OpenAI Widens GPT-5.5-Cyber Access for Security Researchers

A government benchmark published last week gave the industry a concrete number to argue about. The U.K. AI Security Institute found that GPT-5.5 completed a simulated 32-step corporate cyberattack in two out of ten test runs; Anthropic's competing Mythos Preview succeeded in three of ten. Those results landed at the same moment OpenAI announced it was granting a less-restricted version of the model to vetted security organizations.

The new variant, GPT-5.5-Cyber, became available in limited preview on May 8 through OpenAI's Trusted Access for Cyber program, known as TAC. The initiative launched in February and gives cybersecurity researchers tiered access to capabilities unavailable to standard ChatGPT users. Highest-tier TAC members now receive GPT-5.5-Cyber, a model with wider permissions than even the standard TAC version of GPT-5.5.

What the new permissions actually unlock matters technically. According to SiliconANGLE, the standard TAC version can describe an attack's structure and generate sample malware code but cannot confirm whether an exploit works. GPT-5.5-Cyber crosses that threshold: it can launch a simulated attack against a target system to verify a vulnerability is real and exploitable. That makes it directly applicable to red teaming exercises and automated penetration testing workflows.

Approved organizations will also be able to reverse-engineer malware, automate vulnerability research pipelines, and simulate attack sequences against infrastructure they are responsible for defending, IBTimes reports. Hard limits remain: the model still refuses to assist with credential theft and will not deploy actual malware into live systems.

The race for AI security tools

GPT-5.5 itself launched April 23, less than two months after GPT-5.4. CNBC reported that OpenAI classified GPT-5.5 at a "High" cybersecurity risk level at launch, one tier below "Critical," the threshold for what the company calls "unprecedented new pathways to severe harm." That classification informed how the tiered access structure underlying GPT-5.5-Cyber was designed.

The competitive dynamic is visible in opposite strategies. Anthropic limited access to Mythos Preview specifically because of its security capabilities, while OpenAI is moving toward controlled expansion. Both decisions reflect genuine uncertainty about where the balance sits between defensive utility and offensive risk. Neither company has a benchmark that settles the question, and the artificial intelligence review processes inside governments have not caught up with the pace of releases.

For security practitioners evaluating these tools, the added capability layer changes the calculus meaningfully. A model that validates exploits is more useful for offense simulation, but it also raises the consequence of any access-control failure. TAC's vetting-at-enrollment model places the control point before the model interaction rather than inside it, which means the program's integrity depends entirely on the quality of that vetting.

LLM Stats data shows GPT-5.5 as part of a rapid sequence that included GPT-5.5 Pro and GPT-5.5 Instant within weeks of the base release. The pace suggests OpenAI views this period as a window for capability deployment ahead of more structured regulatory frameworks, a bet that getting tools into defenders' hands now outweighs the orderly coordination that slower rollouts would allow.

The question the industry has not resolved is whether the red-teaming benefits unlocked for defenders will outpace the offensive uplift available to attackers who find ways around access controls. OpenAI's implicit argument, built into the TAC design, is that defenders are systematically under-resourced and that expanding their access corrects an existing asymmetry rather than creating a new one. That case holds as long as the access tier itself holds.

If a future artificial intelligence review of the TAC program finds that vetted credentials were transferred or that exploit-validation outputs were extracted outside approved channels, the controlled-expansion model breaks. For now, GPT-5.5-Cyber marks the furthest OpenAI has gone toward deploying AI as an active participant in security research rather than a passive advisor. Where the next line sits will be determined by what happens to the line that was just crossed.

FAQ

What is GPT-5.5-Cyber and who can access it?
GPT-5.5-Cyber is a cybersecurity-optimized variant of OpenAI's GPT-5.5, available in limited preview to the highest-tier members of the Trusted Access for Cyber program. Access requires organizational vetting by OpenAI; it is not available to standard ChatGPT subscribers.

How does it differ from the version standard ChatGPT users see?
Standard users see a model that refuses or deflects exploitation requests. TAC members get detailed attack descriptions and sample code. GPT-5.5-Cyber adds the ability to verify that a described exploit actually works by running a simulated attack against the target system, a capability the base TAC version lacks.

What safeguards remain active in GPT-5.5-Cyber?
OpenAI states the model blocks assistance with credential theft and refuses to deploy real malware. Exploit validation is scoped to controlled, simulated environments rather than live production systems.

How does GPT-5.5 compare to Anthropic's Mythos Preview on cybersecurity benchmarks?
The U.K. AI Security Institute tested both on a simulated 32-step corporate cyberattack. GPT-5.5 succeeded in two of ten runs; Mythos Preview succeeded in three. Anthropic subsequently limited Mythos' rollout, citing those same capabilities as the reason.