New frontier AI models claim to find software flaws at scale. In-House Perspective explores what legal teams need to know about the benefits and risks where frontier AI and cybersecurity intersect.

In April, tech giant Anthropic unveiled Claude Mythos Preview, an AI model it deems so powerful, it hasn’t initially released it to the public. Soon afterwards, OpenAI announced ChatGPT 5.5, which appears to offer similar cybersecurity benefits.

But while frontier AI models such as these offer the ability to find flaws in software at scale, experts warn their capabilities could also be used by cyber criminals to exploit vulnerabilities en masse, upping the stakes in the cat-and-mouse game between attackers and defenders.

As AI increasingly appears in the security context, companies will also face data protection threats such as code leakage and prompt injection. For in-house lawyers, this ‘is not a future scenario’, says Sönke Lund, Chair of the IBA SPPI Working Group on AI. ‘It is already reshaping how the world’s largest organisations approach cybersecurity, and the tools will proliferate.’

Alongside Claude Mythos, Anthropic announced Project Glasswing, an initiative involving numerous major companies that’s built around the frontier AI model. The initiative has been used to identify thousands of high-severity vulnerabilities across every major operating system and web browser, including flaws that evaded human review for up to 27 years.

This capability is much-needed, as companies currently struggle to identify issues before attackers can exploit them. Lund, who’s a partner at Iberian firm ECIJA, views Claude Mythos as part of ‘a step change in how software vulnerabilities are discovered’.

‘The broader market is moving rapidly toward AI-augmented offensive and defensive security tooling, because frontier AI models have reached a level of coding and reasoning capability where they can autonomously find and chain together vulnerabilities at a speed, scale and cost that human security teams simply cannot match,’ he explains.

Yet Pranav Srivastava, Co-Chair of the IBA Young Lawyers’ Committee, warns that such AI models must be protected using ‘careful controls’. He explains how the data protection risks stem from the information AI tools are given access to. Legislation including the EU General Data Protection Regulation (GDPR) and its UK equivalent require businesses to limit the personal data they use to what’s necessary. ‘But security teams may feed in data containing personal or confidential information,’ says Srivastava, who’s a partner at New Delhi firm Phoenix Legal.

Source code exposure is another potential threat, says Lund. ‘When a large language model (LLM) scans proprietary codebases, code that may embed credentials, personal data and trade secrets is being processed by a third-party model, raising questions about controllership, cross-border transfer and confidentiality,’ he says.

Prompt injection is also a risk. Malicious inputs can manipulate the LLM into exfiltrating data or executing unintended actions. This threat will grow as AI agents gain greater autonomy within enterprise environments, Lund says.

Meanwhile, because the AI tools are inherently dual-use – the same model that finds the vulnerability can write the exploit – any data leakage carries ‘regulatory consequences and immediate security issues,’ Lund says.

OpenAI and Anthropic say they have built guardrails into the frontier AI models, including via their limited initial release. Neither company took up the opportunity to comment when approached by In-House Perspective. In a blog post, OpenAI says it’s ‘focused on providing proportional safeguards and access,’ adding that the company’s approach has ‘been informed by conversations with cybersecurity and national security leaders across federal and state government and major commercial entities.’

OpenAI also points out the difference between GPT‑5.5 and GPT‑5.5‑Cyber, which it says play different roles. For most teams, GPT‑5.5 with Trusted Access for Cyber – an identity and trust-based framework designed to help ensure enhanced cyber capabilities are being placed in the right hands – is sufficient for legitimate defensive work, with strong safeguards against misuse, writes OpenAI. Additionally, the company highlights that GPT‑5.5 went through a full safety and governance process prior to release, including preparedness evaluations, domain-specific testing, new targeted evaluations for advanced biology and cybersecurity capabilities, and robust testing with external experts.

The risks can’t be dismissed, yet the benefits of AI frontier models are too significant to ignore. ‘Project Glasswing’s early results show that AI can close a vulnerability gap human teams alone never will,’ says Lund. This means defenders who find flaws first hold ‘a decisive advantage’, he says.

However, several regulatory developments will define what comes next, adds Lund. One example is the EU’s AI Act. ‘From August 2026, deployers of high-risk AI systems face binding obligations on risk management, data governance and human oversight – and security tools scanning critical infrastructure will almost certainly qualify,’ he says. Meanwhile, the proposed UK Cyber Security and Resilience (CRA) bill would add vulnerability disclosure and handling obligations that intersect directly with AI-discovered flaws.

Due to a layered compliance reality, in-house lawyers should plan now for a regime in which the EU AI Act, the GDPR, the CRA and the second EU Network and Information Security Directive ‘all apply simultaneously to the same tooling and workflows’, Lund says.

The arrival of Claude Mythos signals that AI is coming to bug hunting – and to many other areas of cybersecurity – but experts warn against rushing the process. As security teams increasingly introduce AI into the business, in-house counsel should ensure they’re aware of the tools in play.

In-house lawyers must work closely with security, engineering, procurement and privacy teams before tools are deployed, says Srivastava. ‘They should map the data flows, limit what data can be submitted, check whether personal data is involved, and make sure the contract with the AI provider is clear on training use, data retention and deletion, sub-processors, audit rights, security controls and breach notification,’ he says.

There’s also a need for clear internal rules. ‘Teams should not upload sensitive information without proper approval,’ says Srivastava. ‘Outputs should be reviewed by a person, especially where they affect disclosure or how data security incidents are handled.’

Lund believes the adoption of frontier AI is justified, but only with the governance architecture in place to manage data protection and compliance risks from day one. ‘In-house counsel need to treat these tools as high-risk processing activities under the GDPR from the outset,’ he says.

Dray Agha, Senior Manager, Tactical Response at security company Huntress, suggests that in-house lawyers partner with chief information security officers to establish non-negotiable internal guardrails. ‘Corporate policy must explicitly forbid fully autonomous AI remediation, ensuring that an accountable human expert reviews and approves any AI-generated code before it touches a production environment,’ he says.

In the end, with the right guardrails in place, experts believe that the use of frontier AI in security could be largely positive. Despite the threat they might pose, Srivastava predicts that AI tools will become a normal part of cybersecurity work. AI will help cybersecurity teams move faster, yet speed shouldn’t come at the expense of proper oversight, he warns. ‘Businesses that get this right will be able to move faster while maintaining control and accountability,’ he says.