Anthropic’s recent disclosure of an AI bug‑finding model deemed too “dangerous” for public release is forcing companies to rethink their cybersecurity programs and operations. Instead of releasing the model broadly, the company has convened a closed group of industry leaders across cloud infrastructure, operating systems, networking and finance to deploy its Claude Mythos Preview model in controlled testing of critical software. A week after Anthropic’s announcement, OpenAI likewise revealed it had provided a select group access to its own unreleased model for cyber testing and remediation. This article examines how Mythos-class models may alter expectations for cybersecurity programs and create pressure on existing vulnerability-sharing frameworks. It also outlines concrete steps GCs and boards should consider as AI compresses vulnerability discovery and exploitation timelines. See “Tool or Third Party? Courts Differ on AI’s Role in Privilege and Work-Product Protections” (Mar. 25, 2026).