OpenAI opens limited GPT-5.5-Cyber preview for vetted security teams

Cybersecurity is becoming one of the first places where frontier AI gets selectively loosened instead of uniformly locked down. That is the real news here. OpenAI sa(openai.com)enders responsible for protecting critical infrastructure and other sensitive systems. The point is not to make the model wildly more powerful than base GPT-5.5. The point is to make it less annoying for legitimate security work. (openai.com) ### What is GPT-5.5-Cyber, exactly? It is a cyber-permissive variant of GPT-5.5(axios.com)al model most security teams should use, while GPT-5.5-Cyber is the narrower version for specialized workflows where the usual safety refusals get in the way of real defensive work. (openai.com) ### What changed on May 7? OpenAI moved from talking about trusted cyber access in general to actually rolling out this more permissive model in limited preview. The company said the first users are defenders securing crit(openai.com)mer. That makes this a gated deployment, not a product launch in the usual sense. (openai.com) ### Why do defenders want a looser model? Because a lot of legitimate security work looks suspicious if you only judge the prompt. Vulnerability triage, malware analysis, binary rev(openai.com)e hacking. A model with blanket refusals slows those jobs down. OpenAI is basically saying the identity of the user and the workflow context should matter more than the raw text alone. (openai.com) ### So what will it still refuse? OpenAI says the safeguards still block credential theft, stealth, persistence, malwar(openai.com)pany wants to hold: deeper analysis for defense, but not help with active intrusion or weaponization. The catch is that this line is easier to write in a policy doc than to enforce perfectly in the wild. (openai.com) ### Who gets in? OpenAI says Trusted Access for Cyber is identity- and trust-based. It uses verification and stronger account security to decide who gets enhanced(openai.com)enable Advanced Account Security starting June 1, 2026. In plain English — if you want the sharper tool, OpenAI wants to know who you are and harden your account first. (openai.com) ### Why now? Because the competitive pressure is obvious. Anthropic’s Claude Mythos Preview landed last month and kicked off a very public argument in Was(openai.com)ightly restricted or broadly shared with defenders. OpenAI is now answering with its own controlled-access path instead of leaving the field to Anthropic. (cnbc.com) ### Is this a capability jump or a policy jump? Mostly a policy jump. CNBC notes OpenAI itself framed GPT-5.5-Cyber as not a major step (openai.com)rity tasks. Axios adds the strategic backdrop: recent testing suggested GPT-5.5 was already close to Mythos on bug-finding and exploitation benchmarks. So the bottleneck was increasingly access and safety behavior, not just model intelligence. (cnbc.com) ### Bottom line OpenAI is(cnbc.com)mplate for how frontier AI gets deployed in other high-risk fields too. (openai.com)