N

News

The Cost of Borrowed Security: Why Mythos and GPT-5.6 Mark the End of Open Frontier AI

In our previous analysis of Anthropic’s "AI Superhacker", we explored the gatekeepers of security and the ethical frameworks required to keep powerful tools out of the wrong hands. We followed that by asking why Australia leads the world in self-hosted AI while its security still lags behind. And the Instructure incident laid bare the high-stakes reality of ransom negotiations when those gates are left ajar.

Today, the conversation has changed again. It's no longer just about who "holds the keys" in a corporate sense, but who controls the shelf they sit on. Within a single month, the landscape of AI access has transformed from commercial gatekeeping to government-mandated lockdown, highlighting a new vulnerability for Australian businesses: the risk of building on borrowed ground.


Two Frontier AI Models Locked Down in One Month

The Mythos shutdown came by force. On 12 June, the US government issued an export-control directive suspending Mythos 5, along with the more widely released Fable 5, for every foreign national. To comply, Anthropic pulled both models for every customer worldwide. For an Australian business, that wording matters. When a model is gated, every team outside the US counts as a foreign national, and that is exactly who gets cut off. This is the same class of tool the UK's AI Security Institute found could break into systems 73 percent of the time. It's capable enough that Anthropic called it too dangerous to release, and exposed enough that a single government decision could make it vanish.

The GPT-5.6 lockdown came by request, before the model ever reached the public. Two White House offices, the Office of the National Cyber Director and the Office of Science and Technology Policy, asked OpenAI to limit its new model to individually approved partners, with their details handed to the authorities. The stated reason was cybersecurity. Both OpenAI and the administration view GPT-5.6 as having capabilities on par with Anthropic's Mythos, and on OpenAI's own benchmarks it matches Mythos on vulnerability research using roughly a third as many output tokens.

Put the two side by side and you see both ends of the same lever. Mythos proved a live model can be pulled overnight. GPT-5.6 proved a new model can be held back before it ships. Between them, governments can now switch off the capability that exists and gate the capability that is coming.


This Is Becoming the Rule

What looked like a one-off in early June now looks like policy. By mid-June the US had begun treating frontier AI models like controlled dual-use technology, putting them in the same category as advanced chips and encryption. The comparison that keeps coming up is nuclear technology. Past a certain capability threshold, governments stop treating a thing as a product and start treating it as something to license, and frontier AI has just crossed that line.

Then came the framework. An executive order set up a process for "covered frontier models" to be offered to the US government for up to 30 days before release to trusted partners. GPT-5.6 was the first model run through that gate. It won't be the last.

OpenAI itself cautioned that this level of government access shouldn't become permanent and warned it restricts access for the developers, businesses and cybersecurity professionals who could benefit most. That's the quiet part said out loud by the vendor. The most capable AI is being rationed, and most Australian businesses are on the wrong side of the line. They sit downstream of decisions made in Washington, with no say in who gets access.

The security industry has landed in the same place. Firms from Snyk to the Cloud Security Alliance now treat frontier-model access as a dependency that can be revoked in an afternoon, something to plan around rather than build on. A capability you can lose overnight, on a decision you have no say in, was never something to build your security around.


The Precedent Reaches Every Model Still to Come

The pattern matters well beyond any one tool or company. It reshapes how the field behaves. After watching Anthropic lose its most capable models for being too dangerous, and OpenAI have its launch gated for the same reason, expect every major lab to be far more careful about ever describing their models that way. Downplay the danger, avoid the directive. The likely result is that broadly available models keep getting more capable, with less noise made about it.

And the people move too. Orders that stop foreign nationals from using these models also stop the foreign nationals who built them from working on them. Those engineers don't sit idle. They move to competitors and take what they learned with them. A measure meant to contain the capability may end up spreading it faster.


Locked Out or Not, You Still Carry the Risk

The control story can read as though it only matters to the businesses chasing access to the best tools. It doesn't. Whether or not a business ever touches a model like Mythos or GPT-5.6, the risk these models create still lands on it. Here's what that looks like.

The Discovery Power Runs Both Ways

The same capability that finds vulnerabilities can be turned to exploiting them. Export controls and launch gates slow down who can legitimately buy the tool. They don't contain the underlying capability. The engineers who built these models move between labs and borders, and the techniques travel with them. Meanwhile the attacks are already here. Last year's Echoleak attack showed how connecting an AI assistant to email could leak confidential information out of a message the recipient never even opened. The more AI a business brings inside its systems, the wider its own perimeter gets.

A Pile of Findings Is Not Protection

Even when capability does reach a business, it doesn't arrive as safety. It arrives as a list. When Mythos was running, it flagged 23,000 vulnerabilities and rated around 6,200 of them high-risk. When human experts went back through that smaller pile, they could confirm only two in every three. A model that surfaces thousands of findings hands a business a sorting problem, not a solution.

The Patch Load Rolls Downhill Either Way

A business doesn't need access to feel the effects. As model-driven fixes flow into the wider software supply chain, vendor patches start landing faster than a small team can keep up with. Every day spent falling behind on updates is a day spent more exposed than the one before. A known flaw left unpatched is an open door, and the gap between a fix going public and an attacker reaching it keeps shrinking.

A Seat at the National Table Won't Defend Your Network

Governments are busy negotiating their own access and oversight, and that work matters. But national readiness and business readiness aren't the same thing. A safety institute or a memorandum of understanding doesn't segment a network or watch your logs when an alert fires. When the capability is governed at the national level, the defence still has to be built at the level of the individual business.

The Tool Was Never the Scarce Part

There's a fair objection to all of this. If the US gates Mythos and GPT-5.6, the world just routes around it. Open-weight models are already closing the gap, and the next release out of a lab anywhere else won't be asking for permission. This makes the point rather than breaking it.

Capability is becoming the commodity. Most businesses never needed direct access to a frontier model in the first place, because the value was always going to arrive through the products and services built on top of one. The thing in short supply was never the model. Whatever you point at your systems, gated or open, it hands you findings, not safety. What's scarce, and what actually decides whether a business is protected, is the capacity to act on what those tools surface.


Sovereign Response Capacity Is the Real Advantage

If access isn't the same as protection, then what protects a business is its ability to act on what it finds. That ability is built well before a crisis, not during one. A discovery tool only ever hands you a list. Turning that list into a short stack of contained incidents takes people who can sort the real findings from the noise, fix what matters first, and notice the alert that says something already slipped through. That response capacity is what separates the businesses that absorb a hit from the ones that wear it.

It also has to be yours. The past month showed how fast borrowed capability disappears when a decision made in another country pulls it. Capability you control doesn't get switched off by an export-control letter or held back by a launch directive. So the question worth asking was never whether you can get the tool. It's whether someone is there to act on it when the findings arrive, and whether they answer to you.

That's the work Lumara SecOps Cloud was built for. We deliver sovereign, around-the-clock cybersecurity, with continuous monitoring, threat detection, and response run entirely by our Australian-based SOC. It turns a flood of findings into a short list of contained incidents, sits alongside the tools you already have, and gives a business the capacity to act when discovery outpaces any internal team.

If you'd like to talk about what that looks like for your organisation, get in touch.

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.

Cta Image

Australia is secure when
Australian talent defends it.

Reach out today to discuss how with Lumara, we can work together to protect your business from the always changing Australian threat landscape.