"We will work with the entire ecosystem and the government to figure out trusted access for cyber," Sam Altman wrote on X, announcing a restricted rollout of OpenAI's newest model.
Sam Altman and OpenAI's restricted GPT-5.5-Cyber rollout
Altman's post on X said the rollout of GPT-5.5-Cyber will begin "in the next few days," and that access will be limited to a handpicked circle of "trusted defenders" whose mission is to "rapidly help secure companies and infrastructure." OpenAI describes the initial audience as "cyber defenders" working to secure critical systems, and Altman added the company will coordinate with "the entire ecosystem and the government" to determine how to grant trusted access for cyber operations.
Capabilities OpenAI says GPT-5.5-Cyber has
OpenAI presents GPT-5.5-Cyber as a tool built to find and exploit vulnerabilities and to analyze malicious code. According to the announcement quoted in the reporting, the model can "pentest, find bugs, exploit them, and tear apart malware." That combination — offensive testing plus rapid analysis of malware — is the explicit rationale given for restricting access to a vetted group.
Anthropic's precedent: Claude Mythos and earlier gatekeeping
The decision comes just weeks after Anthropic rolled out its cyber-focused model, Claude Mythos, to roughly 50 organizations under strict controls. Anthropic said Claude Mythos "would never be made publicly available." Altman had publicly criticized that approach; as reported by TechCrunch, during an appearance on the Core Memory podcast he said: "There are people in the world who, for a long time, have wanted to keep AI in the hands of a smaller group of people," and likened such exclusivity to exploiting fear: "We have built a bomb, we are about to drop it on your head. We will sell you a bomb shelter for $100 million."
Independent evaluation: the UK's AI Security Institute
Independent testing has not dismissed the model as marketing. The UK's AI Security Institute said GPT-5.5-Cyber is "one of the strongest models we have tested on our cyber tasks," and noted it is only the second system to complete one of its multi-step attack simulations end to end. That independent assessment supports OpenAI's claim that the model can perform complex, end-to-end offensive security simulations.
What this means for technologists and security teams, policymakers, and adversaries
- Technologists and security teams: The group of "trusted defenders" will be able to test critical systems with a model OpenAI says can both find and exploit flaws; teams that do not gain access will need to weigh how to replicate similar capabilities or rely on partners who do.
- Policymakers and regulators: Altman's explicit pledge to "work with the entire ecosystem and the government to figure out trusted access for cyber" places public authorities in a central role for defining who is eligible and what safeguards will govern a model that can both break and fix systems.
- Adversaries and threat actors: Independent testing suggests the model is capable of end-to-end attack simulations, underscoring the risk that such tools, if misused, could accelerate exploitation — a concern the company frames as the reason for tightly controlled access.
OpenAI has moved to restrict access to a system it argues can be used to rapidly defend infrastructure; that same capability, the company acknowledges, can be used to attack it. Altman's earlier criticism of Anthropic's tight controls — and Anthropic's contemporaneous claim that Claude Mythos would "never be made publicly available" — make OpenAI's decision a pointed reversal in practice if not in rhetoric.
The facts now on the table are straightforward: GPT-5.5-Cyber is being routed to a vetted set of cyber defenders, the UK AI Security Institute finds the model strong on simulated tasks, and OpenAI intends to work with government to define "trusted access." The remaining, concrete question the announcement leaves open is simple and consequential: who exactly will be chosen as the "trusted defenders," and by what criteria will that access be granted?
