The company said the model is aimed at organizations responsible for protecting critical infrastructure and handling advanced security work. OpenAI described GPT-5.5-Cyber as useful for workflows including vulnerability identification, malware analysis, patch validation, red teaming, penetration testing, and exploit verification in controlled environments.
“GPT-5.5-Cyber lets a smaller set of partners study advanced workflows where specialized access behavior may matter,” OpenAI said in a blog post announcing the preview.
The release builds on OpenAI’s Trusted Access for Cyber program, an identity-based verification framework that gives approved security professionals broader access to the company’s cybersecurity capabilities while maintaining restrictions around malicious activity. Under the system, vetted users receive fewer automated refusals for legitimate defensive work such as binary reverse engineering, detection engineering, and vulnerability triage.
OpenAI said safeguards still block activity tied to credential theft, malware deployment, persistence techniques, or attacks against third-party systems. Beginning June 1, 2026, users accessing the company’s most permissive cyber models will also be required to enable phishing-resistant account protections.
The company illustrated the difference between access levels using examples in which the standard GPT-5.5 model refused to generate exploit code tied to a published vulnerability, while GPT-5.5 with Trusted Access for Cyber could assist with defensive proof-of-concept validation. GPT-5.5-Cyber, meanwhile, was shown carrying out a live-target exploit workflow in a controlled testing environment.
OpenAI said most defenders will likely rely on GPT-5.5 with Trusted Access for Cyber rather than the more permissive GPT-5.5-Cyber model. The company described the new preview as part of an iterative deployment process designed to support specialized security workflows while pairing access with stronger verification, monitoring, and approved-use controls.
The rollout comes shortly after Anthropic launched Claude Mythos Preview under a cybersecurity initiative called Project Glasswing. Anthropic’s release drew attention from both government officials and large financial institutions. According to reports, Anthropic CEO Dario Amodei met with senior Trump administration officials to discuss the model and its implications, while Federal Reserve Chairman Jerome Powell and Treasury Secretary Scott Bessent later met with major U.S. bank CEOs to discuss the technology.
OpenAI positioned GPT-5.5-Cyber as part of a broader effort to accelerate defensive cybersecurity work across the industry. The company said it is working with partners including Cisco, CrowdStrike, Palo Alto Networks, Cloudflare, Intel, Rapid7, SentinelOne, Snyk, and Okta to test how the models can support incident response, vulnerability research, supply chain security, and detection workflows.
“At Cisco, we view frontier models as a powerful force multiplier for defenders,” said Anthony Grieco, Cisco’s chief security and trust officer. “The true value of this technology isn’t found in the model alone, but in the enterprise-ready framework we wrap around it.”
OpenAI also said GPT-5.5-Cyber has already been used during alpha testing to support automated red teaming and validation of high-severity vulnerabilities. The company said it plans to release additional technical details in a future disclosure.
This analysis is based on reporting from CNBC.
Image courtesy of OpenAI.
This article was generated with AI assistance and reviewed for accuracy and quality.
