The latest and greatest AI models from Anthropic and OpenAI are apparently too dangerous to unleash upon the world. Claude “Mythos” and GPT-5.5-Cyber can find vulnerabilities that may have laid undiscovered for years or decades. Only privileged parties can get access for now. Hadrian, an offensive security company based in Amsterdam, is showing that commodity LLMs can boost vulnerability discovery as well. OpenHack, now available under the MIT license, provides a set of agents to do just that.
OpenHack arrives a week after Hadrian, an agentic pentesting company, published its LLM-assisted research into vulnerabilities in open-source applications. A dozen of the latter are in use by the Dutch government. Hadrian has gone on to explain that it found hundreds of issues within mere hours, and it wasn’t down to some enormously powerful LLM. Instead, the company focused on what it describes as a scenario-based workflow. Rather than simply asking an AI model if it can spot any vulnerabilities in a particular codebase as if one is checking for general writing advice for an article, Hadrian has constructed a scaffolding for finding and reviewing specific, actionable bugs.
Not just prompt engineering
Hadrian’s explanation of its methodology is worth exploring in full. For our purposes, we’ll stick to the philosophy behind the research and the large-scale implications. The company seeks to avoid the pitfall of letting a single agent handle open-ended work, while at the same time giving it freedom to explore possible threats. After charting the attack surface and pairing specific sections with an AI-based “expert”, any discovery is met with both review and further analysis, including one done by a separate triage agent.
OpenHack works in existing model harnesses like Claude Code, Codex or Cursor. Hadrian has already shown what its methodology can do, leaving the tool to improve security postures for whomever wishes to use it. It is also completely model-agnostic. Sure, better models may adhere to tasks more closely or find more complex vulnerabilities, but all LLMs are systematically kept from hallucinating or presenting unverified discoveries as fact.
Size doesn’t matter (nearly as much as one might think)
We don’t tend to know the exact model sizes of state-of-the-art (SOTA) AI models from Google, OpenAI or Anthropic directly. Nevertheless, thanks to leaks and estimations based on known incompressible “Knowledge Probes”, Mythos and GPT-5.5 (including GPT-5.5-Cyber) are suspected to consist of around 10 trillion parameters. If true (or assuming this is anywhere close to the ballpark figure), running these models puts unprecedented strain on AI hardware. Sure, AI labs could simply increase the price of admission, but their capacity likely is the true limiting factor. Just to add some context here: if a given user could also be satisfied with outputs from Google’s Gemini 3.5 Flash, estimated to be around 200-300 billion parameters big, the infrastructure for one Mythos or GPT-5.5-Cyber could serve over 30 users instead.
This is both napkin math and speculation on model sizes, but again, the point stands even with significantly altered figures. Even if Anthropic and OpenAI had no qualms whatsoever about security issues, which they didn’t have in the early days of the post-ChatGPT AI boom, basic economic considerations would put a stop to a wide rollout of these supposed security powerhouses.
We don’t actually doubt the hype around these models that much. There’s no reason, for example, for Mozilla to lie about Mythos’ effectiveness. It apparently found 271 vulnerabilities using Anthropic’s model. The lack of false positives in particular is intriguing. Nevertheless, OpenHack presents us with a counterexample for the assumption that size still conquers all. Firstly, we don’t know the specifics of the Mythos/GPT-5.5-Cyber architecture. It’s perfectly possible for the LLM internals to behave similarly to the OpenHack tooling, effectively making them security systems rather than models or something more obtuse-sounding.
Preventing bad outcomes
Over the past few years, both frontier AI models as well as the open-source LLMs that tend to trail their capabilities have become more complex. First, data gathering capabilities were expanded, followed by a Mixture-of-Experts architecture, dynamic ‘reasoning’ and agentic connectivity. All of these are, by and large, considered part of the package when it comes to AI models. That assumption is by no means set in stone. The journey from the GPT-3.5 that powered ChatGPT initially to today’s SOTA models is one consisting of land grabs. Basic “wrappers” that simply used an LLM to funnel them into performing specific tasks were overtaken by the model providers. The latter knew that they had to do this to grab the economic benefits from the foundational Transformer technologies. More importantly, however, they knew that it would be the only way to get consistent, general outcomes for new AI use cases.
For security purposes, consistent outcomes are as much about finding actual threats as they are about preventing a flood of fake ones. AI-generated bug reports are disrupting Linux kernel maintainers, providing false positives and duplicates of known vulnerabilities, as stated by Linus Torvalds himself. OpenHack uses a methodology that these bug reporters should have employed. Simply throwing an LLM at a codebase will lead to inconsistent, generic findings, perhaps even if Mythos or GPT-5.5-Cyber is involved.
Conclusion: challenging the underlying assumption
In many ways, the discourse around Claude Mythos in particular evokes the early days of ChatGPT. Following the release of GPT-4 in March 2023, a large collective of prominent tech leaders, including Elon Musk and Steve Wozniak, called for a pause to “giant AI experiments” in an open letter. Evidently, Sam Altman’s scaremongering about both GPT-4 and future models caught on. Talk of an AI pause subsided, but Anthropic in particular staggered its releases out of a self-imposed (and self-asserted) responsibility. OpenAI did no such thing until it reached its Mythos-equivalent GPT-5.5-Cyber. The underlying assumption is that an AI pause of sorts is necessary, without even needing an open letter.
As stated above, the economics are likely the main reason for keeping Mythos-level models in check. At any rate, another assumption is that Mythos-level models will be freely available in the future. Again, we needn’t wait for that moment to challenge the notion of AI-based vulnerability discovery being limited to the 2026 frontier LLMs.
OpenHack is a workflow to mimick a model, the latter of which may very well behave just like said workflow internally. This means we’re back to architecting systems rather than relying on a foundational technology alone. In other words: the scaling era is over for now, as ex-OpenAI Chief Scientist Ilya Sutskever already stated back in November.
The age of AI research is back, complete with its unpredictable findings and timelines. The rest of the technology industry will need to think in terms of AI-assisted workflows under the assumption Mythos and GPT-5.5-Cyber are merely unsustaintable showcases. Because even if they aren’t, they’re not necessary for a security breakthrough. It has already happened, and it needed human brains to reach it, not just parameter counts and tokens.