The Open-Source Frontier Is Closing Faster Than Anyone Planned — Including Us
textak has held a 75% probability on open-source models matching closed frontier performance, and today's news doesn't weaken that position — it stress-tests the definition of 'frontier' in ways we need to sit with. The GPT-5.6 Sol release, the Anthropic Mythos export control situation, and the Alibaba-Claude distillation attack all landed within 72 hours of each other, and together they reveal something important: the frontier is simultaneously advancing and being weaponized, which changes the competitive dynamics our forecast was built on.
Our 75% reflects three compounding factors we've weighted heavily: Meta's sustained open-source investment, the verified 100x compute cost reduction making training accessible, and benchmark convergence data showing Llama-class models approaching GPT-4-era performance on standard evals. None of that has changed. What has changed is our clearest look yet at what 'closed frontier' actually means in mid-2026. GPT-5.6 Sol is being released under White House-negotiated government access restrictions because its cybersecurity capabilities are considered a national security concern. Anthropic's Mythos triggered export controls that have kept it offline for two weeks. We are now in a world where frontier model capability is being treated like weapons-grade material. That is a different competitive landscape than 'OpenAI has some unreleased tricks.'
The Alibaba distillation attack disclosure adds a layer that cuts in both directions for our forecast. On one hand, it confirms that the gap between open and closed is real enough that Alibaba needed 25,000 fake accounts and 28.8 million API calls to try to steal it — if the gap were trivial, the attack wouldn't be worth running. On the other hand, distillation attacks are evidence that the gap IS closeable through synthetic data from frontier models, which is exactly the mechanism our 75% relies on. Alibaba didn't match Claude by training on internet data; they tried to train on Claude's reasoning outputs directly. That's circumstantial evidence that brute-force capability transfer is viable, but it's not proof the resulting model achieves parity — Anthropic shut the attack down before we'd know.
Here's the part of our thesis that requires honest recalibration: our forecast defines 'frontier performance' against a moving target, and the target just moved in a category — cybersecurity reasoning — that open-source models are explicitly being kept away from through export controls. If the U.S. government successfully restricts the most capable frontier behaviors to approved partners, 'open-source matches frontier' becomes structurally harder to verify, not because the capability gap widens but because the benchmark goalposts are legally restricted. We're not moving our 75% today, but we're flagging this as the clearest challenge to our forecasting framework since we initiated the position.
What would move us: If Llama 5 or a comparable open model achieves verifiable top-tier performance on the CYBERSEC-EVAL or equivalent benchmark without government restriction by Q4 2026, we'd consider moving above 80%. If export controls expand to cover training data or model weights in open-source adjacent domains, we'd drop below 65%. The number we're watching most closely isn't a benchmark score — it's whether the ARD interoperability standard released today by Google, Microsoft, GitHub, NVIDIA and others becomes the infrastructure layer where open models demonstrate production parity with closed ones in agentic contexts. That's the real frontier now.