!
If that hammer could allow people to go into people's homes / work en masse, steal all their information, blackmail them, steal their identities, break their systems (including those of hospitals and other critical infrastructure) and generally help fund bad actors through it all we'd think of having restrictions on hammers too. A hammer can't screw people over by the millions.
I don't like this argument specifically with AI. Facial recognition everywhere you go is just a tool. Your job creating a detailed profile on exactly how you work, who you talk to, and about what is just a tool. The tools have become so good and easy to use we have to have serious discussions about them before things get out of hand.
Did you see how close the non-sheltered available models come? They come quite close. Most people aren't even using them for this purpose, but they could, and this is our reality. This is why your argument fails.
The risk of catching federal charges, proper jail time and aggressive responses from law enforcement is a far more effective means of preventing malicious behavior than anything proposed so far.
I can go into stores that sell things that are much more dangerous than hammers (or frontier cyber models) and no one will give me a hard time about it.
It's toxic to call out big companies fearmongering about how their AI is too smart to be accessable? And it's somehow comparable to telling newbies asking question to RTFM?
It's a pretty interesting opportunity. I wonder if they will reach to companies and tell them how many things they could fix and how many are critical, before selling them the solution.
Does the EU CRA now mean that every European company that either sells software or sells anything that has a software component is now forced to pay for this by September and update their software?
Admittedly Opus 4.8 xhigh does a good job, but are my customers not entitled to have more security from a Fable/Mythos or GPT-5.5-Cyber audit over the codebase? Or I guess the inverse question: why aren't they allowed that audit?
(Fable/Mythos being unavailable notwithstanding.)
It seems OpenAI will at least let me do this narrowly, at greater cost, by using one of their partners. But I already pay them money!
When the open weight models catch up, if they don't get lobbied and banned by OpenAi and Anthropic, then you'll be able to use them to properly secure your software.
Silly example: I pay Netflix for their most basic plan, so I get ads. Just because I already pay them money, doesn't mean I have a right to no ads! It also doesn't mean I have a right to 8k streaming; maybe Netflix reserves that for their internal cinema.
It certainly has nothing to do with openAI's co-founders donating to the current administrations election fund, are actively supporting the DoW war efforts of autonomous weapons and also otherwise being ideology tightly coupled with the current US government.
OpenAI, four months ago, started to require users to verify their identity if they flagged their activities on frontier models (gpt-5.3-codex and higher) as risky. Their filters were originally quite coarse and it resulted in a ton of normal tasks being flagged. There was a lot of drama about it at the time, but it seems like things have smoothed out.
KYC goes back to a year or two ago. API access to gpt-image-1 required it.
https://openai.com/index/trusted-access-for-cyber/
The problem is, though, given Anthropic have said all of that, they really have very little grounds for objecting to the US government's intervention here. Everything that the government would have to prove to justify their intervention has already been freely admitted by Anthropic, even though the "admission" was maybe more intended as a marketing ploy.
The whole "it's too dangerous to release!" is complete hogwash.
A person can take a hammer, walk out in the street, and we can count how many people he can kill with the hammer before he is stopped. My local hardware store still sells hammers, and I haven't seen the CEO of it claim that their hammers are much more dangerous and it's totally going to end the world if you allow any random person to have one!
I don't like this argument specifically with AI. Facial recognition everywhere you go is just a tool. Your job creating a detailed profile on exactly how you work, who you talk to, and about what is just a tool. The tools have become so good and easy to use we have to have serious discussions about them before things get out of hand.
I can go into stores that sell things that are much more dangerous than hammers (or frontier cyber models) and no one will give me a hard time about it.
1. Browse the internet
2. See what people hate about OpenAI
3. Adopt the worse version of it
4. Profit?
Sam Altman fearmongered about AI alignment - we fearmonger harder.
OpenAI is CloseAI now - we are even less open.
OpenAI is going to IPO - we IPO first.
Really?