The UK's AI Security Institute put OpenAI's new GPT-5.5 through a 95-challenge security benchmark. It scored 71.4% on the hardest tasks. Anthropic's Mythos, the model that got a restricted rollout because it was supposedly too dangerous to ship wide, scored 68.6%.
So the locked-up model is not the most dangerous one anymore. It is just one of the pack.
This matters because the entire story for restricting Mythos was that it could do things other models could not. That story is dead. If a publicly released model from a competitor matches it on the same tests, the security pitch falls apart.
My take: Anthropic is going to have to pick a lane. Either roll Mythos out wider or admit the restriction was more about looking responsible than actually being responsible. Once a capability becomes table stakes across the industry, the safety theater stops working. Customers and regulators will both notice.
NHS Pulls the Plug on Public Code
The UK's National Health Service told its tech leaders to wall off hundreds of open-source repositories on GitHub. The deadline is this month. The reason given is that frontier AI tools make it easier to find vulnerabilities at scale.
That is a polite way of saying we are scared the AI will read our code and figure out how to break in.
This is the first time I have seen a government health system openly admit it cannot keep pace with what attackers can do with AI. That is a big shift. For years the line was that open source helped security because more eyes meant more bug fixes. Now the math has changed. More eyes also means a whole lot more AI eyes.
My take: Get used to seeing this. Public repos for critical infrastructure are going to keep going dark. That is bad for transparency and good for nobody who relies on community contributions. But if your defense playbook was written before agentic AI got cheap, you do not have a lot of options.
Five Eyes Tells Everyone to Slow Down
The Five Eyes alliance, the US, UK, Canada, Australia, and New Zealand, put out a joint warning about agentic AI. The message was simple. Stop racing to ship and start thinking about what happens when these systems do something nobody told them to do.
It is rare for the spy agencies of five countries to agree on a software risk. They do this time.
The warning lands the same week as the GPT-5.5 result and the NHS move. Read those together and the picture is pretty clear. Governments are losing patience with the ship-now-fix-later approach to AI.
My take: Regulation is coming and it is not going to be the gentle kind. If you are building agentic systems for an enterprise, you have maybe six months to get your safety story straight before someone with a badge asks for it. The companies that wrote it down already are about to look very smart.