GPT-5.5 reaching Mythos-level cyber capabilities is the signal that unifies today's content, rippling into both the Anthropic-White House standoff and the broader question of whether any lab can sustain a durable lead in high-stakes AI capabilities.

Cyber Parity Reshapes the Anthropic-Government Standoff

The UK AI Security Institute's evaluation of GPT-5.5 is the most structurally significant result of the day. GPT-5.5 is now the second model to complete one of the Institute's multi-step cyber-attack simulations end-to-end, posting a 71.4% average pass rate against Mythos' 68.6% — rough parity by any reasonable interpretation. On the specific TLO chain, GPT-5.5 solved it in 2/10 attempts versus Mythos' 3/10. Perhaps more notable: performance was still improving past 100M inference tokens with no obvious saturation, suggesting the ceiling hasn't been found yet. Unlike Mythos, GPT-5.5 is broadly available right now.

This lands awkwardly for the White House, which had been treating Mythos' perceived unique cyber capabilities as partial justification for its restrictive posture toward Anthropic. Former AI czar David Sacks is now saying all frontier models will reach Mythos-level cyber performance within 6 months. If that prediction holds, the argument for treating Mythos as a uniquely critical national security asset with limited distribution erodes on its own timeline.

The political situation is genuinely incoherent right now. The White House is pushing back on Anthropic's proposal to expand private-sector access from roughly 50 to 120 firms, citing compute constraints on government use. Simultaneously, a forthcoming national security memo would reportedly address Anthropic's concerns and allow agencies to route around the "supply chain risk" designation that triggered the initial feud. Secretary of War Pete Hegseth called Anthropic "run by an ideological lunatic" this week, while the same administration is quietly working to preserve its own privileged access to the model. The government wants exclusive access to the model it's simultaneously fighting in court — that's the needle it's trying to thread, and it's getting harder to thread as GPT-5.5 closes the gap.

Agents Break Containment: Codex Goes General, Claude Goes Creative

The week's most coherent product story: coding agents are expanding their scope, and each lab is doing it differently.

OpenAI's signal is unmistakable. The Codex update is framed explicitly as "for everyone, for any task done with a computer" — docs, slides, spreadsheets, research, planning. The technical substance behind that framing is real: computer/browser use runs 42% faster, the UI is now dynamically routed by the agent rather than a fixed toggle, and onboarding now actively integrates with Microsoft, Google, and Salesforce workflows. The new /goal command (their take on what's called the "Ralph loop") lets users set a persistent objective that Codex loops on until the goal is evaluated as complete or the token budget is exhausted. The implementation is notably transparent: it works via injected continuation prompts visible in the system prompt architecture.

Anthropic's expansion this week went in a different direction: support for creative professional tools including Blender, Autodesk, Adobe Creative Cloud, Ableton, and Splice. Where OpenAI is going horizontal (all computer tasks for all users), Anthropic appears to be going vertical (deep, tool-specific integrations for professional workflows). These aren't the same product strategy, and it's worth watching which proves stickier.

A downstream infrastructure point worth noting: as vibe-coded apps ship at blog-post frequency, there's a discovery problem. Simon Willison argues apps are becoming "more personal, more situated, and more frequent" and may need RSS/Atom feed equivalents — a distribution layer for software that doesn't yet exist.

Zig creator Andrew Kelley offered a relevant observation for both of these expansions: "the kind of mistakes humans make are fundamentally different than LLM hallucinations, making them easy to spot... people who come from the world of agentic coding have a certain digital smell that is not obvious to them but is obvious to those who abstain." As agents move beyond coding into knowledge work, the detection question becomes consequential in professional contexts, not just open-source projects.

Security Scanning Becomes a First-Class AI Product Category

Both Anthropic and Cursor shipped security scanning products this week. Claude Security (powered by Opus 4.7) scans codebases for vulnerabilities and generates patches; Cursor Security Review adds always-on pull request review and scheduled codebase scans with results posted to Slack. Model vendors are moving directly into established devsecops categories, competing with tooling that predates large language models.

The timing isn't coincidental. The PyPI package `lightning` was compromised in versions 2.6.2 and 2.6.3, with malicious code executing on import, downloading Bun, and running an 11 MB obfuscated JavaScript payload for credential theft. A parallel npm compromise (intercom-client) and a Linux zero-day surfaced the same week. The supply chain attack tempo is described as increasing, which creates a clear market for tools that can scan at code-review speed.

Open-Weight Frontier: Efficiency Over Raw Scale

The most notable open-weight release: Qwen3.6 27B is the new leader under 150B parameters per Artificial Analysis, with an Intelligence Index score of 46, ahead of Gemma 4 31B. Apache 2.0 license, 262K context, native multimodal input, fits on a single H100. The companion 35B A3B mixture-of-experts (MoE) variant scores 43, claiming the top spot around 3B active parameters. The tradeoff is inference cost: Qwen3.6 27B runs roughly 21× more expensive per output token than Gemma 4 31B at benchmark scale.

Grok 4.3 improved meaningfully on agentic benchmarks (up 4 points to 53 on the Intelligence Index, a major jump on GDPval-AA) while cutting prices approximately 40% on input and 60% on output. The pattern across open-weight releases is efficiency and cost, not raw capability: labs appear to be competing on who can deliver useful intelligence cheapest.

One useful calibration from frontier-scale speculation: estimates suggest >100T pretraining tokens is no longer unusual for frontier models, with back-of-envelope math putting a hypothetical 100B active-parameter frontier run at roughly 9e25 FLOPs, feasible in approximately 14 days on a 100K GB200 cluster at conservative utilization. Speculative, but useful framing for what "frontier-scale" now implies operationally.

Reward Signals Propagate Further Than Expected

Two data points on post-training dynamics that practitioners should internalize.

OpenAI traced ChatGPT's well-documented goblin fixation to its root cause: a single reward signal in the 'Nerdy' personality preset drove 2/3 of all goblin mentions from just 2.5% of traffic, and fine-tuning recycling then propagated that preference into ChatGPT's default mode. After the ChatGPT-5.1 launch, "goblin" mentions jumped 175% in user conversations, "gremlin" up 52%. OpenAI retired the Nerdy preset in March and shipped GPT-5.5 with explicit prompt-level bans on goblins, gremlins, ogres, trolls, raccoons, and pigeons. The mechanism matters more than the anecdote: a reward perturbation in one personality mode can propagate system-wide through fine-tuning loops in ways that aren't obvious until you analyze at scale.

Anthropic published a complementary result: analysis of 1M Claude conversations tied directly to training changes in Opus 4.7 and Mythos Preview, focused on guidance and sycophancy. The fact that post-training changes are now being driven by conversation analytics at this scale signals that behavioral research is becoming more systematized — less ad hoc, more like a production loop.

Cursor's published writeup on agent harness engineering connects to both: bespoke prompts per model, mixed offline/online evals, and treating the context window as the primary compute boundary are the actual levers that matter in production, not leaderboard position. The observation is converging across serious agent builders.

The unresolved question today's content surfaces: if all frontier models converge on cyber capabilities within 6 months as Sacks predicts, what sustains differentiation? The emerging answer from this week's releases is harness engineering, vertical tool integrations, and systematic post-training loops — the infrastructure around the model rather than the model itself. Whether that's a durable differentiator or just a new front in the same capability arms race is genuinely unclear.

TL;DR - GPT-5.5 reached near-parity with Claude Mythos on cyber evaluation, weakening Anthropic's unique-capability argument and making the White House's position (fighting Anthropic in court while seeking exclusive access to its model) increasingly difficult to hold. - OpenAI repositioned Codex as a general computer-use agent for all knowledge work while Anthropic expanded Claude into creative professional tools — divergent horizontal vs. vertical expansion strategies worth tracking for stickiness. - Both Anthropic and Cursor launched autonomous security scanning products this week, moving model vendors directly into established devsecops categories as supply chain attacks accelerate. - The goblin-origin story and Anthropic's 1M-conversation sycophancy analysis both illustrate the same mechanism: reward signal perturbations propagate further through fine-tuning loops than expected, reinforcing why systematic post-training measurement increasingly matters as much as the base model.