1 hour ago
3
OpenAI has released GPT-5.5-Cyber to vetted cyber defenders, giving them reduced guardrails for specialized security workflows.
Summary
- OpenAI’s GPT-5.5-Cyber is the most permissive model in its lineup, available in limited preview to approved partners doing advanced security work.
- Vetted teams can use it for bug hunting, malware analysis, and reverse engineering, but malware writing and credential theft remain blocked.
- The launch follows rival Anthropic’s Claude Mythos Preview rollout a month earlier, which drew investor and government attention.
OpenAI released GPT-5.5-Cyber on May 7 in limited preview, targeting security professionals defending critical infrastructure. The company describes it as the most permissive model in its cybersecurity lineup, aimed at specialized authorized workflows for a smaller group of approved partners with stronger verification requirements and account-level controls.
The cyber-specific version makes it easier for vetted teams to use OpenAI’s latest model for vulnerability identification, patch validation, and malware analysis, workflows where the guardrails built into the generally available GPT-5.5 would have created friction.
OpenAI said: “GPT-5.5-Cyber lets a smaller set of partners study advanced workflows where specialized access behavior may matter.”
What defenders can and cannot do
Defenders approved for the highest tier of OpenAI’s Trusted Access for Cyber program receive a version of GPT-5.5 with fewer guardrails than the public model, enabling bug hunting, malware study, and reverse engineering of attacks. Credential theft and writing malware remain blocked regardless of access level.
During early testing, selected partners used GPT-5.5-Cyber to automate and expand red-teaming exercises on infrastructure systems and to validate high-severity vulnerabilities. OpenAI plans to document the findings in a future technical deep dive as part of a responsible disclosure process.
The UK AI Security Institute published an evaluation of GPT-5.5 across 95 narrow cyber tasks. The institute found that basic tasks have been fully saturated by leading models since at least February 2026, though it cautioned its testing does not reflect performance against well-defended real-world targets with active defenders and alert penalties.
Competitive pressure
The rollout comes a month after Anthropic released Claude Mythos Preview, a cyber-focused model that drew attention from investors and senior members of the Trump administration, even after Anthropic had been blacklisted by the Pentagon weeks earlier.
AI cybersecurity has become a formal competitive front, with both companies raising questions about who controls AI offense and defense tools and who bears responsibility when those capabilities are misused.
OpenAI noted it has also provided access to an earlier model, GPT-5.4-Cyber, to the US Center for AI Standards and Innovation and the UK AI Security Institute for independent evaluation. The standard GPT-5.5 remains its recommended entry point for most defenders.
English (US) · 