OpenAI supplies new model to Japan megabanks for security

Japan’s biggest banks are getting an AI-powered security upgrade, courtesy of OpenAI. The company’s GPT-5.5-Cyber model will be supplied to the Japanese government and select companies starting in May 2026, following negotiations during US Treasury Secretary Scott Bessent’s recent visit to Tokyo.

The three megabanks set to benefit, MUFG Bank, Sumitomo Mitsui Banking Corp. (SMBC), and Mizuho Bank, collectively form the backbone of Japan’s financial system.

The deal behind the deployment

The OpenAI arrangement emerged from broader US-Japan discussions that covered cybersecurity improvements across 15 critical infrastructure sectors.

OpenAI’s contribution comes in the form of GPT-5.5-Cyber, a model specifically designed to bolster defensive security capabilities. The model targets government agencies and a curated list of private sector partners, with Japan’s megabanks sitting near the top of that list.

But OpenAI isn’t the only AI firm at the table. Anthropic’s Claude Mythos, launched in April 2026, is also headed to Japan’s megabanks. Access is expected by the end of May 2026. Mythos was built to autonomously detect zero-day vulnerabilities across critical systems, and since its release, it has already revealed thousands of them.

In English: zero-day vulnerabilities are security flaws that software makers don’t know about yet, which means there’s no patch, no fix, and no defense until someone finds them.

To coordinate all of this, a new public-private working group has been formed with 36 member entities. The group includes the megabanks, AI firms like Anthropic and OpenAI, and other key stakeholders from Japan’s security ecosystem. Mizuho’s Chief Information Security Officer chairs the group.

What this means for investors

The deployment of AI-specific cybersecurity models to Japan’s largest financial institutions marks a significant inflection point for the intersection of AI and enterprise security.

That last part is where things get complicated. Japanese regulators have expressed concern about the potential misuse of these same AI models. A tool that can find zero-day vulnerabilities for defenders can, in the wrong hands, find them for attackers too. The working group’s mandate includes developing guardrails to prevent exactly that scenario.

Disclosure: This article was edited by Editorial Team. For more information on how we create and review content, see our Editorial Policy.