OpenAI grants European regulators access to GPT‑5.5‑Cyber for evaluation

OpenAI said on May 11 that it would give European Union institutions, governments, cyber authorities and selected companies access to GPT-5.5-Cyber, a restricted version of its latest model built for advanced cybersecurity work. The offer puts European regulators closer to the model than they are to Anthropic’s rival Mythos system, according to statements from the European Commission and OpenAI. (cnbc.com) The move comes as new testing from the United Kingdom’s AI Security Institute and Palo Alto Networks found frontier models are completing complex cyber tasks faster than prior trend lines had suggested. OpenAI is pairing the rollout with its Trusted Access for Cyber program, which limits use to vetted defenders and keeps blocks on clearly harmful activity. (openai.com) ### Which European officials are getting access, and what did Brussels say? The European Commission said on May 11 that OpenAI had proactively offered access to its new cyber model to the bloc. Thomas Regnier, a Commission spokesperson, said at a press briefing that the EU welcomed OpenAI’s “transparency” and its intent to give the Commission access to the model. He said the arrangement would allow officials to follow deployment closely and address security concerns, with further talks planned that week. Anthropic has not made a comparable offer to date, according to Regnier’s briefing. He said the Commission had held “four or five” meetings with Anthropic, but discussions were “not yet at the same stage” as those with OpenAI on possible model access. (cnbc.com) ### Which companies did OpenAI add to the program in Europe? Reuters reported on May 12 that OpenAI was extending access to its latest models, including GPT-5.5-Cyber, to Deutsche Telekom, BBVA and dozens of other European companies. The report named Telefónica, Sophos and Scalable Capital among the additional participants. OpenAI said the aim was to help those organizations strengthen resilience against vulnerabilities in their systems. (cnbc.com) George Osborne, OpenAI’s head of OpenAI for Countries, said AI labs should not be the only groups deciding cyber safety questions and said Europe’s defenders should have access to defensive tools that trusted actors can use. (cnbc.com) His comments were included in OpenAI’s announcement of an EU cyber action plan tied to the wider rollout. ### What exactly is GPT-5.5-Cyber, and how is it different from normal access? OpenAI said on May 7 that GPT-5.5-Cyber was being rolled out in limited preview to defenders responsible for securing critical infrastructure. The company said the model is meant for specialized workflows including vulnerability identification and triage, malware analysis, binary reverse engineering, detection engineering and patch validation. (msn.com) Trusted Access for Cyber, launched on February 5, is the company’s identity- and trust-based framework for giving verified defenders lower refusal rates on legitimate defensive tasks while still blocking requests tied to credential theft, stealth, persistence, malware deployment or exploitation of third-party systems. (cnbc.com) OpenAI also said it committed $10 million in API credits when it launched the program. ### Why are regulators and security teams paying attention now? The U.K. AI Security Institute and Palo Alto Networks published findings on May 13 showing that OpenAI’s GPT-5.5 and Anthropic’s Claude Mythos Preview had moved ahead of earlier benchmarks for autonomous cyber work. (openai.com) AISI said the models had exceeded the doubling trend it had tracked since late 2024 for the time horizon of cyber tasks models can complete reliably. AISI said Claude Mythos Preview completed one 32-step simulated corporate network attack in six of 10 attempts, while GPT-5.5 completed the same range in three of 10 attempts. Palo Alto Networks said it had tested GPT-5.5-Cyber through OpenAI’s Trusted Access for Cyber program and described the latest models as highly capable at finding vulnerabilities and turning them into exploit paths quickly. (openai.com) Palo Alto said its AI-assisted scanning led to advisories covering 26 CVEs representing 75 issues across more than 130 products. ### What safeguards is OpenAI attaching to the rollout? OpenAI said safeguards remain in place to block malicious activity even for approved users. (cyberscoop.com) The company also said individuals using its most permissive cyber models through Trusted Access for Cyber will be required to enable Advanced Account Security starting June 1, 2026. June 1 is the next concrete milestone in the rollout. European Commission officials said further talks with OpenAI were planned after the May 11 briefing, while OpenAI said GPT-5.5-Cyber remains in limited preview for vetted defenders and critical-infrastructure security teams. (cnbc.com) (openai.com) (cyberscoop.com)