OpenAI Launches GPT-5.5-Cyber With Restricted Access After Criticizing Anthropic

OpenAI is preparing to launch GPT‑5.5-Cyber, a specialized frontier model built for cybersecurity work — and it will not be available to the general public. CEO Sam Altman said on X that the model will roll out "to critical cyber defenders" in the next few days, with OpenAI working with the U.S. government and the broader ecosystem to figure out trusted access.

The model, a specialized version of the recently released GPT‑5.5, can perform penetration testing, vulnerability identification and exploitation, and malware reverse engineering,.¹ OpenAI has set up an application on its website where people submit information about their credentials and planned use to gain access.

Here is the part that stings. When Anthropic similarly restricted access to its Mythos cybersecurity model, Sam Altman ¹ per TechCrunch. Some critics agreed at the time, saying Anthropic's rhetoric about Mythos being too dangerous for public release was overblown.

Now OpenAI is deploying the exact same playbook. The company says it is working to make Cyber more widely available by consulting with the U.S. government and identifying users with legitimate cybersecurity credentials — language that mirrors what Anthropic said about Mythos. The irony was not lost on observers: TechCrunch noted that an unauthorized group reportedly managed to gain access to Mythos anyway, raising questions about whether restricted access actually works.

The UK's AI Security Institute (AISI) evaluated an early checkpoint of GPT‑5.5 on its suite of 95 narrow cyber tasks across four difficulty tiers. The results are striking: on Expert‑level tasks, GPT‑5.5 achieves an average pass rate of 71.4% (±8.0%), compared to 68.6% (±8.7%) for Mythos Preview, 52.4% (±9.8%) for GPT‑5.4, and 48.6% (±10.0%) for Opus 4.7, per the AISI evaluation.

"On this measure, GPT‑5.5 may be the strongest model we have tested," the AISI wrote. This suggests that the leap in cyber capabilities is not specific to one model or one company — it is a broader trend across frontier AI development.

AISI also tested models on "The Last Ones" (TLO), a 32‑step corporate network attack simulation built with SpecterOps. The simulation spans four subnets and roughly 20 hosts, modeling the kill chain of an enterprise intrusion — from reconnaissance through credential theft, lateral movement across Active Directory forests, a CI/CD supply‑chain pivot, and finally exfiltration of a protected internal database. AISI estimates a human expert would need around 20 hours to complete the full chain.

According to the AISI, GPT‑5.5 completed TLO end‑to‑end in 2 of 10 attempts, making it the second model to do so. Mythos Preview, the first, solved it in 3 of 10 attempts. Both results were obtained at a 100M‑token budget per attempt. Performance on TLO continues to scale with inference compute, and AISI has not yet observed a plateau.

The staggered rollout of GPT‑5.5-Cyber is part of a growing trend in the AI industry. OpenAI has previously restricted releases of cybersecurity‑focused models, as well as its life sciences model GPT‑Rosalind, The Verge reported. Anthropic followed the same playbook with Mythos, though it bungled the secure release in embarrassing ways.

The White House has taken a keen interest in Mythos' rollout, The Verge noted, and has recently opposed plans to expand access further. This creates a complex regulatory environment where AI companies are simultaneously competing to release the most capable models while restricting who can use them — and the rules about who qualifies as a "trusted" user remain unclear.

For developers building security tools, the dual release of GPT‑5.5-Cyber and Claude Security marks a turning point. AI‑powered vulnerability scanning is moving from experimental to production‑grade, but access remains gated. Builders who qualify as "cyber defenders" can apply through ¹ for Cyber access, while Claude Security is now available to Claude Enterprise customers.

The competitive dynamics also matter. With both OpenAI and Anthropic offering restricted cybersecurity models, builders may need to navigate multiple access programs and compliance requirements. The AISI data showing that performance continues to scale with inference compute suggests that the security capabilities of these models will only increase — making the question of who gets access, and who decides, more urgent with each model generation.