AI Models Like Anthropic Mythos Fuel Cyberattacks, Driving Security Firm Growth

AI-driven cyber threats are spreading in parallel with new defensive products, and the resulting scramble is boosting expectations for security firms’ growth.

“- OpenAI and Yubico Partner to Bring Custom Phishing-Resistant YubiKeys to OpenAI Users Share _New strategic, long-term partnership with OpenAI delivers the gold standard of hardware-backed passkeys to the AI ecosystem_ SANTA CLARA, Calif”

Business Wire

The Asian report flags concerns that AI models such as Anthropic Mythos could be abused for cyberattacks, while it also notes that “CrowdStrike and Palo Alto Networks shares have each risen about 20 percent over the past month.”

MEXC Exchange

It contrasts that with “BlackRock IGV, an index that tracks the software sector, rose only about 10 percent over the same period,” framing the market reaction as tied to AI-related risk.

The same article points to CrowdStrike’s “Project QuiltWorks,” described as “an alliance of companies that helps businesses quickly find and fix software vulnerabilities discovered by frontier AI models.”

It also says Anthropic “launched a public beta of Claude Security,” a tool that “detects vulnerabilities in corporate codebases and generates patches.”

The report adds that the government will “push to distribute guidelines and provide consulting for small and medium-sized enterprises to respond to security threats from Anthropic's AI model Mythos.”

OpenAI’s response to the security pressure is a new opt-in program called Advanced Account Security, which it describes as “a new opt-in setting for ChatGPT accounts” designed for people “at increased risk of digital attacks.”

In its own product announcement, OpenAI says the protections are available on the web “in the Security section of users’ ChatGPT accounts on web,” and that the protection applies to both “ChatGPT and Codex accounts that are accessed through that login.”

mezha.net

The OpenAI post says Advanced Account Security “requires passkeys or physical security keys while disabling password-based login,” and it frames the goal as making “phishing-resistant sign-in the default for people who need it most.”

It also spells out a tighter recovery model: “Advanced Account Security disables email and SMS recovery and requires stronger recovery methods: backup passkeys, security keys, and recovery keys.”

OpenAI adds that “OpenAI Support will not be able to assist with account recovery for users enrolled in Advanced Account Security,” tying the tradeoff directly to the locked-down recovery design.

TechCrunch similarly reports that the program is “a set of opt-in protections for ChatGPT users designed for high-value individuals — but available to anyone who wants them,” and it says the Yubico partnership is meant to protect users from “the threat of phishing.”

The Advanced Account Security program is paired with a hardware-key rollout through Yubico, with multiple outlets describing co-branded YubiKeys and the operational consequences if a key is lost.

“A new optional suite gives ChatGPT users stronger defenses with co-branded YubiKey devices”

mezha.net

OpenAI says it partnered with Yubico “to offer our users preferred pricing on a customized bundle of best in class security keys,” specifying “the YubiKey C Nano” for “simple, low-friction daily authentication” and “the YubiKey C NFC for backup, and use across laptops and mobile devices.”

OpenAI also states that users “will also be able to use any other FIDO-compliant security key, or use software-based passkeys,” and it positions the hardware keys as “one of the strongest defenses against phishing.”

TechCrunch reports that Yubico and OpenAI are releasing “a pair of “co-branded” YubiKeys — dubbed the YubiKey C NFC and the YubiKey C Nano.”

The Business Wire release adds that “people can purchase a new 2-pack set of custom YubiKeys as part of OpenAI’s Advanced Account Security program,” and it specifies the set includes “a YubiKey C NFC for tap-to-authenticate on mobile” and “a low profile YubiKey C Nano that stays in a port for everyday laptop use.”

Several reports emphasize the recovery risk: the OpenAI product post warns that “OpenAI Support will not be able to assist with account recovery,” while the TechCrunch story adds that “If the key is lost, OpenAI won’t be able to help recover access.”

Beyond login hardening, OpenAI’s Advanced Account Security includes controls aimed at reducing exposure from compromised sessions and limiting whether sensitive conversations are used for training.

In its announcement, OpenAI says “Shorter sessions and clearer session management” are part of the package, stating that “Sign-in sessions are shortened to reduce the window of exposure if a device or active session is compromised.”

Stock Titan

It also says users “receive alerts when there is a login to their account, and they can review and manage the active sessions across the various devices they’re signed into.”

OpenAI further describes “Automatic training exclusion,” writing that “With Advanced Account Security enabled, that preference is automatic: conversations from those accounts will not be used to train our models.”

PCMag’s coverage similarly emphasizes that the program is for “people at increased risk of digital attacks” and says it “dumps the traditional login option via email address and passwords,” while also noting that “Advanced Account Security disables the account recovery route through email and text-based SMS codes.”

PCMag adds that the feature includes “3-step process to enroll” and that the mode is available via “Settings > Security” on the web interface.

The Advanced Account Security rollout is also tied to OpenAI’s “Trusted Access for Cyber” program, and the company sets a specific deadline for when additional users must adopt the new protections.

“PCMag editors select and review products independently”

PCMag

OpenAI says, “Individual members of Trusted Access for Cyber accessing our most cyber capable and permissive models will be required to enable Advanced Account Security beginning June 1, 2026.”

STT Info

It adds that “Organizations with trusted access can, as an alternative, attest that they have phishing resistant authentication as part of their single sign-on workflow.”

PCMag frames the broader context by comparing the approach to Google’s “Advanced Protection Program,” noting that it “dates back to 2017” and that Google required “users to own two hardware security keys” before expanding support for passkeys.

PCMag also reports that OpenAI says the security mode is “not a response to a hacking incident but intended to preempt future threats.”

In parallel, the Asian report situates OpenAI’s move among a wider set of AI-security actions, including OpenAI’s “Advanced Account Security (AAS)” and its cooperation with Yubico to link security keys to ChatGPT accounts.