OpenAI has rolled out a new Pro subscription that costs $100 and is in line with Claude’s pricing, which also has a $100 subscription, in addition to the $200 Max monthly plan.

Until now, OpenAI has offered three subscription tiers.

First is Go, which costs approx $8, second is Plus for $20, and then the final tier is at $200, a jump of $180.

On the other hand, Anthropic does not offer an $8 subscription, but it has a $100 subscription that comes between the cheapest $20 and the expensive $200 subscription, and it works for the company because it caters to the coding audience.

OpenAI has realized that it needs to go after coders and enterprises, similar to Anthropic’s strategy.

The company’s answer is ChatGPT Pro, which is designed for people who rely on AI to get high-stakes, complex work done for $100.

After this change, OpenAI’s offering looks like the following:

• Plus $20 – For lighter use. Try advanced capabilities like Codex and Deep Research for select projects throughout the week.
• Pro $100 – Built for real projects. For those who use advanced tools and models throughout the week, with 5x higher limits than Plus (and 10x Codex usage vs. Plus for a limited time).
• Pro $200 – For heavy lifting. Run your most demanding workflows continuously, even across parallel projects, with 20× higher limits than Plus.

All Pro plans include access to advanced features, including:

• Pro models
• Codex
• Deep research
• Image creation
• Memory
• File uploads

OpenAI says the Pro plan also includes unlimited access to GPT-5 and legacy models, but it’s not truly unlimited because the typical “Terms of Use” policies apply, including sharing of accounts.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now

A 27-year-old bug sat inside OpenBSD’s TCP stack while auditors reviewed the code, fuzzers ran against it, and the operating system earned its reputation as one of the most security-hardened platforms on earth. Two packets could crash any server running it. Finding that bug cost a single Anthropic discovery campaign approximately $20,000. The specific model run that surfaced the flaw cost under $50.

Anthropic’s Claude Mythos Preview found it. Autonomously. No human guided the discovery after the initial prompt.

The capability jump is not incremental

On Firefox 147 exploit writing, Mythos succeeded 181 times versus 2 for Claude Opus 4.6. A 90x improvement in a single generation. SWE-bench Pro: 77.8% versus 53.4%. CyberGym vulnerability reproduction: 83.1% versus 66.6%. Mythos saturated Anthropic’s Cybench CTF at 100%, forcing the red team to shift to real-world zero-day discovery as the only meaningful evaluation left. Then it surfaced thousands of zero-day vulnerabilities across every major operating system and every major browser, many one to two decades old. Anthropic engineers with no formal security training asked Mythos to find remote code execution vulnerabilities overnight and woke up to a complete, working exploit by morning, according to Anthropic’s red team assessment.

Anthropic assembled Project Glasswing, a 12-partner defensive coalition including CrowdStrike, Cisco, Palo Alto Networks, Microsoft, AWS, Apple, and the Linux Foundation, backed by $100 million in usage credits and $4 million in open-source grants. Over 40 additional organizations that build or maintain critical software infrastructure also received access. The partners have been running Mythos against their own infrastructure for weeks. Anthropic committed to a public findings report “within 90 days,” landing in early July 2026.

Security directors got the announcement. They didn’t get the playbook.

“I’ve been in this industry for 27 years,” Cisco SVP and Chief Security and Trust Officer Anthony Grieco told VentureBeat in an exclusive interview at RSAC 2026. “I have never been more optimistic for what we can do to change security because of the velocity. It’s also a little bit terrifying because we’re moving so quickly. It’s also terrifying because our adversaries have this capability as well, and so frankly, we must move this quickly.”

Security directors saw this story told fifteen different ways this week, including VentureBeat’s exclusive interview with Anthropic’s Newton Cheng. As one widely shared X post summarizing the Mythos findings noted, the model cracked cryptography libraries, broke into a production virtual machine monitor, and gave engineers with zero security training working exploits by morning. What that coverage left unanswered: Where does the detection ceiling sit in the methods they already run, and what should they change before July?

Seven vulnerability classes that show where every detection method hits its ceiling

1. OpenBSD TCP SACK, 27 years old. Two crafted packets crash any server. SAST, fuzzers, and auditors missed a logic flaw requiring semantic reasoning about how TCP options interact under adversarial conditions. Campaign cost ~$20,000. Anthropic notes the $50 per-run figure reflects hindsight.

2. FFmpeg H.264 codec, 16 years old. Fuzzers exercised the vulnerable code path 5 million times without triggering the flaw, according to Anthropic. Mythos caught it by reasoning about code semantics. Campaign cost ~$10,000.

3. FreeBSD NFS remote code execution, CVE-2026-4747, 17 years old. Unauthenticated root from the internet, per Anthropic’s assessment and independent reproduction. Mythos built a 20-gadget ROP chain split across multiple packets. Fully autonomous.

4. Linux kernel local privilege escalation. Mythos chained two to four low-severity vulnerabilities into full local privilege escalation via race conditions and KASLR bypasses. CSA’s Rich Mogull noted Mythos failed at remote kernel exploitation but succeeded locally. No automated tool chains vulnerabilities today.

5. Browser zero-days across every major browser. Thousands identified. Some required human-model collaboration. In one case, Mythos chained four vulnerabilities into a JIT heap spray, escaping both the renderer and the OS sandboxes. Firefox 147: 181 working exploits versus two for Opus 4.6.

6. Cryptography library vulnerabilities (TLS, AES-GCM, SSH). Implementation flaws enabling certificate forgery or decryption of encrypted communications, per Anthropic’s red team blog and Help Net Security. A critical Botan library certificate bypass was disclosed the same day as the Glasswing announcement. Bugs in the code that implements the math. Not attacks on the math itself.

7. Virtual machine monitor guest-to-host escape. Guest-to-host memory corruption in a production VMM, the technology keeping cloud workloads from seeing each other’s data. Cloud security architectures assume workload isolation holds. This finding breaks that assumption.

Nicholas Carlini, in Anthropic’s launch briefing: “I’ve found more bugs in the last couple of weeks than I found in the rest of my life combined.”

VentureBeat’s prescriptive matrix

Attackers are faster. Defenders are patching once a year.

The CrowdStrike 2026 Global Threat Report documents a 29-minute average eCrime breakout time, 65% faster than 2024, with an 89% year-over-year surge in AI-augmented attacks. CrowdStrike CTO Elia Zaitsev put the operational reality plainly in an exclusive interview with VentureBeat. “Adversaries leveraging agentic AI can perform those attacks at such a great speed that a traditional human process of look at alert, triage, investigate for 15 to 20 minutes, take an action an hour, a day, a week later, it’s insufficient,” Zaitsev said. A $20,000 Mythos discovery campaign that runs in hours replaces months of nation-state research effort.

CrowdStrike CEO George Kurtz reinforced that timeline pressure on LinkedIn the same day as the Glasswing announcement. “AI is creating the largest security demand driver since enterprises moved to the cloud,” Kurtz wrote. The regulatory clock compounds the operational one. The EU AI Act’s next enforcement phase takes effect August 2, 2026, imposing automated audit trails, cybersecurity requirements for every high-risk AI system, incident reporting obligations, and penalties up to 3% of global revenue. Security directors face a two-wave sequence: July’s Glasswing disclosure cycle, then August’s compliance deadline.

Mike Riemer, Field CISO at Ivanti and a 25-year US Air Force veteran who works closely with federal cybersecurity agencies, told VentureBeat what he is hearing from the government. “Threat actors are reverse engineering patches, and the speed at which they’re doing it has been enhanced greatly by AI,” Riemer said. “They’re able to reverse engineer a patch within 72 hours. So if I release a patch and a customer doesn’t patch within 72 hours of that release, they’re open to exploit.” Riemer was blunt about where that leaves the industry. “They are so far in front of us as defenders,” he said.

Grieco confirmed the other side of that collision at RSAC 2026. “If you talk to an operational team and many of our customers, they’re only patching once a year,” Grieco told VentureBeat. “And frankly, even in the best of circumstances, that is not fast enough.”

CSA’s Mogull makes the structural case that defenders hold the long-term advantage: fix a vulnerability once and every deployment benefits. But the transition period, when attackers reverse-engineer patches in 72 hours and defenders patch once a year, favors offense.

Mythos is not the only model finding these bugs. Researchers at AISLE, an AI cybersecurity startup, tested Anthropic’s showcase vulnerabilities on small, open-weights models and found that eight out of eight detected the FreeBSD exploit. AISLE says one model had only 3.6 billion parameters and costs 11 cents per million tokens, and that a 5.1-billion-parameter open model recovered the core analysis chain of the 27-year-old OpenBSD bug. AISLE’s conclusion: “The moat in AI cybersecurity is the system, not the model.” That makes the detection ceiling a structural problem, not a Mythos-specific one. Cheap models find the same bugs. The July timeline gets shorter, not longer.

Over 99% of the vulnerabilities Mythos has identified have not yet been patched, per Anthropic’s red team blog. The public Glasswing report lands in early July 2026. It will trigger a high-volume patch cycle across operating systems, browsers, cryptography libraries, and major infrastructure software. Security directors who have not expanded their patch pipeline, re-scoped their bug bounty programs, and built chainability scoring by then will absorb that wave cold. July is not a disclosure event. It is a patch tsunami.

What to tell the board

Every security director tells the board “we have scanned everything.” Merritt Baer, CSO at Enkrypt AI and former Deputy CISO at AWS, told VentureBeat that the statement does not survive Mythos without a qualifier.

“What security leaders actually mean is: we have exhaustively scanned for what our tools know how to see,” Baer said in an exclusive interview with VentureBeat. “That’s a very different claim.”

Baer proposed reframing residual risk for boards around three tiers: known-knowns (vulnerability classes your stack reliably detects), known-unknowns (classes you know exist but your tools only partially cover, like stateful logic flaws and auth boundary confusion), and unknown-unknowns (vulnerabilities that emerge from composition, how safe components interact in unsafe ways). “This is where Mythos is landing,” Baer said.

The board-level statement Baer recommends: “We have high confidence in detecting discrete, known vulnerability classes. Our residual risk is concentrated in cross-function, multi-step, and compositional flaws that evade single-point scanners. We are actively investing in capabilities that raise that detection ceiling.”

On chainability, Baer was equally direct. “Chainability has to become a first-class scoring dimension,” she said. “CVSS was built to score atomic vulnerabilities. Mythos is exposing that risk is increasingly graph-shaped, not point-in-time.” Baer outlined three shifts security programs need to make: from severity scoring to exploitability pathways, from vulnerability lists to vulnerability graphs that model relationships across identity, data flow, and permissions, and from remediation SLAs to path disruption, where fixing any node that breaks the chain gets priority over fixing the highest individual CVSS.

“Mythos isn’t just finding missed bugs,” Baer said. “It’s invalidating the assumption that vulnerabilities are independent. Security programs that don’t adapt, from coverage thinking to interaction thinking, will keep reporting green dashboards while sitting on red attack paths.”

VentureBeat will update this story with additional operational details from Glasswing’s founding partners as interviews are completed.

The farthest journey in human history concluded Friday evening when NASA’s Artemis II astronauts returned to Earth after a flight around the moon. The crew’s Orion space capsule named Integrity splashed down in the Pacific Ocean off the coast of San Diego shortly after 5 pm Pacific Time, marking the end of a 10-day, more than 695,000-mile voyage beyond the lunar far side and back.

The four-person crew of Artemis II—commander Reid Wiseman, pilot Victor Glover, mission specialist Christina Koch, and mission-specialist Jeremy Hansen—traveled a greater distance from Earth than ever before, reaching 252,756 miles from our home planet.

“We most importantly choose this moment to challenge this generation and the next to make sure this record is not long-lived,” said Canadian astronaut Hansen as the crew passed the previous record of 248,655 miles set during Apollo 13.

Integrity began its fiery descent when the spacecraft hit Earth’s atmosphere at about 24,000 miles per hour, entering a communication blackout and decelerating from friction as its heat shield reached temperatures of roughly 3,000 degrees Fahrenheit. The plan was for the capsule to deploy two drogue parachutes at an altitude of about 22,000 feet, slowing it to about 200 miles per hour, then deploy pilot chutes pulling the three main parachutes at roughly 6,000 feet. This would further slow the spacecraft to around 20 miles per hour before it splashed into the ocean.

During their mission, the Artemis II crew saw things that no human has seen before. Flying higher above the lunar surface than the Apollo missions, the astronauts were the first people to see the entire disk of the moon’s far side. They also witnessed a solar eclipse from the vicinity of the moon as the sun slipped behind the lunar disk and illuminated it from behind.

“Humans probably have not evolved to see what we are seeing,” said NASA astronaut Glover during the eclipse. He and the rest of the crew described a halo of light surrounding the moon while one side of the lunar surface was bathed in earthshine. Venus, Mars, and Saturn shone among the stars. “It is truly hard to describe. It is amazing.”

Artemis II began on April 1 when the crew launched from NASA’s Kennedy Space Center in Florida atop the 322-foot-tall Space Launch System rocket, the most powerful vehicle to ever carry humans. After conducting multiple altitude-raising engine burns and testing the manual controls of the spacecraft, the crew proceeded with the engine firing known as translunar injection on day two of the mission, which sent them on a trajectory to the moon.

For the next three days, the crew tested the Orion spacecraft’s systems, practiced putting on their spaceflight suits, conducted additional course correction burns, manually flew the Orion capsule again, and prepared for the lunar flyby around the far side of the moon. They also had trouble venting wastewater from the Orion capsule’s toilet into space.

“We definitely have to fix some of the plumbing,” NASA administrator Jared Isaacman said during a conversation with the crew.

At 12:41 am Eastern Time on April 6, Artemis II entered the lunar sphere of influence, where the moon’s gravity overcomes that of Earth. That day, the crew made their closest approach to the moon, flying to about 4,000 miles above the lunar surface. During the lunar flyby, the crew communicated with a team of scientists on the ground, both before and after a roughly 40-minute communication blackout on the far side, to describe geologic features such as craters and canyons.

Just after breaking the distance record, the crew proposed names for two young, unnamed craters on the moon. The first they called Integrity, after their spacecraft, and the second they named Carroll, in honor of commander Reid Wiseman’s wife, who died of cancer in 2020.

In short: France’s Interministerial Digital Directorate (DINUM) announced on 8 April 2026 that it is migrating its own workstations from Windows to Linux and has ordered every government ministry to formalise a plan to eliminate extra-European digital dependencies by autumn 2026. The directive covers operating systems, collaborative tools, cloud infrastructure, and artificial intelligence platforms. It follows France’s January 2026 mandate to replace Microsoft Teams and Zoom with its domestic Visio platform across 2.5 million civil servants by 2027, and is the most comprehensive digital sovereignty measure the French state has yet announced.

What France is actually committing to

An interministerial seminar convened on 8 April by the Directorate General for Enterprise, the National Agency for Information Systems Security, and the State Procurement Directorate produced a directive with two immediate obligations. DINUM itself, which employs roughly 250 agents, will migrate its workstations from Windows to Linux. All other ministries, including their operators and affiliated bodies, must produce their own reduction plans before autumn 2026. The plans are required to address eight categories of dependency: workstations and operating systems, collaborative and communication tools, antivirus and security software, artificial intelligence and algorithms, databases and storage, virtualisation and cloud infrastructure, and network and telecommunications equipment.

No specific Linux distribution has been named in the public announcement, and individual ministries retain the flexibility to choose their migration path within that framework. The software replacement strategy for the most common desktop tasks is already in place in the form of La Suite Numérique, a stack of sovereign productivity tools developed and maintained by DINUM. It includes Tchap, an end-to-end encrypted messaging application already deployed to more than 600,000 civil servants, Visio for video conferencing, a sovereign webmail service, file storage, and collaborative document editing.

The entire platform is hosted on Outscale servers, a subsidiary of Dassault Systèmes, and is certified SecNumCloud by the French information security agency ANSSI. As of April 2026, La Suite had been tested by some 40,000 regular users across departments before the broader mandate. The next milestone is a first set of “Industrial Digital Meetings” scheduled for June 2026, where DINUM intends to formalise public-private coalitions to support the transition.

The precedent that makes this credible

Announcements of government Linux migrations have a long and largely disappointing history. Most have quietly reversed course under the weight of compatibility problems, vendor pressure, and the path dependence of legacy software. France has a reason to believe this time is different, and the reason is the Gendarmerie nationale. Beginning in 2004 with a phased adoption of OpenOffice, Firefox, and Thunderbird, the Gendarmerie progressively built the internal competencies and governance structures required for a full operating system switch. In 2008 it launched GendBuntu, its customised Ubuntu-based deployment.

By June 2024, GendBuntu ran on 103,164 workstations, representing 97% of the force’s computing estate. The financial outcome has been unambiguous: the project saves approximately two million euros per year in licensing costs and has reduced the total cost of ownership by an estimated 40%. In February 2026, the Gendarmerie was cited explicitly by DINUM as the governance model for the national rollout.

The international context adds further validation. Germany’s state of Schleswig-Holstein, which began its own Microsoft-to-Linux transition in earnest in 2024, completed nearly 80% of its 30,000-workstation migration by early 2026 and recorded savings of €15 million in licensing costs in 2026 alone. The lesson both cases illustrate is the same: phased migration with coherent governance, strong internal support functions, and sustained political will consistently outperforms big-bang approaches that attempt to switch everything at once.

The geopolitical trigger

The April 8 announcement does not exist in isolation. It is the operating-system layer of a digital sovereignty strategy that France has been accelerating visibly since late 2024, driven in significant part by the changed relationship with the United States under the Trump administration. Trump’s tariffs reignited Europe’s push for cloud sovereignty from April 2025 onward, with OVHcloud and Scaleway reporting record client growth as European institutions began actively seeking to reduce their exposure to American vendors. In November 2025, France and Germany convened a joint summit on European digital sovereignty, establishing a task force to report in 2026.

In January 2026, France announced it would replace Teams and Zoom with its homegrown Visio platform for all 2.5 million civil servants by 2027, a move described at the time as digital sovereignty moving from slogan to policy. The April 8 Linux mandate is the same logic applied to the operating system itself. Anne Le Hénanff, Minister Delegate for Artificial Intelligence and Digital Technology, has framed the imperative plainly: “Digital sovereignty is not an option, it is a strategic necessity.” David Amiel, Minister of Public Action and Accounts, who led the announcement alongside Le Hénanff, stated that France “can no longer accept that our data, our infrastructure, and our strategic decisions depend on solutions whose rules, pricing, evolution, and risks we do not control.”

The context for that framing is structural: US cloud providers control an estimated 85% of the European cloud market, according to Synergy Research Group, and spending on sovereign European cloud infrastructure is forecast to more than triple to €23 billion by 2027. Europe’s broader bid to reclaim its technology stack has moved from a niche policy concern to a headline political priority across the continent, and France is now moving faster than any other EU member state at the level of government desktop infrastructure.

The limits and the open questions

The April 8 directive is a mandate, not a completed migration. The absence of a specified Linux distribution means each ministry will face its own procurement and compatibility decisions, and the history of public sector IT projects suggests that autumn 2026 plans will vary enormously in ambition and specificity. Certain categories of specialist software, particularly in defence, healthcare, and financial regulation, have deep dependencies on Windows-specific applications for which open-source alternatives either do not exist or are not yet production-ready.

DINUM has acknowledged this through the flexibility it has built into the framework, but the question of how many of those remaining dependencies can realistically be resolved by a government-mandated roadmap is one that will only be answered over the next two to three years. The sovereignty strategy also contains a structural irony that will persist regardless of which operating system runs on civil servant desktops. Even as France replaces Windows with Linux and Teams with Visio, the twelve European AI startups selected for Amazon’s 2026 AWS Pioneers cohort illustrate that the continent’s most ambitious technology projects continue to be built and scaled on American cloud infrastructure. Replacing the desktop layer matters, but it sits above a cloud and compute substrate that remains predominantly American.

The full sovereignty project, if France and its partners are serious about it, will eventually have to address that substrate too. For now, the direction is clear, the political will is real, and the Gendarmerie’s 103,000 Linux workstations provide proof that the goal is achievable at scale. 2025 established AI as the defining technology of the decade, and the decisions governments make now about which infrastructure that AI runs on, and under whose legal jurisdiction, will shape the continent’s digital autonomy for the next generation.

Forrester’s research has shown that a failure to commit to long-term, inclusive AI education can greatly impact an organisation.

Research and advisory firm Forrester has published the results of a report in which it explored the ramifications for employers and their organisations, when there is a failure to promote AI education across the entirety of a company.  

The AIQ 2.0: Employees (Still) Aren’t Ready To Succeed With Workforce AI report found that while the majority of AI decision-makers and their organisations are using predictive and generative AI (GenAI), only half say they offer training in this area to non-technical employees. As a result, many companies are failing to invest in AI understanding, skills and ethics among the wider workforce. 

The report said: “Those that have tried to upskill haven’t been particularly successful, yet people remain central to the success of your AI strategy.”

Employer readiness

According to a previous report issued by Forrester, the State of AI 2025 survey, almost 70pc of AI decision-makers said they are using GenAI in deployed production applications, while 20pc use it to run experiments and among automation decision-makers. 81pc of automation decision-makers also said AI copilots that assist employees in their work are important applications. 

Forrester suggests that this is indicative of a growing problem in which there is a growing disconnect between the AI needs of a company and the actions being taken. 

“AI is becoming more important to the work lives of employees and employees must adapt,” said the organisation. “But adaptation isn’t coming quickly or easily. Many employers remain mired in an environment of low skills and employee fears that isn’t conducive to successfully adopting workforce AI or driving productivity from its use.”

Research found that the proportion of AI decision-makers across six countries who said their organisations offer internal training on AI to non-technical employees only grew from 47pc in 2024 to 51pc in 2025, an improvement of just 4pc. Also only growing by 4pc was the number of AI decision-makers who said that their organisations offer training on prompt engineering – which Forrester finds to be a key skill for using most workforce AI tools in the modern era – which grew from 19pc to 23pc. 

Fear factor

Forrester also noted that fears around ‘stunt adoption’ and AI-related job loss are hindering implementation, despite Forrester’s opinion that “very few jobs were lost to AI in 2025”. Data indicated that future job loss, while possible, will not constitute a job apocalypse, yet fears persist, due in part to a failure by organisations to correctly or consistently discuss and explain the process of introducing AI.  

The report said: “Forrester’s 2025 data shows that 43pc of employees fear that, in general, many people will lose their jobs to automation in the next five years, while 25pc fear it will impact their own job during that span. This creates an ambient environment of fear and mistrust.”

The organisation added that one business leader said some of their employees fear job less, which turns them away from AI “altogether”.

“Organisations that fail to frame workforce AI as an opportunity builder for employees and that don’t articulate the benefits from an employee perspective see fears of job loss magnified,” said Forrester.

So, how might fears and anxieties be reduced so employers and employees can better embrace the changing landscape?

According to Forrester’s research, comprehensive learning and engagement programmes are key, with the report noting that leading organisations move beyond formal training and invest in continuous, hands-on learning and peer-based approaches that drive real adoption and impact.

Commenting on the findings of the report, JP Gownder, a vice-president and principal analyst at Forrester said: “Employers aren’t giving their people the skills, understanding, or ethical grounding they need to succeed with AI and it’s becoming a clear bottleneck to productivity and ROI. Our research shows most organisations are rolling out AI tools without investing in employees’ ability to use them effectively.

“To close the gap, businesses must move beyond surface-level training and build continuous, hands-on learning that demystifies AI, addresses employee concerns and develops real capability. This isn’t about replacing workers, it’s about enabling them to work smarter with AI.

“The organisations that treat AI literacy as a strategic priority, not a box-ticking exercise, will be the ones that unlock meaningful productivity gains and long-term competitive advantage.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.