OpenAI opens GPT-5.5 cyber access

OpenAI said on May 12 that it had expanded European access to GPT-5.5-Cyber, a cybersecurity-focused version of its latest model, through a supervised program for vetted defenders. Reuters reported that Deutsche Telekom, BBVA and Telefónica were among the companies added, alongside Sophos and Scalable Capital. The move followed a May 11 statement from the European Commission that OpenAI had offered Brussels access to the model for oversight. Anthropic, by contrast, had not yet reached the same stage with regulators over its own cyber model, Mythos. ### Which companies are getting access, and on what terms? Reuters reported on May 12 that OpenAI was granting access to GPT-5.5-Cyber and related models to Deutsche Telekom, BBVA and dozens more European companies to help harden their systems against vulnerabilities. Telefónica, Sophos and Scalable Capital were also named as participants in the expanded program. The companies are being admitted through OpenAI’s “Trusted Access for Cyber” framework, which the company describes as a vetted-access system for defensive cybersecurity work. (finance.yahoo.com) OpenAI said on May 7 that GPT-5.5-Cyber was rolling out in limited preview to defenders responsible for critical infrastructure. The company said approved users receive fewer automated refusals for tasks such as vulnerability triage, malware analysis, reverse engineering, detection engineering and patch validation, while safeguards still block uses including credential theft, stealth, persistence, malware deployment and exploitation of third-party systems. (finance.yahoo.com) ### What exactly did European regulators confirm? Thomas Regnier, a European Commission spokesperson, said on May 11 that Brussels welcomed “OpenAI’s transparency and intent to give commission access to new model.” CNBC reported that Regnier said further discussions were planned that week and that access would allow the Commission to follow deployment closely and address security concerns. The Decoder separately reported that possible recipients inside the EU system could include the AI Office, ENISA and DG Connect, though Regnier said the final allocation had not yet been decided. (openai.com) Regnier also said Anthropic discussions were “not yet at the same stage as the solution we have on the table from OpenAI.” According to The Decoder, he said the Commission had held “four to five meetings” with Anthropic on Mythos but was not in a position to say whether equivalent access would be granted. ### Why is GPT-5.5-Cyber being handled differently from a normal model release? (cnbc.com) OpenAI said on May 7 that GPT-5.5-Cyber was built for specialized workflows and was being released with “proportional safeguards and access.” The company drew a distinction between standard GPT-5.5 access for broad defensive work and GPT-5.5-Cyber for more permissive, tightly controlled use by verified defenders. It said the program is identity- and trust-based, rather than a public product launch. (cnbc.com) Emmanuel Marill, OpenAI’s managing director for Europe, the Middle East and Africa, told Reuters there was an “important balance” between access, usefulness and safety as model capability rises. He said trusted defenders needed tools that were useful for protecting systems and finding vulnerabilities quickly, while dangerous activity still had to be blocked. (openai.com) ### What changed in the benchmark debate? The UK AI Security Institute said on May 13 that Anthropic’s Claude Mythos Preview and OpenAI’s GPT-5.5 had both moved beyond the capability trend lines it had been tracking since late 2024. CyberScoop reported that AISI had previously estimated frontier models’ cyber-task autonomy was doubling about every five months, after an earlier estimate of roughly eight months in November 2025. The institute said the latest results outperformed those lines. (finance.yahoo.com) AISI said Mythos completed “The Last Ones,” a 32-step simulated corporate network attack, in 6 of 10 attempts, while GPT-5.5 completed it in 3 of 10 attempts. CyberScoop also reported that Palo Alto Networks tested Claude Mythos, Claude Opus 4.7 and GPT-5.5-Cyber and said the newest systems were highly capable at finding vulnerabilities and turning them into exploit paths. (cyberscoop.com) ### What happens next for the access program? June 1, 2026 is the next operational deadline in OpenAI’s program. OpenAI said individual members of Trusted Access for Cyber who use its most permissive cyber-capable models will be required to enable Advanced Account Security from that date. The Commission’s talks on which EU bodies will receive access were still continuing this week, according to Regnier’s May 11 briefing, while European companies including Deutsche Telekom, BBVA and Telefónica have already been named in the supervised rollout. (cyberscoop.com) (openai.com)