OpenAI gives EU cybersecurity access

OpenAI granted European Union officials access to a cybersecurity-focused version of its latest model on May 12, 2026, allowing regulators to test its capabilities directly. The move provides EU authorities with a specialized model variant designed for cybersecurity evaluations, including vulnerability detection and penetration testing simulations. OpenAI described this as a step toward "proactive cooperation" with regulators amid rising demands for transparency in AI safety. Anthropic, by contrast, has not offered similar access to its Claude models, according to EU officials cited in reports. 1/ EU regulators pushed for this access as part of broader scrutiny over AI's role in cybersecurity risks. The specialized model lets officials run red-team exercises—simulated attacks—to probe for weaknesses without needing full API keys to production systems. OpenAI's concession marks the first time a major lab has shared such a targeted tool with the bloc. 2/ Recent benchmarks from the UK's AI Security Institute highlight why this matters. Their May 2026 report tested frontier models on cybersecurity tasks like exploit generation and defense strategy. OpenAI's GPT-5.5 scored 87% on vulnerability identification, up from 62% for GPT-4o in prior tests. Anthropic's Claude Mythos Preview hit 82%, also a jump from earlier versions—but both trailed human experts at 94%. 3/ Those gains come from scaled training on synthetic cyber datasets, institute director Ian Hogarth said in the report. GPT-5.5 excelled at zero-day exploit prediction, generating code for unpatched flaws in 14/20 test cases. Claude Mythos flagged evasion tactics better, spotting 91% of obfuscated malware samples. OpenAI separately endorsed the U.S. Kids Online Safety Act on May 10, calling for AI safeguards against predatory content. 4/ Pressure for model access isn't isolated to cybersecurity. Courts and regulators worldwide are demanding it alongside liability rules. In Argentina, a Buenos Aires family sued OpenAI on May 14, 2026, alleging ChatGPT gave overdose advice that led to their 17-year-old son's death in March. The suit seeks $5 million and full model logs to prove negligence. 5/ OpenEvidence, an AI medical diagnostics firm, exited Europe entirely on May 8 after clashing with GDPR enforcers over model opacity. CEO Sarah Jain said EU demands for "black box" inspections made operations untenable, pulling service from 12 countries. The departure underscores a transatlantic divide: U.S. labs face lighter disclosure rules. 6/ Back in the EU, this OpenAI access sets a template. Officials plan tests through June 2026, focusing on dual-use risks—AI aiding both defenders and attackers. A follow-up review with France's CNIL and Germany's BfDI is slated for Q3. If successful, it could expand to general-purpose models under the AI Act's high-risk tier. 7/ Anthropic's lag persists: CEO Dario Amodei told Reuters on May 13 they prioritize "internal safety" over regulator previews, citing IP concerns. OpenAI's move may pressure rivals, especially as U.S. export controls on AI chips tighten EU-U.S. collaboration. Watch the UK institute's full GPT-5.5 teardown report next week.