Schneier: GPT-5.5 Matches Claude Mythos at Finding Software Vulnerabilities

Vulnerability discovery is the first place where AI tips a real-world balance of power, and it's tipping toward chaos before defense. Every CISO should assume their codebase will be scanned by adversaries using GPT-5.5 within 90 days, because the model is already public. The defensive playbook — continuous AI-assisted code review, dependency scanning, runtime monitoring — needs to be operational now, not next budget cycle. The companies that win the next year are the ones that already wrote the procurement order.