OpenAI's New Cyber Offensive: GPT-5.5-Cyber and Expanded Access
OpenAI has officially launched its advanced AI cyber model, GPT-5.5-Cyber, a specialized variant of its powerful GPT-5.5 model, designed to bolster cybersecurity defenses. This release is part of an expanded Trusted Access for Cyber (TAC) program, which aims to provide vetted cybersecurity defenders with access to cutting-edge AI capabilities. The program is scaling up to include thousands of individual defenders and hundreds of teams responsible for securing critical software.
The core objective of GPT-5.5-Cyber is to empower security professionals to execute complex tasks more efficiently by lowering refusal boundaries for legitimate security work. Key capabilities include binary reverse engineering, enabling security experts to analyze compiled software for potential malware, vulnerabilities, and overall security robustness without needing access to the source code. OpenAI's strategy emphasizes democratized access, iterative deployment, and investment in ecosystem resilience, supporting the security community through initiatives like its Cybersecurity Grant Program and Codex Security.
The AI Cybersecurity Arms Race: OpenAI vs. Anthropic's Mythos
OpenAI's launch of GPT-5.5-Cyber directly positions it against Anthropic's highly capable Claude Mythos Preview model, intensifying the ongoing AI cybersecurity arms race. Both frontier AI models have demonstrated significant prowess in identifying and exploiting software vulnerabilities at speeds far exceeding human capabilities. The AI Security Institute (AISI) conducted evaluations, finding that GPT-5.5 is one of the strongest models tested on cyber tasks, capable of solving multi-step cyber-attack simulations end-to-end. Similarly, Claude Mythos Preview was the first to complete a corporate network attack simulation end-to-end, a task estimated to take a human around 20 hours.
While GPT-5.5 scored 71.4% on expert cyber tasks and completed a reverse-engineering challenge in 10 minutes for $1.73, Claude Mythos scored 68.6% on similar benchmarks. However, Mythos has garnered attention for its ability to uncover deeply hidden, long-standing vulnerabilities, such as a 27-year-old bug in OpenBSD. This highlights a nuanced difference in their strengths: GPT-5.5 appears to excel in speed and cost for defined tasks, while Mythos demonstrates a capacity for deep, patient analysis of large codebases.
Safeguards, Access, and Government Engagement
The deployment of such powerful AI models has sparked an urgent debate regarding safeguards and responsible access. OpenAI's Trusted Access for Cyber program is built on principles of identity verification and trust, ensuring that enhanced cyber capabilities are placed in the hands of legitimate defenders. This includes automated identity verification for individuals and partnerships with organizations for more cyber-permissive models. OpenAI has committed to expanding the TAC program to governments at federal, state, and local levels, including national security missions and critical infrastructure defense, with a focus on the US and its allies.
In contrast, Anthropic has adopted a more restricted approach, initially ruling out public release of Claude Mythos due to its potential cybersecurity threats, opting instead for a controlled defensive effort with selected critical software organizations through Project Glasswing. This difference in philosophy has led to a debate about whether open access to powerful AI is ultimately safer than a more controlled release. OpenAI maintains that democratizing access, with robust safeguards, will ultimately lead to a more resilient cybersecurity ecosystem.
The Evolving Landscape of AI in Cyber Defense
The introduction of models like GPT-5.5-Cyber and Claude Mythos Preview signifies a fundamental shift in the cybersecurity landscape, moving towards machine-speed vulnerability discovery, exploit validation, and attack-path chaining. This necessitates a new security operating model where organizations must find, validate, prioritize, patch, segment, detect, and contain threats faster than adversaries can exploit weaknesses. The US Pentagon views these frontier AI models as a "huge opportunity" to develop more secure code and mitigate vulnerabilities more efficiently, moving away from labor-intensive patching methods.
OpenAI has also introduced new voice intelligence features in its API, which could have applications in customer service, education, and creator platforms, further expanding the reach of its AI technologies. Additionally, the company is enhancing user safety with a new 'Trusted Contact' safeguard for cases of possible self-harm, demonstrating a broader commitment to responsible AI development. However, ongoing legal challenges, such as Elon Musk's lawsuit scrutinizing OpenAI's safety record, continue to place the company's commitment to its founding mission under the microscope.