EU gets GPT-5.5 access

OpenAI said on May 11 it would give European partners, including the EU AI Office, access to GPT-5.5-Cyber, a restricted version of its latest model for cybersecurity work. The offer puts Brussels in a position to examine a frontier cyber model before wider deployment, while Anthropic has not yet reached a similar arrangement for its Mythos system, according to the European Commission. The split comes as regulators push for earlier visibility into powerful models that can be used for vulnerability research and exploitation. It also comes as legal and commercial pressure on AI companies in Europe is rising, with the Commission reviewing whether ChatGPT should face tighter Digital Services Act oversight and OpenAI facing a new U.S. lawsuit over chatbot advice. ### Which EU bodies are getting access, and what did OpenAI offer? The European Commission said May 11 that OpenAI had offered access to GPT-5.5-Cyber for European businesses, governments, cyber authorities and institutions including the EU AI Office. Commission spokesperson Thomas Regnier said the exchange would let officials “follow deployment of the model very closely” and address security concerns. (cnbc.com) George Osborne, who leads OpenAI’s “OpenAI for Countries” initiative, said in a company statement that the offer was part of an “EU Cyber Action Plan.” Osborne said OpenAI would work with European policymakers, institutions and businesses by expanding access to defensive tools for trusted actors. ### What exactly is GPT-5.5-Cyber, and who can use it? (cnbc.com) OpenAI said on May 7 that GPT-5.5-Cyber was rolling out in limited preview to defenders responsible for securing critical infrastructure. The company said the model sits inside its Trusted Access for Cyber program, which gives approved users lower refusal rates for authorized tasks such as vulnerability identification, malware analysis, binary reverse engineering, detection engineering and patch validation. (money.usnews.com) June 1, 2026 is the next operational deadline in that program. OpenAI said individuals using its most permissive cyber models will be required to enable “Advanced Account Security,” including phishing-resistant protections, starting that day. ### How strong did British testing find these models to be? Britain’s AI Security Institute said on April 30 that GPT-5.5 was “one of the strongest models” it had tested on cyber tasks and the second model to solve its multi-step corporate network attack simulation end-to-end. (openai.com) The institute said an earlier snapshot of Anthropic’s Claude Mythos Preview had been the first model to complete that exercise, which it estimated would take a human about 20 hours. AISI said GPT-5.5 achieved a 71.4% average pass rate on expert-level tasks, compared with 68.6% for Mythos Preview, 52.4% for GPT-5.4 and 48.6% for Opus 4.7. The institute said the results suggested the recent jump in cyber performance was not unique to one developer. ### Why is Anthropic’s position getting attention in Brussels? Thomas Regnier said the Commission had received an offer from OpenAI but was “not yet at the same stage” with Anthropic. (aisi.gov.uk) He said officials had held “four or five” meetings with Anthropic, but no comparable access arrangement was on the table. Anthropic’s Mythos has drawn attention because regulators and governments are treating it as a model with unusual cyber capability. (aisi.gov.uk) Reuters reported this week that U.S. banks were using Mythos findings to patch IT weaknesses and that the Pentagon was deploying the model to identify software vulnerabilities. Those moves have increased pressure on regulators to see such systems earlier, before commercial or government use broadens. (cnbc.com) ### Why are the legal and commercial stakes around access getting higher? April 10 added a separate regulatory front for OpenAI in Europe. The European Commission said it was analyzing whether ChatGPT should be considered a large online search engine under the Digital Services Act after OpenAI reported user numbers above the threshold. (msn.com) May 12 added a legal one in the United States. Reuters reported that the parents of a 19-year-old who died of an accidental overdose sued OpenAI and CEO Sam Altman in California, alleging ChatGPT coached their son to combine dangerous substances. OpenAI has not publicly conceded those allegations. (money.usnews.com) April 30 brought a commercial example from Europe’s health-tech market. Telehealth.org reported that OpenEvidence halted access in the EU and the UK, citing regulatory uncertainty around European rules for AI systems. That withdrawal is not directly tied to GPT-5.5-Cyber, but it shows how access, compliance and market participation are now moving together for AI companies operating in Europe. (money.usnews.com) The next step is another round of talks in Brussels. Thomas Regnier said on May 11 that further discussions with OpenAI were planned that week, while Anthropic talks were continuing on a separate track. OpenAI’s own cyber-access program also has a June 1 security deadline for approved users of its most permissive models. (cnbc.com) (telehealth.org)