OpenAI offers EU cyber access

OpenAI said on May 11 that it would give the European Union access to GPT-5.5-Cyber, a specialized version of its latest model, after rolling it out in limited preview to vetted cybersecurity teams on May 7. The company said European partners would include businesses, governments, cyber authorities and EU institutions such as the AI Office. (cnbc.com) Commission spokesperson Thomas Regnier said Brussels welcomed the offer and planned further talks that week on how access would work. Anthropic, whose Mythos model has been under separate discussion with the Commission, had not yet reached the same stage, Regnier said. ### What exactly did OpenAI offer Europe? (openai.com) OpenAI said European partners would be granted access to GPT-5.5-Cyber, which it describes as a limited-preview model for defenders responsible for securing critical infrastructure. The company said the access would sit inside its Trusted Access for Cyber program, or TAC, which is designed for verified defensive users rather than general public deployment. Thomas Regnier said the Commission had already exchanged with OpenAI and had more discussions scheduled during the week of May 11. He said the arrangement would allow the EU to “follow deployment of the model very closely” and address security concerns as the system is rolled out. (cnbc.com) ### Which companies and institutions are part of the EU push? CNBC reported that OpenAI’s European access plan covered businesses, governments, cyber authorities and EU institutions including the AI Office. Separate reporting cited Deutsche Telekom and BBVA among the companies receiving access as OpenAI tried to widen use of defensive cyber tools in Europe. (cnbc.com) George Osborne, OpenAI’s head of OpenAI for Countries, said in a statement that “AI labs like ours shouldn’t be the sole arbiters of cyber safety” and said the company wanted Europe’s defenders to have access to the latest defensive tools. Osborne said the effort would run through an “OpenAI EU Cyber Action Plan” aimed at policymakers, institutions and businesses. (cnbc.com) ### How is GPT-5.5-Cyber different from ordinary access? OpenAI said on May 7 that GPT-5.5-Cyber was being offered with “proportional safeguards” for specialized cybersecurity workflows. The company listed vulnerability identification and triage, malware analysis, binary reverse engineering, detection engineering and patch validation among the tasks approved users could perform with lower refusal rates than standard access. (cnbc.com) OpenAI also said the safeguards would continue to block requests tied to credential theft, stealth, persistence, malware deployment or exploitation of third-party systems. The company said TAC is an identity- and trust-based framework meant to place stronger cyber capabilities in the hands of verified defenders. (cnbc.com) ### Why does the EU care about early access to these models? The European Commission has been pressing major AI companies for more visibility into frontier systems that could affect public safety and critical infrastructure. Regnier said the OpenAI offer would help the Commission monitor deployment and address security concerns, while discussions with Anthropic were still “at a different stage.” (openai.com) A May 13 note from the Universitat Oberta de Catalunya showed the broader regulatory backdrop in Europe is still widening. The university said researcher Miguel Ángel Elizalde had examined how the EU AI Act could indirectly apply to neurotechnologies as AI becomes more embedded in tools that interpret or influence brain activity. (openai.com) ### Is this happening as Europe tightens AI rules? The Council of the European Union and European Parliament said on May 7 they had reached a provisional agreement on a proposal to simplify parts of the EU’s digital and AI rulebook. The institutions said the package was meant to streamline implementation and reduce recurring administrative costs for companies. (cnbc.com) OpenEvidence’s withdrawal from the EU and UK, reported in late April and May by trade publications, has been cited by industry observers as one example of companies reacting to regulatory uncertainty around AI systems used in sensitive settings such as healthcare. (uoc.edu) Those reports said the company cited uncertainty around how AI rules would apply to its clinical decision-support product. ### What comes next in the OpenAI program? June 1, 2026 is the next explicit milestone OpenAI has set for the cyber program. The company said individual TAC users accessing its most cyber-capable and permissive models will be required to enable Advanced Account Security from that date. (consilium.europa.eu) Further talks between OpenAI and the European Commission were scheduled for the week of May 11, Regnier said. Those discussions are expected to cover how EU institutions and other European partners will review and use GPT-5.5-Cyber under the company’s Trusted Access for Cyber framework. (cnbc.com) (openai.com) (telehealth.org)