OpenAI is granting security researchers access to GPT-5.5 and has launched a specialized variant, GPT-5.5-Cyber, designed to significantly reduce request refusals. Currently, access is limited to vetted defenders safeguarding critical infrastructure through the company's "Trusted Access for Cyber" program.
Standard AI chatbots typically block requests that resemble instructions for hacking, serving as a safeguard against misuse. However, these same filters often impede legitimate security work, such as when researchers need to reproduce known vulnerabilities for patching purposes.
OpenAI is now implementing a three-tiered access system: a public model with standard restrictions; a middle tier with relaxed filters for defensive security tasks; and GPT-5.5-Cyber, offering the fewest restrictions for authorized penetration testing.
This system facilitates tasks like analyzing malware or reviewing security patches. OpenAI confirms it continues to block actions such as stealing passwords or attacking third-party systems.
The company's announcement provided examples illustrating the extent of loosened restrictions. While the public model would refuse a request to write a working exploit for a known vulnerability, the middle tier provides the code along with documentation. GPT-5.5-Cyber takes it further: in a demo scenario, it successfully runs an attack against a test server, gains control, and extracts system information.
OpenAI emphasizes that the Cyber variant is not inherently smarter than the standard model, but rather less restrictive on cybersecurity-related topics. Effective June 1, 2026, individual users on the highest access tier will be required to enable phishing-resistant authentication. Launch partners include Cisco, CrowdStrike, Palo Alto Networks, Cloudflare, Intel, Snyk, and SentinelOne. Additionally, selected developers working on major open-source projects can receive discounted access via Codex Security.
This release occurs as both Silicon Valley and the White House address the offensive capabilities of emerging AI models. A source indicated to tech outlet Axios that GPT-5.5-Cyber's performance in discovering and exploiting software vulnerabilities is roughly on par with Anthropic's Mythos Preview.
Anthropic adopts a more conservative strategy, restricting Mythos access to approximately 40 organizations through its Project Glasswing. OpenAI, conversely, is pursuing a broader approach with its tiered system. Meanwhile, the White House is reportedly considering executive orders to enhance governmental oversight on the release of such advanced AI models.
The UK's AI Security Institute recently conducted a simulated attack series involving GPT-5.5 against a corporate network, comprising 32 steps. The model completed the full attack chain in 2 out of 10 runs, whereas Mythos achieved 3 out of 10. For individual expert-level tasks, GPT-5.5 demonstrated a slight advantage.
