OpenAI offers EU access to cyber model

Cyber models are the new pressure point in the AI race. These systems are built to help with vulnerability hunting, malware analysis, and defense work — but the same capabilities can obviously spill into offensive use. That is why Brussels has been pushing for direct access instead of taking company assurances on faith. Now OpenAI has blinked first and offered the European Union preview access to GPT-5.5-Cyber, while Anthropic still has not opened Mythos to EU officials. ### What is OpenAI actually offering? OpenAI said European partners — including governments, businesses, cyber authorities, EU institutions, and the EU AI Office — will be able to access GPT-5.5-Cyber in a limited preview. This is not a general public release. It is a vetted-access setup for defenders and regulators who want to test what the model can do in real security workflows. CNBC and Politico both describe the model as a specialized version of OpenAI’s latest system for identifying software vulnerabilities and supporting cyber operations. (politico.eu) ### Why did Brussels want direct access? Because “trust us” is not enough when the model in question can surface weaknesses in widely used software. EU officials have spent the past few weeks trying to understand whether frontier cyber models create risks that ordinary model evaluations miss. Direct access lets authorities test edge cases themselves — basically, can the model help patch systems, and can it also lower the barrier to abuse? (cnbc.com) That is a much more concrete form of oversight than reading a safety memo after launch. ### Why is Anthropic in the middle of this too? Because Anthropic’s Mythos got there first and set the benchmark for this whole debate. But the Commission said Anthropic still has not made a comparable access offer to the EU, even after “four or five” meetings. That matters because Europe does not want a world where U.S. firms and a small circle of insiders can test advanced cyber models while European authorities mostly watch from the outside. (politico.eu) OpenAI’s move raises the pressure on Anthropic to match it. ### Is GPT-5.5-Cyber just a hacking model? Not exactly. The cleaner way to think about it is as a model with looser permissions for authorized security work. OpenAI has framed the system as useful for vulnerability identification, malware analysis, reverse engineering, patch validation, secure code review, and detection engineering, while still blocking things like credential theft or malware deployment. The catch is that the line between defense and offense is thin — the same map that helps a blue team find a hole can help an attacker find it faster. (cnbc.com) ### Why does this suddenly feel urgent? Because the IMF just made the case that AI-driven cyber risk is no longer a niche technical problem. In a May 7 post, the fund warned that advanced AI models can cut the time and cost of finding and exploiting vulnerabilities, making correlated failures more likely across shared software, cloud, payments, and financial infrastructure. In plain English — one smart automated attack against common systems could spread stress through markets much faster than older cyber incidents did. (eweek.com) ### Why does sovereign access matter so much? Because regulators do not just care whether a model is powerful. They care who gets to test it before it spreads. If national and EU authorities can probe these systems early, they have a better shot at spotting dangerous failure modes, writing rules that fit the technology, and preparing banks, utilities, and public networks for what is coming. Without that access, oversight becomes reactive. (imf.org) ### So what changed here? The practical change is that OpenAI moved from shipping a cyber model to vetted security teams into letting European public authorities look under the hood too. That does not settle the safety debate. But it does mark a shift from private testing toward shared institutional scrutiny — and that is probably the model Brussels wants for every high-risk frontier system from here on out. (politico.eu) ### Bottom line This is really a fight over who gets early visibility into dangerous AI capabilities. OpenAI just gave Europe a foothold. Now the question is whether that becomes the norm — or a one-off concession before more powerful cyber models arrive. (politico.eu) (cnbc.com)