OpenAI offers GPT-5.5 access

OpenAI has moved on two fronts at once: expanding access to its newest cyber model in Europe while stepping into a separate U.S. policy fight over child safety online. On May 12, the company said Deutsche Telekom, BBVA and dozens of other European companies would get access to GPT-5.5-Cyber and related models through its Trusted Access for Cyber program. A day later, OpenAI publicly endorsed the Kids Online Safety Act in Washington. The moves land as European regulators tighten AI rules and some companies complain that compliance costs are rising. Here’s the thread. 1/ OpenAI said on May 12 that it was granting access to its latest models, including GPT-5.5-Cyber, to Deutsche Telekom, BBVA and dozens more European companies to help strengthen defenses against software vulnerabilities. Reuters reported that other named participants included Telefónica, Sophos and Scalable Capital. (wifc.com) 2/ The program is called Trusted Access for Cyber, or TAC. OpenAI said on May 7 that TAC is an identity- and trust-based framework meant to give verified defenders more useful cyber capabilities while still blocking requests tied to credential theft, stealth, malware deployment or exploitation of third-party systems. 3/ OpenAI’s own description is narrow: the company says vetted users can use the models for vulnerability identification and triage, malware analysis, binary reverse engineering, detection engineering and patch validation. (wifc.com) It also says safeguards remain in place for harmful use. 4/ The Europe piece is not just about companies. CNBC reported on May 11 that OpenAI also offered the European Union access to GPT-5.5-Cyber, with European partners including businesses, governments, cyber authorities and EU institutions such as the EU AI Office set to receive access. (openai.com) 5/ Thomas Regnier, a European Commission spokesperson, said at a May 11 briefing that the Commission welcomed OpenAI’s “transparency and intent” to provide access. (openai.com) He said that would allow the EU to follow deployment closely and address security concerns, and added that further discussions were planned that week. 6/ Anthropic was the contrast point in that same discussion. (cnbc.com) Regnier said the Commission had held “four or five” meetings with Anthropic on its Mythos model, but that those talks were “not yet at the same stage” as the arrangement on the table from OpenAI. 7/ OpenAI has framed the rollout as a defensive-access argument. George Osborne, who leads OpenAI for Countries, said “AI labs like ours shouldn’t be the sole arbiters of cyber safety” and said the latest cyber AI capabilities should be available to Europe’s defenders. (cnbc.com) Reuters separately reported that Osborne sent the Commission a letter describing broader access to defensive tools as a way to support public safety and reflect European priorities. 8/ Emmanuel Marill, OpenAI’s managing director for EMEA, said the company was trying to balance access, usefulness and safety as models become more capable. Reuters quoted him saying trusted defenders need tools that are useful for protecting systems, finding vulnerabilities and responding to threats quickly, while dangerous activity still has to be blocked. (cnbc.com) 9/ OpenAI has also attached new security conditions to that access. The company said individual TAC members using its most capable cyber models will be required to enable Advanced Account Security starting June 1, 2026, including phishing-resistant protections. 10/ In a separate development on May 13, OpenAI endorsed the Kids Online Safety Act. Senators Marsha Blackburn and Richard Blumenthal announced the endorsement ahead of a Senate hearing, and OpenAI vice president of global affairs Chris Lehane said the company was “really excited” to support the bill. (wifc.com) (openai.com) 11/ The endorsement matters because it shows OpenAI taking a public position in a live U.S. tech-regulation debate even as it negotiates access and oversight questions in Europe. OpenAI said its support for KOSA was part of a broader push for AI-specific rules for children’s safety, according to Engadget. 12/ Europe’s regulatory backdrop is getting tighter. (blackburn.senate.gov) Telehealth.org reported on May 13 that OpenEvidence halted access to its service in the EU and the U.K., citing “mounting regulatory uncertainty” around the EU AI Act and related rules. The outlet said the company pointed to uncertainty over how AI systems would be treated under European and British frameworks. (engadget.com) 13/ The AI Act itself was published on July 12, 2024, and Telehealth.org said it imposes heightened obligations on many health-related AI systems classified as high risk, including transparency, documentation, validation and oversight requirements. That helps explain why market access and regulator access are becoming part of the same conversation for AI companies operating in Europe. (telehealth.org) 14/ The next concrete checkpoints are already dated: OpenAI’s stricter cyber-user security rules begin June 1, 2026, and the European Commission said on May 11 that further talks with OpenAI over model access were scheduled for that week. (openai.com) (telehealth.org)