OpenAI Opens GPT-5.5-Cyber to Vetted Defenders After Model Matches Anthropic's Mythos in Security Testing

OpenAI is providing a less-restricted version of GPT-5.5 to vetted cybersecurity defenders through its Trusted Access for Cyber program. The model, dubbed GPT-5.5-Cyber, completed a 32-step simulated corporate cyberattack in 2 out of 10 test runs according to the U.K. AI Security Institute, narrowly trailing Anthropic's Mythos which succeeded in 3 out of 10 attempts.

Limited Access to Critical Infrastructure Defenders

Defenders approved for the highest tier of OpenAI's Trusted Access for Cyber program will receive access to GPT-5.5-Cyber with fewer guardrails than the publicly available model. The specialized version allows security teams to hunt for bugs, study malware, and reverse engineer attacks.

According to OpenAI, the model can write proofs of concept for discovered vulnerabilities and run simulations to test organizational security posture. Users remain blocked from credential theft and malware creation, but can now automate common cybersecurity workflows.

A second, more restricted version of GPT-5.5 is available to other Trusted Access program members for understanding unfamiliar code, mapping attack surfaces, and reviewing security patches.

Testing Results Show Near-Parity with Anthropic

The U.K. AI Security Institute reported last week that GPT-5.5 successfully completed a complex 32-step simulated corporate cyberattack in 2 out of 10 test runs. Anthropic's Mythos achieved the same in 3 out of 10 runs. Before Mythos, no AI model had ever successfully completed that test.

A source familiar with GPT-5.5-Cyber's capabilities told Axios the model's abilities are roughly on par with Mythos, with one major recent test putting Mythos narrowly ahead.

Divergent Distribution Strategies

OpenAI and Anthropic are pursuing different approaches to deploying their cyber-capable models. Anthropic has taken a more restrictive stance, limiting Mythos access to approximately 40 organizations. Some participants are part of Project Glasswing, where members share information about model testing.

OpenAI is adopting a more open strategy by releasing one version with strict guardrails publicly while providing versions with reduced safeguards to vetted organizations through its application process.

What This Means

The near-parity between GPT-5.5 and Mythos in cybersecurity capabilities marks a significant inflection point in AI-assisted offensive security. With two frontier models now capable of completing complex, multi-step cyberattacks that previously required human expertise, the AI industry faces pressure to establish consistent deployment standards. The White House is reportedly discussing executive actions that could regulate future model rollouts, signaling potential federal intervention in how companies distribute advanced AI capabilities. The divergent approaches from OpenAI and Anthropic may serve as test cases for balancing security research needs against proliferation risks.