Key Takeaway
OpenAI has introduced GPT-5.5-Cyber, a limited-preview version of GPT-5.5 designed for vetted cybersecurity teams defending critical systems. The model is not positioned as smarter than standard GPT-5.5, but as a less restrictive tool for legitimate workflows such as vulnerability triage, patch validation, penetration testing, and malware analysis.
GPT-5.5-Cyber – Key Points
The Story
OpenAI is rolling out GPT-5.5-Cyber to selected cybersecurity professionals through its Trusted Access for Cyber program. The launch follows Anthropic’s Mythos Preview, a restricted cybersecurity model released under Project Glasswing that is now linked to an investigation into reported unauthorized access through a third-party vendor environment. OpenAI is using a tiered access model that keeps standard restrictions for public users while giving vetted defenders more permissive tools for specialized security work. The company also previewed the model for the White House, the Commerce Department’s Center for AI Standards and Innovation, select Congressional committees, and other key agencies.
The Facts
GPT-5.5-Cyber is a cybersecurity-focused version of GPT-5.5.
It is built for vetted defenders working on legitimate security tasks involving critical systems and infrastructure.
The model is being released in limited preview.
Access is restricted to approved cybersecurity professionals and selected teams, not the general public.
Access runs through OpenAI’s Trusted Access for Cyber program.
Defenders must be vetted and approved for TAC membership before receiving access.
OpenAI is using three access tiers.
The public model keeps standard restrictions, a middle tier relaxes filters for defensive work, and GPT-5.5-Cyber provides the fewest restrictions for authorized penetration testing and advanced defensive workflows.
Approved users on the highest access tier must add phishing-resistant authentication from June 1, 2026.
This requirement applies to individual users granted the most permissive access.
GPT-5.5-Cyber is not being positioned as a smarter cyber model.
The Cyber variant is designed to be less restrictive on security-related tasks, rather than more capable than standard GPT-5.5.
Supported workflows include vulnerability identification, triage, patching, and penetration testing.
The model is intended to help defenders find, assess, prioritize, reproduce, and fix cyber vulnerabilities.
Patch validation and malware analysis are also supported.
Security teams can use the model to review fixes and investigate malicious software in approved defensive settings.
Some harmful actions remain blocked.
The model is designed to support legitimate security work while refusing requests such as stealing passwords or attacking third-party systems.
Launch partners include major cybersecurity and technology firms.
Cisco, CrowdStrike, Palo Alto Networks, Cloudflare, Intel, Snyk, and SentinelOne are listed among launch partners.
The release follows Anthropic’s Mythos Preview.
Anthropic limited Mythos access through Project Glasswing to selected organizations including Apple, Amazon, Cisco, CrowdStrike, Google, JPMorgan Chase, Microsoft, Nvidia, and other cleared organizations because of its advanced vulnerability-exploitation capabilities.
Advanced cyber models are drawing government and security scrutiny.
The White House has been discussing how to secure highly capable AI models, while Anthropic is investigating reported unauthorized access to Claude Mythos through a third-party vendor environment.
Access / Availability
GPT-5.5-Cyber is available only to vetted cybersecurity professionals and selected teams in a limited preview. OpenAI’s access route is broader than Anthropic’s Mythos Preview, which is limited to selected organizations through Project Glasswing, but GPT-5.5-Cyber is still not a public model. Through Codex Security, select developers working on major open-source projects also receive discounted access.
Benchmarks / Evidence Check
The UK AI Security Institute recently tested GPT-5.5 and Claude Mythos in a simulated 32-step attack chain against a corporate network. GPT-5.5 completed the full chain in 2 out of 10 runs, while Mythos completed it in 3 out of 10. On individual expert-level tasks, GPT-5.5 slightly outperformed Mythos.
Background / Context
OpenAI introduced GPT-5.5-Cyber shortly after the release of GPT-5.5 and after Anthropic’s Mythos Preview attracted attention in cybersecurity, government, finance, and national security circles. Mythos is described as capable of identifying and exploiting vulnerabilities across major operating systems and web browsers when instructed to do so. OpenAI previously said it was scaling Trusted Access for Cyber to thousands of verified individual defenders and hundreds of teams defending critical software.
Why This Matters
Cybersecurity is becoming one of the clearest areas where general AI safeguards can conflict with legitimate professional use. GPT-5.5-Cyber shows OpenAI moving toward a tiered access model: broader safeguards for the public, and more permissive behavior for verified defenders working in controlled settings. The reported Claude Mythos access incident also shows that model access control is becoming as important as model safety testing.
This article was drafted with the assistance of generative AI. All facts and details were reviewed and confirmed by an editor prior to publication.
OpenAI is rolling out GPT-5.5 Instant as ChatGPT’s default model, with better accuracy, low latency and memory-source controls.
OpenAI releases ChatGPT Images 2.0 with reasoning, multilingual text, web search, broader aspect ratios, and multi-image output.
OpenAI launched Workspace Agents in ChatGPT for team workflow automation, with Slack, Salesforce, scheduling, memory and Codex execution.
OpenAI is reportedly accelerating a ChatGPT phone, with MediaTek likely to supply the chip and mass production possible in 2027.
Read a comprehensive monthly roundup of the latest AI news!
