OpenAI launches GPT‑5.5‑Cyber preview

Cybersecurity models are turning into a separate product category. That’s the real news here. On May 7, OpenAI said it is rolling out GPT‑5.5‑Cyber in limited preview to defenders responsible for securing critical infrastructure, and it’s doing it through a gated program called Trusted Access for Cyber, or TAC. (openai.com) This is not “ChatGPT but for security.” It is a more permissive version of a frontier model, aimed at people doing work that looks a lot like offensive security from the outside but is supposed to be used for defense. ### What is GPT‑5.5‑Cyber, exactly? It’s a specialized variant of GPT‑5.5 for high-impact security work. OpenAI is positioning plain GPT‑5.5 with TAC as the broadly useful option for most defensive teams, while GPT‑5.5‑Cyber is the narrower, more permissive version for specialized workflows and higher-trust users. (aisi.gov.uk) That distinction matters — the product is not just “smarter,” it is allowed to say and do more inside approved security contexts. ### Why does “more permissive” matter? Because useful security work often looks suspicious. “Find vulnerabilities in my code” can mean responsible patching — or it can mean preparing to break into a system. OpenAI’s pitch is that old blanket refusals created too much friction for legitimate defenders, so vetted TAC users get fewer classifier-based refusals for tasks like vulnerability identification, malware analysis, binary reverse engineering, detection engineering, and patch validation. (openai.com) But the company says the safeguards still block credential theft, stealth, persistence, malware deployment, and exploitation of third-party systems. ### Who actually gets access? (openai.com) Not the general public, and not even every enterprise security team. OpenAI says the preview is for defenders responsible for critical infrastructure, inside its identity- and trust-based TAC framework. TAC itself launched on February 5, 2026, with a promise to expand frontier cyber capabilities while keeping tighter controls around misuse. OpenAI also says users accessing its most permissive cyber models will need phishing-resistant protections, including Advanced Account Security starting June 1, 2026. ### Why launch this now? Because the capability curve has moved. OpenAI released GPT‑5.5 on April 23, and outside evaluators at the UK AI Security Institute said GPT‑5.5 is one of the strongest models they have tested on cyber tasks. (openai.com) In their advanced “Expert” suite, GPT‑5.5 posted a 71.4% average pass rate, ahead of Mythos Preview at 68.6% and GPT‑5.4 at 52.4%. AISI also said GPT‑5.5 became the second model they had seen complete one of their multi-step corporate network attack simulations end to end. ### Is this really about defense, or about the Anthropic race? Both. Anthropic’s Claude Mythos Preview arrived in April and pushed the whole industry into a more explicit conversation about cyber-specialized access. (openai.com) OpenAI’s own framing is defensive — democratize AI-powered defense, raise the baseline, protect critical systems. But the timing also makes clear that frontier labs are now competing on who can serve elite security teams without opening the door too wide. ### What’s the operational catch? The hard part is not just model quality. It’s governance. A model that helps validate patches or unpack malware still needs audit trails, prompt logging, version control, and human sign-off if a company wants to trust it in real workflows. (openai.com) OpenAI is already turning access policy into part of the product — vetting, tiered permissions, stronger account security — because raw capability without controls is not something critical-infrastructure buyers can deploy comfortably. That last part is partly an inference from how TAC is structured, but the direction is obvious. ### So what changed? The big shift is that frontier labs are no longer pretending one safety setting fits everyone. (red.anthropic.com) They are starting to ship different versions of the same underlying intelligence to different users, with different refusal behavior and different security requirements. In cyber, that may be the only way this works. ### Bottom line GPT‑5.5‑Cyber is less a standalone breakthrough than a sign that cyber defense is becoming a first-class deployment lane for frontier AI. The model matters. But the access layer around it may matter just as much. (openai.com)