OpenAI offers GPT-5.5-Cyber access

OpenAI has moved to give European officials and companies a closer look at one of its most cyber-capable models as Brussels presses major AI developers on safety oversight. The company said this week that it would extend access to GPT-5.5-Cyber to vetted defenders and to European partners including institutions, businesses and cyber authorities. The offer puts OpenAI in a different position from Anthropic, whose Mythos cyber model has raised alarms in Europe without a comparable access arrangement so far. The split comes as the European Union continues implementing the general-purpose AI provisions of its AI Act and the related code of practice. ### Which European groups are getting access, and to what? OpenAI said on May 12 that Deutsche Telekom, BBVA and dozens of other European companies would receive access to its latest models, including GPT-5.5-Cyber, to help identify vulnerabilities and strengthen defenses. Reuters reported that other participants include Telefonica, Sophos and Scalable Capital. (openai.com) The company’s May 7 post said GPT-5.5-Cyber is being rolled out in limited preview to defenders responsible for securing critical infrastructure. OpenAI said the model sits inside its Trusted Access for Cyber program, which lowers refusal rates for approved defensive work such as vulnerability identification, malware analysis, reverse engineering, detection engineering and patch validation. ### What did Brussels say it wants from OpenAI? (finance.yahoo.com) Thomas Regnier, a European Commission spokesperson, said on May 11 that the Commission welcomed OpenAI’s “transparency and intent” to give it access to the new model. CNBC reported that Regnier said further discussions were planned that week and that access would allow the Commission to follow deployment closely and address security concerns. George Osborne, who leads OpenAI’s OpenAI for Countries initiative, said in a statement carried by CNBC that “AI labs like ours shouldn’t be the sole arbiters of cyber safety.” He said the company’s EU Cyber Action Plan would work with European policymakers, institutions and businesses to widen access to defensive tools for trusted actors. (openai.com) ### Why is Anthropic part of the story? Anthropic released Mythos in April with restricted access to selected partners, and European officials have said they still do not have the same level of preview access they are discussing with OpenAI. (cnbc.com) Regnier said the Commission had held “four or five” meetings with Anthropic, but that those talks were “not yet at the same stage” as the arrangement on the table from OpenAI, according to CNBC. Politico reported in April that officials from eight national European cyber agencies said they had little or no meaningful access to Mythos, with only Germany’s agency saying it had entered talks with Anthropic and had not yet tested the model. The same report said Anthropic had initially handpicked 12 U.S.-headquartered technology companies as its closest access circle. ### How does this fit into Europe’s AI rulebook? (cnbc.com) The European Commission says its general-purpose AI code of practice is a voluntary tool meant to help providers show compliance with the AI Act’s obligations on safety, transparency and copyright. The Commission says the code was published on July 10, 2025, and that providers can sign it to reduce administrative burden and gain more legal certainty. (politico.eu) The same Commission page says the safety-and-security chapter applies to the small number of providers of the most advanced general-purpose models that face systemic-risk obligations under Article 55 of the AI Act. That gives context to why model access, testing and documentation have become central points in the Commission’s talks with frontier AI labs. ### Why are some companies leaning in while others are pulling back? (digital-strategy.ec.europa.eu) OpenEvidence, a U.S. clinical AI company, halted access to its service in the EU and the U.K., saying “mounting regulatory uncertainty” around AI rules in those regions was the reason. Telehealth.org reported that a screenshot of the service restriction was shared on April 28 and that the company tied the move in part to the EU AI Act. (digital-strategy.ec.europa.eu) That contrast leaves Europe with two different responses from U.S. AI companies in the same month: OpenAI offering regulators and selected firms more model access, and OpenEvidence withdrawing a health AI product from the region. The next concrete date is June 1, 2026, when OpenAI says users of its most cyber-capable and permissive models will be required to enable Advanced Account Security. (openai.com) (telehealth.org)