OpenAI gives EU cyber access

Cybersecurity models are becoming a policy problem, not just a product story. Europe wants to inspect the most capable AI systems before they spread through critical infrastructure, software pipelines, and security teams. But the awkward gap is simple — regulators cannot really examine what companies will not show them. This week, OpenAI moved first by offering the EU access to GPT-5.5-Cyber, while Anthropic still has not given Brussels access to Mythos. ### What is the actual news? OpenAI said it will grant European partners access to GPT-5.5-Cyber, a cybersecurity-focused version of its latest model, and that group includes businesses, governments, cyber authorities, and EU institutions such as the EU AI Office. European Commission spokesperson Thomas Regnier said talks have already happened and more are planned this week. Anthropic, by contrast, has held several meetings with officials over Mythos but still has not provided access. (cnbc.com) ### What is GPT-5.5-Cyber for? OpenAI is framing the model as a tool for defensive security work — authorized red teaming, penetration testing, and controlled validation. The company’s May 7 security post says GPT-5.5-Cyber sits inside its “Trusted Access for Cyber” program, which is meant to give vetted defenders stronger capabilities without throwing them open to everyone at once. Basically, this is not being pitched as a general chatbot with a cyber skin — it is a gated model for specific security workflows. (cnbc.com) ### Where does Daybreak fit in? Daybreak is the broader OpenAI push around software security. The Daybreak page says the goal is to find risk earlier, validate vulnerabilities, and help teams remediate faster, and OpenAI is already offering Daybreak assessments through a vulnerability-scan workflow. So the model access story and the Daybreak story are connected — one is about who gets to inspect the cyber model, and the other is about turning that capability into a service layer for defenders. (openai.com) ### Why is Anthropic part of the story? Because this is turning into a two-track race. Anthropic’s Mythos has become the comparison point in Europe precisely because regulators want to understand what these cyber-specialized models can do before they become normal tools inside security operations. OpenAI is using openness — at least with vetted institutions — as a competitive signal. Anthropic’s slower posture makes OpenAI look easier for Brussels to work with. (openai.com) That is not just PR; it could shape who becomes the default partner for public-sector cyber programs. ### Why does Europe care so much? Because the EU is trying to regulate frontier AI in a way that goes beyond trust-me paperwork. For systems with serious cyber capability, access matters. A regulator can read policy documents, safety cases, and company summaries, but that is like inspecting a vault by reading the brochure for the lock. At some point, someone needs to see the actual mechanism. The current problem is that Europe still seems to need voluntary cooperation to get that visibility. (the-decoder.com) ### So is this regulation or diplomacy? Right now, it looks like both. OpenAI’s move gives Brussels something concrete — model access, meetings, and a named institutional channel. But it also shows the limit of Europe’s leverage. If one company says yes and another keeps talking without opening the door, oversight becomes uneven by default. The firms end up acting as gatekeepers to their own scrutiny. (the-decoder.com) ### What changes next? The near-term shift is practical. EU officials and vetted European cyber teams can start evaluating GPT-5.5-Cyber in a more direct way, while Anthropic now faces pressure to decide whether Mythos stays tightly controlled or gets a similar review path. The bigger shift is strategic — frontier cyber AI is no longer just about model performance. It is also about who gets access, under what conditions, and who earns enough trust to shape the rules. (cnbc.com) ### Bottom line? OpenAI did not just ship a cyber product. It offered Europe a seat in the evaluation loop. That makes the company look cooperative, puts Anthropic on the defensive, and exposes the real issue underneath the whole story — AI oversight is only as strong as regulators’ ability to get inside the models that matter. (cnbc.com)