OpenAI quietly ships GPT-5.5-Cyber, locked to vetted defenders only

OpenAI has begun rolling out GPT-5.5-Cyber, a specialized version of its latest frontier model tuned for offensive-grade security work, in a limited preview that is not open to the public.openai Access is gated through the company's Trusted Access for Cyber program and restricted to defenders "responsible for securing critical infrastructure," reversing the broad-release playbook OpenAI normally uses for new models.openai +1 The move follows Anthropic's similarly restricted rollout of its Claude Mythos cyber model — and lands months after Sam Altman publicly criticized Anthropic for doing exactly that.

A locked door, not a launch

GPT-5.5-Cyber is designed to issue fewer refusals on dual-use security tasks such as vulnerability research, malware analysis, binary reverse engineering, and patch validation.openai Vetted users get a model that will, for example, build proof-of-concept exploits from published CVEs to validate remediation in authorized environments — work the standard GPT-5.5 declines.openai Hard blocks remain on credential theft, persistence, malware deployment, and exploitation of third-party systems, and individual TAC members must enable phishing-resistant account security by June 1.openai +1 Approval is identity-based, with organizations vetted through the TAC framework rather than self-serve signup.axios

Mythos-class capability, with the same anxiety

Independent testing shows why OpenAI is being cautious. The U.K. AI Security Institute reported that GPT-5.5 completed a 32-step simulated corporate cyberattack in 2 of 10 runs, versus 3 of 10 for Anthropic's Mythos — and before Mythos, no model had ever passed that test at all.axios A source familiar with GPT-5.5-Cyber told Axios its bug-finding capability is "roughly on par" with Mythos.axios Anthropic has limited Mythos to roughly 40 organizations through its Project Glasswing; OpenAI is taking a comparatively broader, but still gated, approach.axios

Government-tier access expands fast

The "trusted defenders" tent is widening quickly. OpenAI has granted access to GPT-5.5-Cyber to Deutsche Telekom, BBVA, Telefónica, Sophos, and Scalable Capital, among dozens of European firms in finance, telecoms, energy, and public services.reuters On Wednesday, South Korea became the third country — after the U.S. and Canada, and alongside Japan in Asia — to join a Governmental Trusted Access for Cyber tier that extends the model to state agencies and public institutions.koreaherald "Our goal is not to keep advanced cyber capabilities in the hands of a small number of organizations," OpenAI Chief Strategy Officer Jason Kwon said in Seoul, contrasting the rollout with Anthropic's tighter posture: "Unlike Anthropic, our approach is more broadly available because we have the compute capacity to support it."koreaherald During alpha testing, OpenAI says, the model has already been used to scale automated red-teaming and validate high-severity vulnerabilities in critical systems.openai