The emergence of Frontier AI Security Models like Mythos and GPT 5.5-Cyber have reignited a conversation about artificial intelligence (AI) and cyber policy in world capitals.
Frontier AI security systems capable of independently identifying vulnerabilities, generating exploits, and adapting to dynamic digital environments are introducing real urgency into policy discussions and across industries.
As policymakers wrestle with the potential impact of these models, cooperation and collaboration between industries, with government, and with independent security experts is more important than ever.
Highly capable autonomous AI security models could dramatically accelerate vulnerability discovery and exploitation. That makes it essential to have a structured and predictable process that gives trusted defenders advanced access so critical vulnerabilities can be identified and patched before these models are released publicly.
This is the objective of Project Glasswing, the Trusted Access for Cyber program, and the Secure Future Initiative. Governments should embrace the phased, deliberate rollout of new security AI models.
Goals for Policy
BSA recommends a public-private collaboration to create a voluntary phased rollout process for new AI models that are capable of enabling substantially more sophisticated vulnerability discovery and exploitation than other available models.
The goal of the phased rollout should be to enable good actors to improve our cybersecurity and resilience posture as broadly as possible before bad actors can use the models.
An effective, voluntary process for a phased rollout should be structured, transparent, and globally aligned:
- Structured. Informal, case-by-case processes will not scale as capabilities advance and proliferate. There should be one process that is clear, but flexible, with defined roles, criteria, and procedures. In application, this may lead to slightly different results in each case, but the process should remain consistent over time.
- Transparent. Organizations are more likely to trust and participate in a system when they understand how decisions are made. There should be a clear focus on using the phased rollout to protect critical infrastructure and scalable vulnerability mitigation and resilience. We should put the most powerful AI tools into the most capable and impactful cybersecurity defenders’ hands, first.
- Globally aligned. Cyber threats do not respect national borders. Without coordination, fragmented national approaches risk undermining both security and trust.
Put AI to Use for Cybersecurity
The capabilities of autonomous AI security models, if responsibly deployed, offer transformative benefits. They can dramatically improve vulnerability detection, automate defensive responses, and help organizations stay ahead of increasingly complex threat actors. Enabling innovative cybersecurity defenders to harness these tools before adversaries is critical to achieve this potential.
These steps, while voluntary, form the foundation of an essential a public-private process to give trusted defenders an advantage. Successful partnerships on emerging AI issues such as the G7 Hiroshima Process, and through the US Center for AI Standards and Innovation partnership with the UK AI Security Institute, offer a blueprint for success. It’s time for a similar partnership focused on AI Security Models.
