OpenAI releases GPT-5.5-Cyber for vetted corporate security teams to test vulnerabilities

OpenAI has a new cyber model, but this is not a normal product launch. GPT-5.5-Cyber is being offered only through the company’s Trusted Access for Cyber program, which vets people and teams before they get the more permissive version. The point is simple — let real defenders move faster on hard security work without throwing stronger offensive capability onto the open internet. That’s the balancing act here, and OpenAI is now making it much more explicit. (openai.com) ### What actually launched? GPT-5.5-Cyber is a variant of GPT-5.5 tuned for defensive cybersecurity use cases. OpenAI says verified users in Trusted Access for Cyber get lower classifier-based refusals, which means the model is less likely to block legitimate security workflows that a general model might treat as risky. The allowed work includes vulnerability identificati(openai.com)ing, and patch validation. (openai.com) ### Why gate it at all? Because the same skills that help defenders can also help attackers. OpenAI classifies GPT-5.3-Codex and newer models, including GPT-5.4 and GPT-5.5, as having high cybersecurity capability, which triggers extra safeguards in the API. Trusted Access is the company’s answer to that problem — identity checks, trust signals, and tiered access instead (openai.com)ugh to matter and risky enough to control. (developers.openai.com) ### Who can get in? The program is aimed at enterprises and security practitioners doing authorized defensive work. OpenAI’s application page says the pilot covers enterprise teams and practitioners, and the company has already been working with big security-heavy organizations including Cisco, Cloudflare, CrowdStrike, Palo Alto Networks, Oracle, NVID(developers.openai.com)t shows this is not a hobbyist beta — it is being aimed at institutions with real incident response and software defense jobs. (openai.com) ### Why make a separate “Cyber” model? Turns out OpenAI has been moving in this direction for a while. In April it expanded Trusted Access with GPT-5.4-Cyber, a cyber-permissive variant for vetted defenders, and it framed that as preparation for more capable models arriving over the following months. GPT-5.5-Cyber is the next step in that rollout, not a one-off experiment. T(openai.com)e wrapper around the most sensitive use cases. (openai.com) ### What changes for security teams? Mostly speed and less friction. A general-purpose model may refuse or over-refuse when a prompt looks too close to exploit development, malware behavior, or reverse engineering. For a legitimate blue-team workflow, that gets annoying fast. Trusted Access lowers that friction for approved users, so the model can stay useful inside ac(openai.com) is also pairing the program with ecosystem support, including a previously announced $10 million in API credits for cyber defense work. (openai.com) ### Is this just about OpenAI? Not really. This is part of a bigger shift across AI labs and enterprise security — stronger models are becoming too dual-use to ship in exactly the same way to everyone. So companies are carving out controlled channels for sensitive domains like cyber. The important change is not just a new model name. It’s the distribution model: verified (openai.com)d what kind of work you’re authorized to do. (openai.com) ### What’s the bottom line? OpenAI is no longer treating advanced cyber capability as a simple feature release. It’s treating it like controlled infrastructure — useful, powerful, and risky enough that access itself has become part of the product. (openai.com)