OpenAI rolls out GPT-5.5-Cyber for critical infrastructure defenders
OpenAI is offering vetted cyber defenders a limited preview of GPT‑5.5‑Cyber, a version of its latest AI model, which OpenAI describes as its “smartest and most intuitive model to date”.
-
OpenAI releases GPT-5.5-Cyber for vetted cyber defenders with reduced refusals for legitimate security work.
-
The model can complete 32-step corporate network attack simulation, nearly matching Anthropic's heavily restricted Mythos.
-
"Trusted Access for Cyber" framework blocks malicious activity like credential theft while enabling vulnerability research.
The company says that GPT‑5.5, paired with its identity and trust-based framework, Trusted Access for Cyber (TAC), is its strongest broadly useful model for legitimate defensive work.
“We are focused on providing proportional safeguards and access to empower cyber defenders to protect society, and our approach has been informed by conversations with cybersecurity and national security leaders across federal and state government and major commercial entities,” the company’s press release says.
TAC is designed to secure and enhance the use of GPT‑5.5, making it more useful for cyber defenders while restricting requests that could enable real-world harm.
OpenAI says that vetted defenders approved for TAC will receive lower classifier-based refusals to support their work, including vulnerability identification and triage, malware analysis, binary reverse engineering, detection engineering, and patch validation.
Have thoughts about this topic? Others do, too. Join them in the discussion.
However, malicious activity, such as credential theft, stealth, persistence, malware deployment, or exploitation of third-party systems, will still be blocked.
Researchers at the UK AI Security Institute said that GPT-5.5 “is one of the strongest models we have tested on our cyber tasks”, reaching similar performance levels to Anthropic's Claude Mythos.
During the testing, the model was able to complete a 32-step corporate network attack simulation in 2 of 10 attempts, while Mythos, which was the first model to ever complete the test, did so in 3 of 10 attempts.
The release comes amid growing debate over the increasingly advanced capabilities of AI systems. Anthropic has heavily restricted the use of its Mythos model, allowing access to about 40-50 companies and organizations that maintain critical software infrastructure or lead tech development.
OpenAI appears to be taking a less rigid approach. According to Axios, the company plans to release its most advanced model with strict safeguards while offering a separate version with fewer restrictions to approved organizations.
Unlock more exclusive Cybernews content on YouTube.
